Changeset 204 for branches/samba-3.2.x/source/winbindd
- Timestamp:
- May 20, 2009, 6:46:53 PM (16 years ago)
- Location:
- branches/samba-3.2.x/source/winbindd
- Files:
-
- 10 edited
-
idmap.c (modified) (9 diffs)
-
idmap_ad.c (modified) (2 diffs)
-
winbindd.c (modified) (2 diffs)
-
winbindd_ads.c (modified) (2 diffs)
-
winbindd_cache.c (modified) (2 diffs)
-
winbindd_cm.c (modified) (11 diffs)
-
winbindd_group.c (modified) (1 diff)
-
winbindd_pam.c (modified) (2 diffs)
-
winbindd_proto.h (modified) (1 diff)
-
winbindd_util.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/winbindd/idmap.c
r141 r204 76 76 } } while(0) 77 77 78 static struct idmap_methods *get_methods(struct idmap_backend *be, 79 const char *name) 78 static struct idmap_methods *get_methods(const char *name) 80 79 { 81 80 struct idmap_backend *b; 82 81 83 for (b = b e; b; b = b->next) {82 for (b = backends; b; b = b->next) { 84 83 if (strequal(b->name, name)) { 85 84 return b->methods; … … 90 89 } 91 90 92 static struct idmap_alloc_methods *get_alloc_methods( 93 struct idmap_alloc_backend *be, 94 const char *name) 91 static struct idmap_alloc_methods *get_alloc_methods(const char *name) 95 92 { 96 93 struct idmap_alloc_backend *b; 97 94 98 for (b = be; b; b = b->next) {95 for (b = alloc_backends; b; b = b->next) { 99 96 if (strequal(b->name, name)) { 100 97 return b->methods; … … 141 138 } 142 139 143 test = get_methods( backends,name);140 test = get_methods(name); 144 141 if (test) { 145 142 DEBUG(0,("Idmap module %s already registered!\n", name)); … … 194 191 } 195 192 196 test = get_alloc_methods( alloc_backends,name);193 test = get_alloc_methods(name); 197 194 if (test) { 198 195 DEBUG(0,("idmap_alloc module %s already registered!\n", name)); … … 455 452 456 453 /* get the backend methods for this domain */ 457 dom->methods = get_methods( backends,parm_backend);454 dom->methods = get_methods(parm_backend); 458 455 459 456 if ( ! dom->methods) { 460 457 ret = smb_probe_module("idmap", parm_backend); 461 458 if (NT_STATUS_IS_OK(ret)) { 462 dom->methods = get_methods(backends, 463 parm_backend); 459 dom->methods = get_methods(parm_backend); 464 460 } 465 461 } … … 542 538 543 539 /* get the backend methods for this domain */ 544 dom->methods = get_methods(backends, compat_backend); 545 540 dom->methods = get_methods(compat_backend); 546 541 if ( ! dom->methods) { 547 542 ret = smb_probe_module("idmap", compat_backend); 548 543 if (NT_STATUS_IS_OK(ret)) { 549 dom->methods = get_methods(backends, 550 compat_backend); 544 dom->methods = get_methods(compat_backend); 551 545 } 552 546 } … … 607 601 dom->readonly = True; 608 602 609 /* get the backend methods for passdb*/610 dom->methods = get_methods( backends,"nss");603 /* get the backend methods for nss */ 604 dom->methods = get_methods("nss"); 611 605 612 606 /* (the nss module is always statically linked) */ … … 664 658 665 659 /* get the backend methods for passdb */ 666 dom->methods = get_methods( backends,"passdb");660 dom->methods = get_methods("passdb"); 667 661 668 662 /* (the passdb module is always statically linked) */ … … 756 750 IDMAP_CHECK_ALLOC(idmap_alloc_ctx); 757 751 758 idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, 759 alloc_backend); 752 idmap_alloc_ctx->methods = get_alloc_methods(alloc_backend); 760 753 if ( ! idmap_alloc_ctx->methods) { 761 754 ret = smb_probe_module("idmap", alloc_backend); 762 755 if (NT_STATUS_IS_OK(ret)) { 763 756 idmap_alloc_ctx->methods = 764 get_alloc_methods(alloc_backends, 765 alloc_backend); 757 get_alloc_methods(alloc_backend); 766 758 } 767 759 } -
branches/samba-3.2.x/source/winbindd/idmap_ad.c
r133 r204 749 749 { 750 750 ADS_STRUCT *ads_internal = NULL; 751 const char *attrs[] = {NULL, /* attr_homedir */ 752 NULL, /* attr_shell */ 753 NULL, /* attr_gecos */ 754 NULL, /* attr_gidnumber */ 755 NULL }; 756 char *filter = NULL; 757 LDAPMessage *msg_internal = NULL; 758 ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); 759 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; 760 char *sidstr = NULL; 751 761 752 762 /* Only do query if we are online */ … … 760 770 ads_internal = ad_idmap_cached_connection(); 761 771 762 if ( !ads_internal || !ad_schema ) 772 if ( !ads_internal || !ad_schema ) { 763 773 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 764 765 if ( !homedir || !shell || !gecos ) 774 } 775 776 if (!sid || !homedir || !shell || !gecos) { 766 777 return NT_STATUS_INVALID_PARAMETER; 767 768 *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); 769 *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); 770 *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); 771 772 if ( gid ) { 773 if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) 774 *gid = (uint32)-1; 775 } 776 777 return NT_STATUS_OK; 778 } 779 780 /* See if we can use the ADS connection struct swe were given */ 781 782 if (ads) { 783 *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); 784 *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); 785 *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); 786 787 if (gid) { 788 if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) 789 *gid = (uint32)-1; 790 } 791 792 nt_status = NT_STATUS_OK; 793 goto done; 794 } 795 796 /* Have to do our own query */ 797 798 attrs[0] = ad_schema->posix_homedir_attr; 799 attrs[1] = ad_schema->posix_shell_attr; 800 attrs[2] = ad_schema->posix_gecos_attr; 801 attrs[3] = ad_schema->posix_gidnumber_attr; 802 803 sidstr = sid_binstring(sid); 804 filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); 805 SAFE_FREE(sidstr); 806 807 if (!filter) { 808 nt_status = NT_STATUS_NO_MEMORY; 809 goto done; 810 } 811 812 ads_status = ads_search_retry(ads_internal, &msg_internal, filter, attrs); 813 if (!ADS_ERR_OK(ads_status)) { 814 nt_status = ads_ntstatus(ads_status); 815 goto done; 816 } 817 818 *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); 819 *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); 820 *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); 821 822 if (gid) { 823 if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) 824 *gid = (uint32)-1; 825 } 826 827 nt_status = NT_STATUS_OK; 828 829 done: 830 if (msg_internal) { 831 ads_msgfree(ads_internal, msg_internal); 832 } 833 834 return nt_status; 778 835 } 779 836 -
branches/samba-3.2.x/source/winbindd/winbindd.c
r141 r204 554 554 } 555 555 556 SAFE_FREE(state->request.extra_data.data);557 556 SAFE_FREE(state->response.extra_data.data); 558 557 … … 589 588 static void request_finished(struct winbindd_cli_state *state) 590 589 { 590 /* Make sure request.extra_data is freed when finish processing a request */ 591 SAFE_FREE(state->request.extra_data.data); 591 592 setup_async_write(&state->fd_event, &state->response, 592 593 sizeof(state->response), response_main_sent, state); -
branches/samba-3.2.x/source/winbindd/winbindd_ads.c
r141 r204 1226 1226 struct winbindd_domain d; 1227 1227 1228 ZERO_STRUCT(d); 1229 1228 1230 /* drop external trusts if this is not our primary 1229 1231 domain. This means that the returned number of … … 1255 1257 sid_copy( &d.sid, trusts.array[i].sid); 1256 1258 } else { 1257 sid_copy(& (*dom_sids)[ret_count], &global_sid_NULL);1259 sid_copy(&d.sid, &global_sid_NULL); 1258 1260 } 1259 1261 -
branches/samba-3.2.x/source/winbindd/winbindd_cache.c
r141 r204 2266 2266 struct netr_SamInfo3 *info3) 2267 2267 { 2268 DOM_SID sid; 2269 fstring key_str, sid_string; 2268 2270 struct winbind_cache *cache; 2269 2271 … … 2279 2281 2280 2282 cache = get_cache(domain); 2281 netsamlogon_clear_cached_user(cache->tdb, info3); 2283 2284 if (!cache->tdb) { 2285 return; 2286 } 2287 2288 sid_copy(&sid, info3->base.domain_sid); 2289 sid_append_rid(&sid, info3->base.rid); 2290 2291 /* Clear U/SID cache entry */ 2292 fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid)); 2293 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); 2294 tdb_delete(cache->tdb, string_tdb_data(key_str)); 2295 2296 /* Clear UG/SID cache entry */ 2297 fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid)); 2298 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); 2299 tdb_delete(cache->tdb, string_tdb_data(key_str)); 2300 2301 /* Samba/winbindd never needs this. */ 2302 netsamlogon_clear_cached_user(info3); 2282 2303 } 2283 2304 -
branches/samba-3.2.x/source/winbindd/winbindd_cm.c
r149 r204 847 847 if (NT_STATUS_IS_OK(result)) { 848 848 /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ 849 cli_init_creds(*cli, machine_account, domain->name, machine_password);849 cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); 850 850 goto session_setup_done; 851 851 } … … 872 872 if (NT_STATUS_IS_OK(result)) { 873 873 /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ 874 cli_init_creds(*cli, machine_account, domain->name, machine_password);874 cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); 875 875 goto session_setup_done; 876 876 } … … 909 909 910 910 /* Fall back to anonymous connection, this might fail later */ 911 DEBUG(10,("cm_prepare_connection: falling back to anonymous " 912 "connection for DC %s\n", 913 controller )); 911 914 912 915 if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0, … … 979 982 } 980 983 984 /******************************************************************* 985 Add a dcname and sockaddr_storage pair to the end of a dc_name_ip 986 array. 987 988 Keeps the list unique by not adding duplicate entries. 989 990 @param[in] mem_ctx talloc memory context to allocate from 991 @param[in] domain_name domain of the DC 992 @param[in] dcname name of the DC to add to the list 993 @param[in] pss Internet address and port pair to add to the list 994 @param[in,out] dcs array of dc_name_ip structures to add to 995 @param[in,out] num_dcs number of dcs returned in the dcs array 996 @return true if the list was added to, false otherwise 997 *******************************************************************/ 998 981 999 static bool add_one_dc_unique(TALLOC_CTX *mem_ctx, const char *domain_name, 982 1000 const char *dcname, struct sockaddr_storage *pss, 983 1001 struct dc_name_ip **dcs, int *num) 984 1002 { 1003 int i = 0; 1004 985 1005 if (!NT_STATUS_IS_OK(check_negative_conn_cache(domain_name, dcname))) { 986 1006 DEBUG(10, ("DC %s was in the negative conn cache\n", dcname)); 987 1007 return False; 988 1008 } 1009 1010 /* Make sure there's no duplicates in the list */ 1011 for (i=0; i<*num; i++) 1012 if (addr_equal(&(*dcs)[i].ss, pss)) 1013 return False; 989 1014 990 1015 *dcs = TALLOC_REALLOC_ARRAY(mem_ctx, *dcs, struct dc_name_ip, (*num)+1); … … 1118 1143 1119 1144 /******************************************************************* 1120 Retreive a list of IP address for domain controllers. Fill in 1121 the dcs[] with results. 1145 Retrieve a list of IP addresses for domain controllers. 1146 1147 The array is sorted in the preferred connection order. 1148 1149 @param[in] mem_ctx talloc memory context to allocate from 1150 @param[in] domain domain to retrieve DCs for 1151 @param[out] dcs array of dcs that will be returned 1152 @param[out] num_dcs number of dcs returned in the dcs array 1153 @return always true 1122 1154 *******************************************************************/ 1123 1155 … … 1135 1167 is_our_domain = strequal(domain->name, lp_workgroup()); 1136 1168 1169 /* If not our domain, get the preferred DC, by asking our primary DC */ 1137 1170 if ( !is_our_domain 1138 1171 && get_dc_name_via_netlogon(domain, dcname, &ss) 1139 && add_one_dc_unique(mem_ctx, domain->name, dcname, &ss, dcs, num_dcs) ) 1172 && add_one_dc_unique(mem_ctx, domain->name, dcname, &ss, dcs, 1173 num_dcs) ) 1140 1174 { 1141 1175 char addr[INET6_ADDRSTRLEN]; … … 1164 1198 1165 1199 /* Do the site-specific AD dns lookup first. */ 1166 get_sorted_dc_list(domain->alt_name, sitename, &ip_list, &iplist_size, True); 1167 1200 get_sorted_dc_list(domain->alt_name, sitename, &ip_list, 1201 &iplist_size, True); 1202 1203 /* Add ips to the DC array. We don't look up the name 1204 of the DC in this function, but we fill in the char* 1205 of the ip now to make the failed connection cache 1206 work */ 1168 1207 for ( i=0; i<iplist_size; i++ ) { 1169 1208 char addr[INET6_ADDRSTRLEN]; … … 1183 1222 } 1184 1223 1185 /* Now we add DCs from the main AD dns lookup. */ 1186 get_sorted_dc_list(domain->alt_name, NULL, &ip_list, &iplist_size, True); 1224 /* Now we add DCs from the main AD DNS lookup. */ 1225 get_sorted_dc_list(domain->alt_name, NULL, &ip_list, 1226 &iplist_size, True); 1187 1227 1188 1228 for ( i=0; i<iplist_size; i++ ) { … … 1197 1237 num_dcs); 1198 1238 } 1239 1240 SAFE_FREE(ip_list); 1241 iplist_size = 0; 1199 1242 } 1200 1243 1201 /* try standard netbios queries if no ADS */ 1202 1203 if (iplist_size==0) { 1204 get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, False); 1205 } 1206 1207 /* FIXME!! this is where we should re-insert the GETDC requests --jerry */ 1208 1209 /* now add to the dc array. We'll wait until the last minute 1210 to look up the name of the DC. But we fill in the char* for 1211 the ip now in to make the failed connection cache work */ 1212 1213 for ( i=0; i<iplist_size; i++ ) { 1214 char addr[INET6_ADDRSTRLEN]; 1215 print_sockaddr(addr, sizeof(addr), 1216 &ip_list[i].ss); 1217 add_one_dc_unique(mem_ctx, domain->name, addr, 1218 &ip_list[i].ss, dcs, num_dcs); 1219 } 1220 1221 SAFE_FREE( ip_list ); 1244 /* Try standard netbios queries if no ADS */ 1245 if (*num_dcs == 0) { 1246 get_sorted_dc_list(domain->name, NULL, &ip_list, &iplist_size, 1247 False); 1248 1249 for ( i=0; i<iplist_size; i++ ) { 1250 char addr[INET6_ADDRSTRLEN]; 1251 print_sockaddr(addr, sizeof(addr), 1252 &ip_list[i].ss); 1253 add_one_dc_unique(mem_ctx, 1254 domain->name, 1255 addr, 1256 &ip_list[i].ss, 1257 dcs, 1258 num_dcs); 1259 } 1260 1261 SAFE_FREE(ip_list); 1262 iplist_size = 0; 1263 } 1222 1264 1223 1265 return True; 1224 1266 } 1267 1268 /******************************************************************* 1269 Find and make a connection to a DC in the given domain. 1270 1271 @param[in] mem_ctx talloc memory context to allocate from 1272 @param[in] domain domain to find a dc in 1273 @param[out] dcname NetBIOS or FQDN of DC that's connected to 1274 @param[out] pss DC Internet address and port 1275 @param[out] fd fd of the open socket connected to the newly found dc 1276 @return true when a DC connection is made, false otherwise 1277 *******************************************************************/ 1225 1278 1226 1279 static bool find_new_dc(TALLOC_CTX *mem_ctx, … … 1901 1954 netlogon pipe. */ 1902 1955 1956 if (!domain->conn.netlogon_pipe->dc) { 1957 return false; 1958 } 1959 1903 1960 *ppdc = domain->conn.netlogon_pipe->dc; 1904 1961 return True; … … 1926 1983 goto done; 1927 1984 } 1985 1928 1986 1929 1987 /* -
branches/samba-3.2.x/source/winbindd/winbindd_group.c
r138 r204 597 597 DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len)); 598 598 } else { 599 DEBUG(10, ("appending %s at ndx %d\n", names[i], buf_ndx)); 600 safe_strcpy(&buf[buf_ndx], names[i], len); 599 DEBUG(10, ("appending %s at ndx %d\n", 600 names[i], buf_ndx)); 601 parse_add_domuser(&buf[buf_ndx], names[i], &len); 601 602 buf_ndx += len; 602 603 buf[buf_ndx] = ','; -
branches/samba-3.2.x/source/winbindd/winbindd_pam.c
r141 r204 1600 1600 } 1601 1601 1602 wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); 1602 1603 netsamlogon_cache_store(name_user, info3); 1603 wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);1604 1604 1605 1605 /* save name_to_sid info as early as possible (only if … … 1942 1942 if (NT_STATUS_IS_OK(result)) { 1943 1943 1944 wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); 1944 1945 netsamlogon_cache_store(name_user, info3); 1945 wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);1946 1946 1947 1947 /* Check if the user is in the right group */ -
branches/samba-3.2.x/source/winbindd/winbindd_proto.h
r141 r204 547 547 bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser, 548 548 char **domain, char **user); 549 void parse_add_domuser(void *buf, char *domuser, int *len); 549 550 bool canonicalize_username(fstring username_inout, fstring domain, fstring user); 550 551 void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume); -
branches/samba-3.2.x/source/winbindd/winbindd_util.c
r149 r204 1105 1105 } 1106 1106 1107 /* add a domain user name to a buffer */ 1108 void parse_add_domuser(void *buf, char *domuser, int *len) 1109 { 1110 fstring domain; 1111 char *p, *user; 1112 1113 user = domuser; 1114 p = strchr(domuser, *lp_winbind_separator()); 1115 1116 if (p) { 1117 1118 fstrcpy(domain, domuser); 1119 domain[PTR_DIFF(p, domuser)] = 0; 1120 p++; 1121 1122 if (assume_domain(domain)) { 1123 1124 user = p; 1125 *len -= (PTR_DIFF(p, domuser)); 1126 } 1127 } 1128 1129 safe_strcpy(buf, user, *len); 1130 } 1131 1107 1132 /* Ensure an incoming username from NSS is fully qualified. Replace the 1108 1133 incoming fstring with DOMAIN <separator> user. Returns the same
Note:
See TracChangeset
for help on using the changeset viewer.
