Changeset 140 for branches/samba-3.0/source/nsswitch
- Timestamp:
- Jul 11, 2008, 1:13:42 AM (17 years ago)
- Location:
- branches/samba-3.0/source/nsswitch
- Files:
-
- 11 edited
-
idmap_util.c (modified) (1 diff)
-
pam_winbind.c (modified) (6 diffs)
-
winbindd.c (modified) (3 diffs)
-
winbindd_cache.c (modified) (2 diffs)
-
winbindd_cm.c (modified) (5 diffs)
-
winbindd_dual.c (modified) (6 diffs)
-
winbindd_group.c (modified) (1 diff)
-
winbindd_pam.c (modified) (4 diffs)
-
winbindd_passdb.c (modified) (10 diffs)
-
winbindd_proto.h (modified) (1 diff)
-
winbindd_util.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/nsswitch/idmap_util.c
r30 r140 159 159 160 160 if ((map.status != ID_MAPPED) || (map.xid.type != ID_TYPE_GID)) { 161 DEBUG(10, ("sid [%s] not mapped to an gid [%u,%u ,%u]\n",161 DEBUG(10, ("sid [%s] not mapped to an gid [%u,%u]\n", 162 162 sid_string_static(sid), 163 163 map.status, 164 map.xid.type, 165 map.xid.id)); 164 map.xid.type)); 166 165 return NT_STATUS_NONE_MAPPED; 167 166 } -
branches/samba-3.0/source/nsswitch/pam_winbind.c
r124 r140 1182 1182 } 1183 1183 1184 if (ctrl & WINBIND_CACHED_LOGIN) { 1185 request.flags |= WBFLAG_PAM_CACHED_LOGIN; 1186 } 1187 1184 1188 ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user); 1185 1189 … … 1908 1912 { 1909 1913 1910 /* Make sure that we only do this if 1914 /* Make sure that we only do this if 1911 1915 * a) the chauthtok got initiated during a logon attempt (authenticate->acct_mgmt->chauthtok) 1912 1916 * b) any later password change via the "passwd" command if done by the user itself 1913 */ 1914 1917 * 1918 * NB. If we login from gdm or xdm and the password expires, 1919 * we change the password, but there is no memory cache. 1920 * Thus, even for passthrough login, we should do the 1921 * authentication again to update memory cache. 1922 * --- BoYang 1923 * */ 1924 1915 1925 char *new_authtok_reqd_during_auth = NULL; 1916 1926 struct passwd *pwd = NULL; 1917 1918 if (!(ctrl & WINBIND_KRB5_AUTH)) {1919 return False;1920 }1921 1927 1922 1928 _pam_get_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH, &new_authtok_reqd_during_auth); … … 1947 1953 int ret; 1948 1954 unsigned int ctrl; 1955 bool cached_login = False; 1949 1956 1950 1957 /* <DO NOT free() THESE> */ … … 1970 1977 _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", pamh, ctrl, flags); 1971 1978 1972 /* clearing offline bit for the auth in the password change */ 1979 cached_login = (ctrl & WINBIND_CACHED_LOGIN); 1980 1981 /* clearing offline bit for auth */ 1973 1982 ctrl &= ~WINBIND_CACHED_LOGIN; 1974 1983 … … 2118 2127 &pwdlastset_update); 2119 2128 2129 /* 2130 * if cached creds were enabled, make sure to set the 2131 * WINBIND_CACHED_LOGIN bit here in order to have winbindd 2132 * update the cached creds storage - gd 2133 */ 2134 if (cached_login) { 2135 ctrl |= WINBIND_CACHED_LOGIN; 2136 } 2137 2120 2138 ret = winbind_chauthtok_request(pamh, ctrl, user, pass_old, pass_new, pwdlastset_update); 2121 2139 if (ret) { … … 2130 2148 const char *member = get_member_from_config(pamh, argc, argv, ctrl, d); 2131 2149 const char *cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d); 2150 2151 /* Keep the WINBIND_CACHED_LOGIN bit for 2152 * authentication after changing the password. 2153 * This will update the cached credentials in case 2154 * that winbindd_dual_pam_chauthtok() fails 2155 * to update them. 2156 * --- BoYang 2157 * */ 2132 2158 2133 2159 ret = winbind_auth_request(pamh, ctrl, user, pass_new, -
branches/samba-3.0/source/nsswitch/winbindd.c
r134 r140 118 118 /* Handle the signal by unlinking socket and exiting */ 119 119 120 static void terminate(void) 121 { 122 pstring path; 123 124 /* Remove socket file */ 125 pstr_sprintf(path, "%s/%s", 126 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME); 127 unlink(path); 120 static void terminate(bool in_parent) 121 { 122 if (in_parent) { 123 /* When parent goes away we should 124 * remove the socket file. Not so 125 * when children terminate. 126 */ 127 128 pstring path; 129 130 /* Remove socket file */ 131 pstr_sprintf(path, "%s/%s", 132 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME); 133 unlink(path); 134 } 128 135 129 136 idmap_close(); … … 732 739 733 740 /* check if TERM has been received */ 734 void winbind_check_sigterm( void)741 void winbind_check_sigterm(bool in_parent) 735 742 { 736 743 if (do_sigterm) 737 terminate( );744 terminate(in_parent); 738 745 } 739 746 … … 902 909 /* Check signal handling things */ 903 910 904 winbind_check_sigterm( );911 winbind_check_sigterm(true); 905 912 winbind_check_sighup(); 906 913 -
branches/samba-3.0/source/nsswitch/winbindd_cache.c
r134 r140 38 38 extern struct winbindd_methods ads_methods; 39 39 #endif 40 extern struct winbindd_methods passdb_methods;40 extern struct winbindd_methods builtin_passdb_methods; 41 41 42 42 /* … … 139 139 140 140 if (domain->internal) { 141 domain->backend = & passdb_methods;141 domain->backend = &builtin_passdb_methods; 142 142 domain->initialized = True; 143 143 } -
branches/samba-3.0/source/nsswitch/winbindd_cm.c
r134 r140 608 608 } 609 609 610 /* this is at least correct when domain is our domain,611 * which is the only case, when this is currently used: */ 610 /* For now assume our machine account only exists in our domain */ 611 612 612 if (machine_krb5_principal != NULL) 613 613 { 614 614 if (asprintf(machine_krb5_principal, "%s$@%s", 615 account_name, domain->alt_name) == -1)615 account_name, lp_realm()) == -1) 616 616 { 617 617 return NT_STATUS_NO_MEMORY; … … 730 730 (*cli)->use_kerberos = True; 731 731 DEBUG(5, ("connecting to %s from %s with kerberos principal " 732 "[%s] \n", controller, global_myname(),733 machine_krb5_principal ));732 "[%s] and realm [%s]\n", controller, global_myname(), 733 machine_krb5_principal, domain->alt_name)); 734 734 735 735 ads_status = cli_session_setup_spnego(*cli, 736 736 machine_krb5_principal, 737 737 machine_password, 738 domain->name); 738 lp_workgroup(), 739 domain->alt_name); 739 740 740 741 if (!ADS_ERR_OK(ads_status)) { … … 756 757 DEBUG(5, ("connecting to %s from %s with username " 757 758 "[%s]\\[%s]\n", controller, global_myname(), 758 domain->name, machine_account));759 lp_workgroup(), machine_account)); 759 760 760 761 ads_status = cli_session_setup_spnego(*cli, 761 762 machine_account, 762 763 machine_password, 763 domain->name); 764 lp_workgroup(), 765 NULL); 764 766 if (!ADS_ERR_OK(ads_status)) { 765 767 DEBUG(4, ("authenticated session setup failed with %s\n", … … 1249 1251 int i, fd_index; 1250 1252 1253 *fd = -1; 1254 1251 1255 again: 1252 1256 if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0)) … … 1309 1313 winbind_add_failed_connection_entry(domain, dcs[fd_index].name, 1310 1314 NT_STATUS_UNSUCCESSFUL); 1315 1316 /* Throw away all arrays as we're doing this again. */ 1317 TALLOC_FREE(dcs); 1318 num_dcs = 0; 1319 1320 TALLOC_FREE(dcnames); 1321 num_dcnames = 0; 1322 1323 TALLOC_FREE(addrs); 1324 num_addrs = 0; 1325 1326 *fd = -1; 1327 1311 1328 goto again; 1312 1329 } -
branches/samba-3.0/source/nsswitch/winbindd_dual.c
r134 r140 36 36 37 37 extern BOOL override_logfile; 38 extern struct winbindd_methods cache_methods;39 38 40 39 /* Read some data from a client connection */ … … 888 887 struct winbindd_cli_state state; 889 888 struct winbindd_domain *domain; 889 struct winbindd_domain *primary_domain = NULL; 890 890 891 891 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) { … … 967 967 968 968 /* Ensure we have no pending check_online events other 969 than one for this domain . */969 than one for this domain or the primary domain. */ 970 970 971 971 for (domain = domain_list(); domain; domain = domain->next) { 972 if (domain != child->domain) { 972 if (domain->primary) { 973 primary_domain = domain; 974 } 975 if ((domain != child->domain) && !domain->primary) { 973 976 TALLOC_FREE(domain->check_online_event); 974 977 } … … 986 989 987 990 set_domain_online_request(child->domain); 991 992 if (primary_domain != child->domain) { 993 /* We need to talk to the primary 994 * domain as well as the trusted 995 * domain inside a trusted domain 996 * child. 997 * See the code in : 998 * winbindd_dual_pam_auth_samlogon() 999 * especially the calling of 1000 * contact_domain = find_our_domain() 1001 * in the non-DC case for details. 1002 */ 1003 set_domain_online_request(primary_domain); 1004 } 988 1005 989 1006 child->lockout_policy_event = event_add_timed( … … 994 1011 } 995 1012 996 /* Special case for Winbindd on a Samba DC,997 * We want to make sure the child can connect to smbd998 * but not the main daemon */999 1000 if (child->domain && child->domain->internal && IS_DC) {1001 child->domain->methods = &cache_methods;1002 child->domain->online = False;1003 }1004 1005 1013 while (1) { 1006 1014 … … 1016 1024 1017 1025 /* check for signals */ 1018 winbind_check_sigterm( );1026 winbind_check_sigterm(false); 1019 1027 winbind_check_sighup(); 1020 1028 -
branches/samba-3.0/source/nsswitch/winbindd_group.c
r39 r140 1399 1399 s->state->response.data.num_entries = s->num_token_gids; 1400 1400 /* s->token_gids are talloced */ 1401 s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t)); 1402 s->state->response.length += s->num_token_gids * sizeof(gid_t); 1401 if (s->num_token_gids != 0) { 1402 s->state->response.extra_data.data = smb_xmemdup( 1403 s->token_gids, s->num_token_gids * sizeof(gid_t)); 1404 s->state->response.length += s->num_token_gids * sizeof(gid_t); 1405 } 1403 1406 request_ok(s->state); 1404 1407 } -
branches/samba-3.0/source/nsswitch/winbindd_pam.c
r124 r140 1380 1380 NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { 1381 1381 DEBUG(10,("winbindd_dual_pam_auth_kerberos setting domain to offline\n")); 1382 domain->online = False; 1382 /* Use set_domain_offline() instead of 1383 * just set status offline, otherwise, 1384 * domain will never goes online again 1385 * --- BoYang */ 1386 set_domain_offline(domain); 1383 1387 } 1384 1388 … … 2045 2049 2046 2050 if (NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN)) { 2047 2051 2048 2052 /* Update the single sign-on memory creds. */ 2049 2053 result = winbindd_replace_memory_creds(state->request.data.chauthtok.user, 2050 2054 newpass); 2055 2056 /* When we login from gdm or xdm and password expires, 2057 * we change the password, but there are no memory crendentials. 2058 * So, winbindd_replace_memory_creds() returns 2059 * NT_STATUS_OBJECT_NAME_NOT_FOUND. This is not a failure. 2060 * --- BoYang 2061 * */ 2062 if (NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { 2063 result = NT_STATUS_OK; 2064 } 2051 2065 2052 2066 if (!NT_STATUS_IS_OK(result)) { … … 2059 2073 state->mem_ctx, user, 2060 2074 newpass); 2075 /* Again, this happens when we login from gdm or xdm 2076 * and the password expires, *BUT* cached crendentials 2077 * don't exist. winbindd_update_creds_by_name() 2078 * returns NT_STATUS_NO_SUCH_USER. 2079 * This is not a failure. 2080 * --- BoYang 2081 * */ 2082 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER)) { 2083 result = NT_STATUS_OK; 2084 } 2061 2085 if (!NT_STATUS_IS_OK(result)) { 2062 2086 DEBUG(10,("Failed to store creds: %s\n", nt_errstr(result))); … … 2064 2088 } 2065 2089 } 2066 } 2090 } 2067 2091 2068 2092 if (!NT_STATUS_IS_OK(result) && !got_info && contact_domain) { -
branches/samba-3.0/source/nsswitch/winbindd_passdb.c
r39 r140 7 7 Copyright (C) Simo Sorce 2003 8 8 Copyright (C) Volker Lendecke 2004 9 Copyright (C) Jeremy Allison 2008 9 10 10 11 This program is free software; you can redistribute it and/or modify … … 29 30 #define DBGC_CLASS DBGC_WINBIND 30 31 31 /* Query display info for a domain. This returns enough information plus a 32 bit extra to give an overview of domain users for the User Manager 33 application. */ 34 static NTSTATUS query_user_list(struct winbindd_domain *domain, 35 TALLOC_CTX *mem_ctx, 36 uint32 *num_entries, 37 WINBIND_USERINFO **info) 38 { 39 /* We don't have users */ 40 *num_entries = 0; 41 *info = NULL; 42 return NT_STATUS_OK; 43 } 44 45 /* list all domain groups */ 46 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, 32 static NTSTATUS enum_groups_internal(struct winbindd_domain *domain, 47 33 TALLOC_CTX *mem_ctx, 48 34 uint32 *num_entries, 49 struct acct_info **info) 50 { 51 /* We don't have domain groups */ 52 *num_entries = 0; 53 *info = NULL; 54 return NT_STATUS_OK; 55 } 56 57 /* List all domain groups */ 58 59 static NTSTATUS enum_local_groups(struct winbindd_domain *domain, 60 TALLOC_CTX *mem_ctx, 61 uint32 *num_entries, 62 struct acct_info **info) 35 struct acct_info **info, 36 enum lsa_SidType sidtype) 63 37 { 64 38 struct pdb_search *search; 65 struct samr_displayentry * aliases;39 struct samr_displayentry *entries; 66 40 int i; 67 41 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 68 42 69 search = pdb_search_aliases(&domain->sid); 43 if (sidtype == SID_NAME_ALIAS) { 44 search = pdb_search_aliases(&domain->sid); 45 } else { 46 search = pdb_search_groups(); 47 } 48 70 49 if (search == NULL) goto done; 71 50 72 *num_entries = pdb_search_entries(search, 0, 0xffffffff, &aliases); 73 if (*num_entries == 0) goto done; 51 *num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries); 52 if (*num_entries == 0) { 53 /* Zero entries isn't an error */ 54 result = NT_STATUS_OK; 55 goto done; 56 } 74 57 75 58 *info = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries); … … 80 63 81 64 for (i=0; i<*num_entries; i++) { 82 fstrcpy((*info)[i].acct_name, aliases[i].account_name);83 fstrcpy((*info)[i].acct_desc, aliases[i].description);84 (*info)[i].rid = aliases[i].rid;65 fstrcpy((*info)[i].acct_name, entries[i].account_name); 66 fstrcpy((*info)[i].acct_desc, entries[i].description); 67 (*info)[i].rid = entries[i].rid; 85 68 } 86 69 … … 89 72 pdb_search_destroy(search); 90 73 return result; 74 } 75 76 /* List all local groups (aliases) */ 77 static NTSTATUS enum_local_groups(struct winbindd_domain *domain, 78 TALLOC_CTX *mem_ctx, 79 uint32 *num_entries, 80 struct acct_info **info) 81 { 82 return enum_groups_internal(domain, 83 mem_ctx, 84 num_entries, 85 info, 86 SID_NAME_ALIAS); 91 87 } 92 88 … … 144 140 static NTSTATUS rids_to_names(struct winbindd_domain *domain, 145 141 TALLOC_CTX *mem_ctx, 146 const DOM_SID * sid,142 const DOM_SID *domain_sid, 147 143 uint32 *rids, 148 144 size_t num_rids, … … 151 147 enum lsa_SidType **types) 152 148 { 153 return NT_STATUS_UNSUCCESSFUL; 154 } 155 156 /* Lookup user information from a rid or username. */ 157 static NTSTATUS query_user(struct winbindd_domain *domain, 158 TALLOC_CTX *mem_ctx, 159 const DOM_SID *user_sid, 160 WINBIND_USERINFO *user_info) 161 { 162 return NT_STATUS_NO_SUCH_USER; 149 size_t i; 150 bool have_mapped; 151 bool have_unmapped; 152 153 *domain_name = NULL; 154 *names = NULL; 155 *types = NULL; 156 157 if (!num_rids) { 158 return NT_STATUS_OK; 159 } 160 161 *names = TALLOC_ARRAY(mem_ctx, char *, num_rids); 162 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); 163 164 if ((*names == NULL) || (*types == NULL)) { 165 return NT_STATUS_NO_MEMORY; 166 } 167 168 have_mapped = have_unmapped = false; 169 170 for (i=0; i<num_rids; i++) { 171 DOM_SID sid; 172 const char *dom = NULL, *nam = NULL; 173 enum lsa_SidType type = SID_NAME_UNKNOWN; 174 175 if (!sid_compose(&sid, domain_sid, rids[i])) { 176 return NT_STATUS_INTERNAL_ERROR; 177 } 178 179 if (!lookup_sid(mem_ctx, &sid, &dom, &nam, &type)) { 180 have_unmapped = true; 181 (*types)[i] = SID_NAME_UNKNOWN; 182 (*names)[i] = talloc_strdup(mem_ctx, ""); 183 } else { 184 have_mapped = true; 185 (*types)[i] = type; 186 (*names)[i] = CONST_DISCARD(char *, nam); 187 } 188 189 if (domain_name == NULL) { 190 *domain_name = CONST_DISCARD(char *, dom); 191 } else { 192 char *dname = CONST_DISCARD(char *, dom); 193 TALLOC_FREE(dname); 194 } 195 } 196 197 if (!have_mapped) { 198 return NT_STATUS_NONE_MAPPED; 199 } 200 if (!have_unmapped) { 201 return NT_STATUS_OK; 202 } 203 return STATUS_SOME_UNMAPPED; 163 204 } 164 205 … … 179 220 } 180 221 181 if ( !pdb_getsampwsid(user, user_sid ) ) {222 if (!pdb_getsampwsid(user, user_sid ) ) { 182 223 return NT_STATUS_NO_SUCH_USER; 183 224 } … … 208 249 } 209 250 210 /* Lookup group membership given a rid. */ 211 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, 251 /* find the sequence number for a domain */ 252 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) 253 { 254 BOOL result; 255 time_t seq_num; 256 257 result = pdb_get_seq_num(&seq_num); 258 if (!result) { 259 *seq = 1; 260 } 261 262 *seq = (int) seq_num; 263 /* *seq = 1; */ 264 return NT_STATUS_OK; 265 } 266 267 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 268 TALLOC_CTX *mem_ctx, 269 SAM_UNK_INFO_12 *policy) 270 { 271 /* actually we have that */ 272 return NT_STATUS_NOT_IMPLEMENTED; 273 } 274 275 static NTSTATUS password_policy(struct winbindd_domain *domain, 276 TALLOC_CTX *mem_ctx, 277 SAM_UNK_INFO_1 *policy) 278 { 279 uint32 min_pass_len,pass_hist,password_properties; 280 time_t u_expire, u_min_age; 281 NTTIME nt_expire, nt_min_age; 282 uint32 account_policy_temp; 283 284 if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { 285 return NT_STATUS_NO_MEMORY; 286 } 287 288 if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { 289 return NT_STATUS_ACCESS_DENIED; 290 } 291 min_pass_len = account_policy_temp; 292 293 if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { 294 return NT_STATUS_ACCESS_DENIED; 295 } 296 pass_hist = account_policy_temp; 297 298 if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { 299 return NT_STATUS_ACCESS_DENIED; 300 } 301 password_properties = account_policy_temp; 302 303 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { 304 return NT_STATUS_ACCESS_DENIED; 305 } 306 u_expire = account_policy_temp; 307 308 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { 309 return NT_STATUS_ACCESS_DENIED; 310 } 311 u_min_age = account_policy_temp; 312 313 unix_to_nt_time_abs(&nt_expire, u_expire); 314 unix_to_nt_time_abs(&nt_min_age, u_min_age); 315 316 init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 317 password_properties, nt_expire, nt_min_age); 318 319 return NT_STATUS_OK; 320 } 321 322 /********************************************************************* 323 BUILTIN specific functions. 324 *********************************************************************/ 325 326 /* list all domain groups */ 327 static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain, 328 TALLOC_CTX *mem_ctx, 329 uint32 *num_entries, 330 struct acct_info **info) 331 { 332 /* BUILTIN doesn't have domain groups */ 333 *num_entries = 0; 334 *info = NULL; 335 return NT_STATUS_OK; 336 } 337 338 /* Query display info for a domain. This returns enough information plus a 339 bit extra to give an overview of domain users for the User Manager 340 application. */ 341 static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain, 342 TALLOC_CTX *mem_ctx, 343 uint32 *num_entries, 344 WINBIND_USERINFO **info) 345 { 346 /* We don't have users */ 347 *num_entries = 0; 348 *info = NULL; 349 return NT_STATUS_OK; 350 } 351 352 /* Lookup user information from a rid or username. */ 353 static NTSTATUS builtin_query_user(struct winbindd_domain *domain, 354 TALLOC_CTX *mem_ctx, 355 const DOM_SID *user_sid, 356 WINBIND_USERINFO *user_info) 357 { 358 return NT_STATUS_NO_SUCH_USER; 359 } 360 361 static NTSTATUS builtin_lookup_groupmem(struct winbindd_domain *domain, 212 362 TALLOC_CTX *mem_ctx, 213 363 const DOM_SID *group_sid, uint32 *num_names, 214 364 DOM_SID **sid_mem, char ***names, 365 uint32 **name_types) 366 { 367 *num_names = 0; 368 *sid_mem = NULL; 369 *names = NULL; 370 *name_types = 0; 371 return NT_STATUS_NO_SUCH_GROUP; 372 } 373 374 /* get a list of trusted domains - builtin domain */ 375 static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain, 376 TALLOC_CTX *mem_ctx, 377 uint32 *num_domains, 378 char ***names, 379 char ***alt_names, 380 DOM_SID **dom_sids) 381 { 382 *num_domains = 0; 383 *names = NULL; 384 *alt_names = NULL; 385 *dom_sids = NULL; 386 return NT_STATUS_OK; 387 } 388 389 /********************************************************************* 390 SAM specific functions. 391 *********************************************************************/ 392 393 /* list all domain groups */ 394 static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain, 395 TALLOC_CTX *mem_ctx, 396 uint32 *num_entries, 397 struct acct_info **info) 398 { 399 return enum_groups_internal(domain, 400 mem_ctx, 401 num_entries, 402 info, 403 SID_NAME_DOM_GRP); 404 } 405 406 static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, 407 TALLOC_CTX *mem_ctx, 408 uint32 *num_entries, 409 WINBIND_USERINFO **info) 410 { 411 struct pdb_search *ps = pdb_search_users(ACB_NORMAL); 412 struct samr_displayentry *entries = NULL; 413 uint32 i; 414 415 *num_entries = 0; 416 *info = NULL; 417 418 if (!ps) { 419 return NT_STATUS_NO_MEMORY; 420 } 421 422 *num_entries = pdb_search_entries(ps, 423 1, 0xffffffff, 424 &entries); 425 426 *info = TALLOC_ZERO_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries); 427 if (!(*info)) { 428 pdb_search_destroy(ps); 429 return NT_STATUS_NO_MEMORY; 430 } 431 432 for (i = 0; i < *num_entries; i++) { 433 struct samr_displayentry *e = &entries[i]; 434 435 (*info)[i].acct_name = talloc_strdup(mem_ctx, e->account_name ); 436 (*info)[i].full_name = talloc_strdup(mem_ctx, e->fullname ); 437 (*info)[i].homedir = NULL; 438 (*info)[i].shell = NULL; 439 sid_compose(&(*info)[i].user_sid, &domain->sid, e->rid); 440 441 /* For the moment we set the primary group for 442 every user to be the Domain Users group. 443 There are serious problems with determining 444 the actual primary group for large domains. 445 This should really be made into a 'winbind 446 force group' smb.conf parameter or 447 something like that. */ 448 449 sid_compose(&(*info)[i].group_sid, &domain->sid, 450 DOMAIN_GROUP_RID_USERS); 451 } 452 453 pdb_search_destroy(ps); 454 return NT_STATUS_OK; 455 } 456 457 /* Lookup user information from a rid or username. */ 458 static NTSTATUS sam_query_user(struct winbindd_domain *domain, 459 TALLOC_CTX *mem_ctx, 460 const DOM_SID *user_sid, 461 WINBIND_USERINFO *user_info) 462 { 463 struct samu *sampass = NULL; 464 fstring sidstr; 465 466 ZERO_STRUCTP(user_info); 467 468 if (!sid_check_is_in_our_domain(user_sid)) { 469 return NT_STATUS_NO_SUCH_USER; 470 } 471 472 sid_to_string(sidstr, user_sid); 473 DEBUG(10,("sam_query_user: getting samu info for sid %s\n", 474 sidstr )); 475 476 if (!(sampass = samu_new(mem_ctx))) { 477 return NT_STATUS_NO_MEMORY; 478 } 479 480 if (!pdb_getsampwsid(sampass, user_sid)) { 481 TALLOC_FREE(sampass); 482 return NT_STATUS_NO_SUCH_USER; 483 } 484 485 if (pdb_get_group_sid(sampass) == NULL) { 486 TALLOC_FREE(sampass); 487 return NT_STATUS_NO_SUCH_GROUP; 488 } 489 490 sid_to_string(sidstr, sampass->group_sid); 491 DEBUG(10,("sam_query_user: group sid %s\n", sidstr )); 492 493 sid_copy(&user_info->user_sid, user_sid); 494 sid_copy(&user_info->group_sid, sampass->group_sid); 495 496 user_info->acct_name = talloc_strdup(mem_ctx, sampass->username ? 497 sampass->username : ""); 498 user_info->full_name = talloc_strdup(mem_ctx, sampass->full_name ? 499 sampass->full_name : ""); 500 user_info->homedir = talloc_strdup(mem_ctx, sampass->home_dir ? 501 sampass->home_dir : ""); 502 if (sampass->unix_pw && sampass->unix_pw->pw_shell) { 503 user_info->shell = talloc_strdup(mem_ctx, sampass->unix_pw->pw_shell); 504 } else { 505 user_info->shell = talloc_strdup(mem_ctx, ""); 506 } 507 user_info->primary_gid = sampass->unix_pw ? sampass->unix_pw->pw_gid : (gid_t)-1; 508 509 TALLOC_FREE(sampass); 510 return NT_STATUS_OK; 511 } 512 513 /* Lookup group membership given a rid. */ 514 static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, 515 TALLOC_CTX *mem_ctx, 516 const DOM_SID *group_sid, uint32 *num_names, 517 DOM_SID **sid_mem, char ***names, 215 518 uint32 **name_types) 216 519 { … … 304 607 } 305 608 306 /* find the sequence number for a domain */ 307 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) 308 { 309 BOOL result; 310 time_t seq_num; 311 312 result = pdb_get_seq_num(&seq_num); 313 if (!result) { 314 *seq = 1; 315 } 316 317 *seq = (int) seq_num; 318 /* *seq = 1; */ 319 return NT_STATUS_OK; 320 } 321 322 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 323 TALLOC_CTX *mem_ctx, 324 SAM_UNK_INFO_12 *policy) 325 { 326 /* actually we have that */ 327 return NT_STATUS_NOT_IMPLEMENTED; 328 } 329 330 static NTSTATUS password_policy(struct winbindd_domain *domain, 331 TALLOC_CTX *mem_ctx, 332 SAM_UNK_INFO_1 *policy) 333 { 334 uint32 min_pass_len,pass_hist,password_properties; 335 time_t u_expire, u_min_age; 336 NTTIME nt_expire, nt_min_age; 337 uint32 account_policy_temp; 338 339 if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { 340 return NT_STATUS_NO_MEMORY; 341 } 342 343 if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { 344 return NT_STATUS_ACCESS_DENIED; 345 } 346 min_pass_len = account_policy_temp; 347 348 if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { 349 return NT_STATUS_ACCESS_DENIED; 350 } 351 pass_hist = account_policy_temp; 352 353 if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { 354 return NT_STATUS_ACCESS_DENIED; 355 } 356 password_properties = account_policy_temp; 357 358 if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { 359 return NT_STATUS_ACCESS_DENIED; 360 } 361 u_expire = account_policy_temp; 362 363 if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { 364 return NT_STATUS_ACCESS_DENIED; 365 } 366 u_min_age = account_policy_temp; 367 368 unix_to_nt_time_abs(&nt_expire, u_expire); 369 unix_to_nt_time_abs(&nt_min_age, u_min_age); 370 371 init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 372 password_properties, nt_expire, nt_min_age); 373 374 return NT_STATUS_OK; 375 } 376 377 /* get a list of trusted domains */ 378 static NTSTATUS trusted_domains(struct winbindd_domain *domain, 609 /* get a list of trusted domains - sam */ 610 static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, 379 611 TALLOC_CTX *mem_ctx, 380 612 uint32 *num_domains, … … 434 666 435 667 /* the rpc backend methods are exposed via this structure */ 436 struct winbindd_methods passdb_methods = {437 False,438 query_user_list,439 enum_dom_groups,668 struct winbindd_methods builtin_passdb_methods = { 669 false, 670 builtin_query_user_list, 671 builtin_enum_dom_groups, 440 672 enum_local_groups, 441 673 name_to_sid, 442 674 sid_to_name, 443 675 rids_to_names, 444 query_user,676 builtin_query_user, 445 677 lookup_usergroups, 446 678 lookup_useraliases, 447 lookup_groupmem,679 builtin_lookup_groupmem, 448 680 sequence_number, 449 681 lockout_policy, 450 682 password_policy, 451 trusted_domains,683 builtin_trusted_domains, 452 684 }; 685 686 /* the rpc backend methods are exposed via this structure */ 687 struct winbindd_methods sam_passdb_methods = { 688 false, 689 sam_query_user_list, 690 sam_enum_dom_groups, 691 enum_local_groups, 692 name_to_sid, 693 sid_to_name, 694 rids_to_names, 695 sam_query_user, 696 lookup_usergroups, 697 lookup_useraliases, 698 sam_lookup_groupmem, 699 sequence_number, 700 lockout_policy, 701 password_policy, 702 sam_trusted_domains, 703 }; -
branches/samba-3.0/source/nsswitch/winbindd_proto.h
r134 r140 20 20 void request_finished_cont(void *private_data, BOOL success); 21 21 void winbind_check_sighup(void); 22 void winbind_check_sigterm( void);22 void winbind_check_sigterm(bool in_parent); 23 23 int main(int argc, char **argv, char **envp); 24 24 -
branches/samba-3.0/source/nsswitch/winbindd_util.c
r124 r140 29 29 30 30 extern struct winbindd_methods cache_methods; 31 extern struct winbindd_methods passdb_methods; 31 extern struct winbindd_methods builtin_passdb_methods; 32 extern struct winbindd_methods sam_passdb_methods; 32 33 33 34 /** … … 84 85 return False; 85 86 87 if ( IS_DC ) 88 return sid_check_is_builtin(sid); 89 86 90 return (sid_check_is_domain(sid) || sid_check_is_builtin(sid)); 87 91 } … … 91 95 if (sid == NULL) 92 96 return False; 97 98 if ( IS_DC ) 99 return sid_check_is_in_builtin(sid); 93 100 94 101 return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid)); … … 141 148 ZERO_STRUCTP(domain); 142 149 143 /* prioritise the short name */ 144 if (strchr_m(domain_name, '.') && alternative_name && *alternative_name) { 145 fstrcpy(domain->name, alternative_name); 146 fstrcpy(domain->alt_name, domain_name); 147 } else { 148 fstrcpy(domain->name, domain_name); 149 if (alternative_name) { 150 fstrcpy(domain->alt_name, alternative_name); 151 } 150 fstrcpy(domain->name, domain_name); 151 if (alternative_name) { 152 fstrcpy(domain->alt_name, alternative_name); 152 153 } 153 154 … … 524 525 525 526 domain = add_trusted_domain(get_global_sam_name(), NULL, 526 & passdb_methods, get_global_sam_sid());527 &sam_passdb_methods, get_global_sam_sid()); 527 528 if ( role != ROLE_DOMAIN_MEMBER ) { 528 529 domain->primary = True; … … 532 533 /* BUILTIN domain */ 533 534 534 domain = add_trusted_domain("BUILTIN", NULL, & passdb_methods,535 domain = add_trusted_domain("BUILTIN", NULL, &builtin_passdb_methods, 535 536 &global_sid_Builtin); 536 537 setup_domain_child(domain, &domain->child, NULL);
Note:
See TracChangeset
for help on using the changeset viewer.
