Changeset 228 for branches/samba-3.2.x/source/winbindd
- Timestamp:
- May 26, 2009, 9:44:50 AM (16 years ago)
- Location:
- branches/samba-3.2.x/source/winbindd
- Files:
-
- 13 edited
-
idmap_tdb2.c (modified) (4 diffs)
-
winbindd.c (modified) (2 diffs)
-
winbindd_ads.c (modified) (22 diffs)
-
winbindd_async.c (modified) (1 diff)
-
winbindd_cm.c (modified) (1 diff)
-
winbindd_dual.c (modified) (5 diffs)
-
winbindd_group.c (modified) (12 diffs)
-
winbindd_pam.c (modified) (1 diff)
-
winbindd_passdb.c (modified) (3 diffs)
-
winbindd_proto.h (modified) (2 diffs)
-
winbindd_rpc.c (modified) (7 diffs)
-
winbindd_user.c (modified) (1 diff)
-
winbindd_util.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/winbindd/idmap_tdb2.c
r133 r228 236 236 237 237 status = idmap_tdb2_open_perm_db(); 238 NT_STATUS_NOT_OK_RETURN(status); 238 if (!NT_STATUS_IS_OK(status)) { 239 return status; 240 } 239 241 240 242 /* Get current high water mark */ … … 298 300 uint32_t hwm; 299 301 uint32_t high_hwm; 302 NTSTATUS status; 303 304 status = idmap_tdb2_open_perm_db(); 305 if (!NT_STATUS_IS_OK(status)) { 306 return status; 307 } 300 308 301 309 /* Get current high water mark */ … … 553 561 TDB_DATA data; 554 562 char *keystr; 563 NTSTATUS status; 564 565 status = idmap_tdb2_open_perm_db(); 566 if (!NT_STATUS_IS_OK(status)) { 567 return status; 568 } 555 569 556 570 if (!ctx || !map) { … … 648 662 char *keystr; 649 663 unsigned long rec_id = 0; 664 NTSTATUS status; 665 666 status = idmap_tdb2_open_perm_db(); 667 if (!NT_STATUS_IS_OK(status)) { 668 return status; 669 } 650 670 651 671 if ((keystr = sid_string_talloc(ctx, map->sid)) == NULL) { -
branches/samba-3.2.x/source/winbindd/winbindd.c
r204 r228 746 746 static void remove_client(struct winbindd_cli_state *state) 747 747 { 748 char c = 0; 749 748 750 /* It's a dead client - hold a funeral */ 749 751 … … 751 753 return; 752 754 } 753 755 756 /* tell client, we are closing ... */ 757 write(state->sock, &c, sizeof(c)); 758 754 759 /* Close socket */ 755 760 -
branches/samba-3.2.x/source/winbindd/winbindd_ads.c
r204 r228 402 402 } 403 403 404 /* convert a single name to a sid in a domain - use rpc methods */ 405 static NTSTATUS name_to_sid(struct winbindd_domain *domain, 406 TALLOC_CTX *mem_ctx, 407 enum winbindd_cmd orig_cmd, 408 const char *domain_name, 409 const char *name, 410 DOM_SID *sid, 411 enum lsa_SidType *type) 412 { 413 return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd, 414 domain_name, name, 415 sid, type); 416 } 417 418 /* convert a domain SID to a user or group name - use rpc methods */ 419 static NTSTATUS sid_to_name(struct winbindd_domain *domain, 420 TALLOC_CTX *mem_ctx, 421 const DOM_SID *sid, 422 char **domain_name, 423 char **name, 424 enum lsa_SidType *type) 425 { 426 return reconnect_methods.sid_to_name(domain, mem_ctx, sid, 427 domain_name, name, type); 428 } 429 430 /* convert a list of rids to names - use rpc methods */ 431 static NTSTATUS rids_to_names(struct winbindd_domain *domain, 432 TALLOC_CTX *mem_ctx, 433 const DOM_SID *sid, 434 uint32 *rids, 435 size_t num_rids, 436 char **domain_name, 437 char ***names, 438 enum lsa_SidType **types) 439 { 440 return reconnect_methods.rids_to_names(domain, mem_ctx, sid, 441 rids, num_rids, 442 domain_name, names, types); 443 } 444 404 445 /* If you are looking for "dn_lookup": Yes, it used to be here! 405 446 * It has gone now since it was a major speed bottleneck in … … 642 683 static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, 643 684 TALLOC_CTX *mem_ctx, 644 const char *user_dn, 685 const char *user_dn, 645 686 DOM_SID *primary_group, 646 size_t *p_num_groups, DOM_SID **user_sids) 687 size_t *p_num_groups, 688 DOM_SID **user_sids) 647 689 { 648 690 ADS_STATUS rc; … … 653 695 DOM_SID *group_sids = NULL; 654 696 int i; 655 char **strings ;656 size_t num_strings = 0 ;697 char **strings = NULL; 698 size_t num_strings = 0, num_sids = 0; 657 699 658 700 … … 660 702 661 703 if ( !winbindd_can_contact_domain( domain ) ) { 662 DEBUG(10,("lookup_usergroups_memberof: No incoming trust for domain %s\n",663 domain->name));704 DEBUG(10,("lookup_usergroups_memberof: No incoming trust for " 705 "domain %s\n", domain->name)); 664 706 return NT_STATUS_OK; 665 707 } … … 669 711 if (!ads) { 670 712 domain->last_status = NT_STATUS_SERVER_DISABLED; 671 goto done;672 } 673 674 rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, 675 ADS_EXTENDED_DN_HEX_STRING, 713 return NT_STATUS_UNSUCCESSFUL; 714 } 715 716 rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, 717 ADS_EXTENDED_DN_HEX_STRING, 676 718 &strings, &num_strings); 677 719 678 720 if (!ADS_ERR_OK(rc)) { 679 DEBUG(1,("lookup_usergroups_memberof ads_search member=%s: %s\n",680 user_dn, ads_errstr(rc)));721 DEBUG(1,("lookup_usergroups_memberof ads_search " 722 "member=%s: %s\n", user_dn, ads_errstr(rc))); 681 723 return ads_ntstatus(rc); 682 724 } 683 725 684 726 *user_sids = NULL; 685 727 num_groups = 0; … … 694 736 group_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_strings + 1); 695 737 if (!group_sids) { 696 TALLOC_FREE(strings);697 738 status = NT_STATUS_NO_MEMORY; 698 739 goto done; … … 700 741 701 742 for (i=0; i<num_strings; i++) { 702 703 if (!ads_get_sid_from_extended_dn(mem_ctx, strings[i], 704 ADS_EXTENDED_DN_HEX_STRING, 705 &(group_sids)[i])) { 706 TALLOC_FREE(group_sids); 707 TALLOC_FREE(strings); 708 status = NT_STATUS_NO_MEMORY; 709 goto done; 710 } 743 rc = ads_get_sid_from_extended_dn(mem_ctx, strings[i], 744 ADS_EXTENDED_DN_HEX_STRING, 745 &(group_sids)[i]); 746 if (!ADS_ERR_OK(rc)) { 747 /* ignore members without SIDs */ 748 if (NT_STATUS_EQUAL(ads_ntstatus(rc), 749 NT_STATUS_NOT_FOUND)) { 750 continue; 751 } 752 else { 753 status = ads_ntstatus(rc); 754 goto done; 755 } 756 } 757 num_sids++; 711 758 } 712 759 … … 717 764 } 718 765 719 for (i=0; i<num_s trings; i++) {766 for (i=0; i<num_sids; i++) { 720 767 721 768 /* ignore Builtin groups from ADS - Guenther */ … … 729 776 goto done; 730 777 } 731 778 732 779 } 733 780 … … 735 782 status = (*user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; 736 783 737 DEBUG(3,("ads lookup_usergroups (memberof) succeeded for dn=%s\n", user_dn)); 784 DEBUG(3,("ads lookup_usergroups (memberof) succeeded for dn=%s\n", 785 user_dn)); 786 738 787 done: 788 TALLOC_FREE(strings); 739 789 TALLOC_FREE(group_sids); 740 790 … … 895 945 } 896 946 947 /* Lookup aliases a user is member of - use rpc methods */ 948 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain, 949 TALLOC_CTX *mem_ctx, 950 uint32 num_sids, const DOM_SID *sids, 951 uint32 *num_aliases, uint32 **alias_rids) 952 { 953 return reconnect_methods.lookup_useraliases(domain, mem_ctx, 954 num_sids, sids, 955 num_aliases, 956 alias_rids); 957 } 958 897 959 /* 898 960 find the members of a group, given a group rid and domain … … 900 962 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, 901 963 TALLOC_CTX *mem_ctx, 902 const DOM_SID *group_sid, uint32 *num_names, 903 DOM_SID **sid_mem, char ***names, 964 const DOM_SID *group_sid, uint32 *num_names, 965 DOM_SID **sid_mem, char ***names, 904 966 uint32 **name_types) 905 967 { … … 922 984 TALLOC_CTX *tmp_ctx = NULL; 923 985 924 DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name, 986 DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name, 925 987 sid_string_dbg(group_sid))); 926 988 … … 936 998 if ( !winbindd_can_contact_domain( domain ) ) { 937 999 DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n", 938 domain->name)); 1000 domain->name)); 939 1001 return NT_STATUS_OK; 940 1002 } 941 1003 942 1004 ads = ads_cached_connection(domain); 943 1005 944 1006 if (!ads) { 945 1007 domain->last_status = NT_STATUS_SERVER_DISABLED; … … 953 1015 954 1016 /* search for all members of the group */ 955 if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", 956 sidbinstr))) 1017 if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", 1018 sidbinstr))) 957 1019 { 958 1020 SAFE_FREE(sidbinstr); … … 967 1029 args.critical = True; 968 1030 969 rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, 1031 rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, 970 1032 ldap_exp, &args, "member", &members, &num_members); 971 1033 … … 974 1036 status = NT_STATUS_UNSUCCESSFUL; 975 1037 goto done; 976 } 977 1038 } 1039 978 1040 DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members)); 979 1041 980 1042 /* Now that we have a list of sids, we need to get the 981 1043 * lists of names and name_types belonging to these sids. 982 * even though conceptually not quite clean, we use the 983 * RPC call lsa_lookup_sids for this since it can handle a 1044 * even though conceptually not quite clean, we use the 1045 * RPC call lsa_lookup_sids for this since it can handle a 984 1046 * list of sids. ldap calls can just resolve one sid at a time. 985 1047 * … … 989 1051 * we try to resolve as many sids as possible from the 990 1052 * cache. Only the rest is passed to the lsa_lookup_sids call. */ 991 1053 992 1054 if (num_members) { 993 1055 (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); … … 1016 1078 DOM_SID sid; 1017 1079 1018 if (!ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, &sid)) { 1019 status = NT_STATUS_INVALID_PARAMETER; 1020 goto done; 1021 } 1022 if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, &name_type)) { 1080 rc = ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, 1081 &sid); 1082 if (!ADS_ERR_OK(rc)) { 1083 if (NT_STATUS_EQUAL(ads_ntstatus(rc), 1084 NT_STATUS_NOT_FOUND)) { 1085 /* Group members can be objects, like Exchange 1086 * Public Folders, that don't have a SID. Skip 1087 * them. */ 1088 continue; 1089 } 1090 else { 1091 status = ads_ntstatus(rc); 1092 goto done; 1093 } 1094 } 1095 if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, 1096 &name_type)) { 1023 1097 DEBUG(10,("ads: lookup_groupmem: got sid %s from " 1024 1098 "cache\n", sid_string_dbg(&sid))); 1025 1099 sid_copy(&(*sid_mem)[*num_names], &sid); 1026 (*names)[*num_names] = talloc_asprintf(*names, "%s%c%s", 1027 domain_name, 1028 *lp_winbind_separator(), 1029 name ); 1100 (*names)[*num_names] = fill_domain_username_talloc( 1101 *names, 1102 domain_name, 1103 name, 1104 true); 1030 1105 1031 1106 (*name_types)[*num_names] = name_type; … … 1052 1127 } 1053 1128 1054 status = rpccli_lsa_lookup_sids(cli, tmp_ctx, 1129 status = rpccli_lsa_lookup_sids(cli, tmp_ctx, 1055 1130 &lsa_policy, 1056 num_nocache, 1057 sid_mem_nocache, 1058 &domains_nocache, 1059 &names_nocache, 1131 num_nocache, 1132 sid_mem_nocache, 1133 &domains_nocache, 1134 &names_nocache, 1060 1135 &name_types_nocache); 1061 1136 1137 if (!(NT_STATUS_IS_OK(status) || 1138 NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || 1139 NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) 1140 { 1141 DEBUG(1, ("lsa_lookupsids call failed with %s " 1142 "- retrying...\n", nt_errstr(status))); 1143 1144 status = cm_connect_lsa(domain, tmp_ctx, &cli, 1145 &lsa_policy); 1146 1147 if (!NT_STATUS_IS_OK(status)) { 1148 goto done; 1149 } 1150 1151 status = rpccli_lsa_lookup_sids(cli, tmp_ctx, 1152 &lsa_policy, 1153 num_nocache, 1154 sid_mem_nocache, 1155 &domains_nocache, 1156 &names_nocache, 1157 &name_types_nocache); 1158 } 1159 1062 1160 if (NT_STATUS_IS_OK(status) || 1063 NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) 1161 NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) 1064 1162 { 1065 /* Copy the entries over from the "_nocache" arrays 1066 * to the result arrays, skipping the gaps the 1163 /* Copy the entries over from the "_nocache" arrays 1164 * to the result arrays, skipping the gaps the 1067 1165 * lookup_sids call left. */ 1068 1166 for (i=0; i < num_nocache; i++) { 1069 if (((names_nocache)[i] != NULL) && 1070 ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) 1167 if (((names_nocache)[i] != NULL) && 1168 ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) 1071 1169 { 1072 1170 sid_copy(&(*sid_mem)[*num_names], 1073 1171 &sid_mem_nocache[i]); 1074 (*names)[*num_names] = talloc_asprintf( *names, 1075 "%s%c%s", 1076 domains_nocache[i], 1077 *lp_winbind_separator(), 1078 names_nocache[i] ); 1172 (*names)[*num_names] = 1173 fill_domain_username_talloc( 1174 *names, 1175 domains_nocache[i], 1176 names_nocache[i], 1177 true); 1079 1178 (*name_types)[*num_names] = name_types_nocache[i]; 1080 1179 (*num_names)++; … … 1147 1246 } 1148 1247 return ads_ntstatus(rc); 1248 } 1249 1250 /* find the lockout policy of a domain - use rpc methods */ 1251 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 1252 TALLOC_CTX *mem_ctx, 1253 struct samr_DomInfo12 *policy) 1254 { 1255 return reconnect_methods.lockout_policy(domain, mem_ctx, policy); 1256 } 1257 1258 /* find the password policy of a domain - use rpc methods */ 1259 static NTSTATUS password_policy(struct winbindd_domain *domain, 1260 TALLOC_CTX *mem_ctx, 1261 struct samr_DomInfo1 *policy) 1262 { 1263 return reconnect_methods.password_policy(domain, mem_ctx, policy); 1149 1264 } 1150 1265 … … 1339 1454 enum_dom_groups, 1340 1455 enum_local_groups, 1341 msrpc_name_to_sid,1342 msrpc_sid_to_name,1343 msrpc_rids_to_names,1456 name_to_sid, 1457 sid_to_name, 1458 rids_to_names, 1344 1459 query_user, 1345 1460 lookup_usergroups, 1346 msrpc_lookup_useraliases,1461 lookup_useraliases, 1347 1462 lookup_groupmem, 1348 1463 sequence_number, 1349 msrpc_lockout_policy,1350 msrpc_password_policy,1464 lockout_policy, 1465 password_policy, 1351 1466 trusted_domains, 1352 1467 }; -
branches/samba-3.2.x/source/winbindd/winbindd_async.c
r138 r228 367 367 /******************************************************************** 368 368 The lookup name call first contacts a DC in its own domain 369 and fallbacks to contact a DC i nthe forest in our domain doesn't369 and fallbacks to contact a DC if the forest in our domain doesn't 370 370 know the name. 371 371 ********************************************************************/ -
branches/samba-3.2.x/source/winbindd/winbindd_cm.c
r204 r228 1010 1010 /* Make sure there's no duplicates in the list */ 1011 1011 for (i=0; i<*num; i++) 1012 if ( addr_equal(&(*dcs)[i].ss, pss))1012 if (sockaddr_equal(&(*dcs)[i].ss, pss)) 1013 1013 return False; 1014 1014 -
branches/samba-3.2.x/source/winbindd/winbindd_dual.c
r141 r228 121 121 SMB_ASSERT(continuation != NULL); 122 122 123 DEBUG(10, ("Sending request to child pid %d (domain=%s)\n", 124 (int)child->pid, 125 (child->domain != NULL) ? child->domain->name : "''")); 126 123 127 state = TALLOC_P(mem_ctx, struct winbindd_async_request); 124 128 … … 197 201 TALLOC_FREE(state->reply_timeout_event); 198 202 199 SMB_ASSERT(state->child_pid != (pid_t)0); 200 201 /* If not already reaped, send kill signal to child. */ 202 if (state->child->pid == state->child_pid) { 203 /* If child exists and is not already reaped, 204 send kill signal to child. */ 205 206 if ((state->child->pid != (pid_t)0) && 207 (state->child->pid != (pid_t)-1) && 208 (state->child->pid == state->child_pid)) { 203 209 kill(state->child_pid, SIGTERM); 204 210 … … 295 301 } 296 302 303 /* 304 * This may be a reschedule, so we might 305 * have an existing timeout event pending on 306 * the first entry in the child->requests list 307 * (we only send one request at a time). 308 * Ensure we free it before we reschedule. 309 * Bug #5814, from hargagan <shargagan@novell.com>. 310 * JRA. 311 */ 312 313 TALLOC_FREE(request->reply_timeout_event); 314 297 315 if ((child->pid == 0) && (!fork_domain_child(child))) { 298 /* Cancel all outstanding requests */ 316 /* fork_domain_child failed. 317 Cancel all outstanding requests */ 299 318 300 319 while (request != NULL) { 301 320 /* request might be free'd in the continuation */ 302 321 struct winbindd_async_request *next = request->next; 303 request->continuation(request->private_data, False); 322 323 async_request_fail(request); 304 324 request = next; 305 325 } … … 487 507 child->event.flags = 0; 488 508 child->pid = 0; 509 510 if (child->requests) { 511 /* 512 * schedule_async_request() will also 513 * clear this event but the call is 514 * idempotent so it doesn't hurt to 515 * cover all possible future code 516 * paths. JRA. 517 */ 518 TALLOC_FREE(child->requests->reply_timeout_event); 519 } 489 520 490 521 schedule_async_request(child); … … 1118 1149 set_domain_online_request(child->domain); 1119 1150 1120 if (primary_domain != child->domain) {1151 if (primary_domain && (primary_domain != child->domain)) { 1121 1152 /* We need to talk to the primary 1122 1153 * domain as well as the trusted -
branches/samba-3.2.x/source/winbindd/winbindd_group.c
r204 r228 36 36 fstring name; 37 37 38 fill_domain_username(name, domain, user, True); 38 if (domain != NULL) { 39 fill_domain_username(name, domain, user, True); 40 } else { 41 fstrcpy(name, user); 42 } 39 43 safe_strcat(name, ",", sizeof(name)-1); 40 44 string_append(pp_members, name); … … 135 139 } 136 140 137 add_member( domain->name, names[i], pp_members, p_num_members);141 add_member(NULL, names[i], pp_members, p_num_members); 138 142 } 139 143 … … 332 336 } 333 337 338 static void sort_unique_list(char ***list, uint32 *n_list) 339 { 340 uint32_t i; 341 342 /* search for duplicates for sorting and looking for matching 343 neighbors */ 344 345 qsort(*list, *n_list, sizeof(char*), QSORT_CAST namecmp); 346 347 for (i=1; i < *n_list; i++) { 348 if (strcmp((*list)[i-1], (*list)[i]) == 0) { 349 memmove(&((*list)[i-1]), &((*list)[i]), 350 sizeof(char*)*((*n_list)-i)); 351 (*n_list)--; 352 } 353 } 354 } 355 334 356 static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, 335 357 char ***list, uint32 *n_list, … … 361 383 for ( i=*n_list, j=0; i<n_new_list; i++, j++ ) { 362 384 new_list[i] = talloc_strdup( new_list, names[j] ); 363 }364 365 /* search for duplicates for sorting and looking for matching366 neighbors */367 368 qsort( new_list, n_new_list, sizeof(char*), QSORT_CAST namecmp );369 370 for ( i=1; i<n_new_list; i++ ) {371 if ( strcmp( new_list[i-1], new_list[i] ) == 0 ) {372 memmove( &new_list[i-1], &new_list[i],373 sizeof(char*)*(n_new_list-i) );374 n_new_list--;375 }376 385 } 377 386 … … 528 537 529 538 /* Real work goes here. Create a list of group names to 530 expand starti gn with the initial one. Pass that to539 expand starting with the initial one. Pass that to 531 540 expand_groups() which returns a list of more group names 532 541 to expand. Do this up to the max search depth. */ … … 577 586 } 578 587 TALLOC_FREE( glist ); 579 588 589 sort_unique_list(&names, &num_names); 590 580 591 DEBUG(10, ("looked up %d names\n", num_names)); 581 592 … … 697 708 /* Get info for the domain */ 698 709 699 if ((domain = find_domain_from_name (name_domain)) == NULL) {710 if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { 700 711 DEBUG(3, ("could not get domain sid for domain %s\n", 701 712 name_domain)); … … 730 741 731 742 static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) 732 743 { 733 744 struct getgrsid_state *s = 734 745 (struct getgrsid_state *)private_data; … … 780 791 781 792 request_ok(s->state); 782 793 } 783 794 784 795 static void getgrsid_lookupsid_recv( void *private_data, bool success, … … 805 816 request_error(s->state); 806 817 return; 807 }818 } 808 819 809 820 if ( (s->group_name = talloc_asprintf( s->state->mem_ctx, … … 812 823 *lp_winbind_separator(), 813 824 name)) == NULL ) 814 {825 { 815 826 DEBUG(1, ("getgrsid_lookupsid_recv: talloc_asprintf() Failed!\n")); 816 827 request_error(s->state); … … 822 833 winbindd_sid2gid_async(s->state->mem_ctx, &s->group_sid, 823 834 getgrsid_sid2gid_recv, s); 824 835 } 825 836 826 837 static void winbindd_getgrsid( struct winbindd_cli_state *state, const DOM_SID group_sid ) 827 838 { 828 839 struct getgrsid_state *s; 829 840 -
branches/samba-3.2.x/source/winbindd/winbindd_pam.c
r204 r228 1833 1833 if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) 1834 1834 || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { 1835 DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", 1836 state->request.data.auth_crap.lm_resp_len, 1837 state->request.data.auth_crap.nt_resp_len)); 1838 result = NT_STATUS_INVALID_PARAMETER; 1839 goto done; 1835 if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB || 1836 state->request.extra_len != state->request.data.auth_crap.nt_resp_len) { 1837 DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", 1838 state->request.data.auth_crap.lm_resp_len, 1839 state->request.data.auth_crap.nt_resp_len)); 1840 result = NT_STATUS_INVALID_PARAMETER; 1841 goto done; 1842 } 1840 1843 } 1841 1844 1842 1845 lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp, 1843 1846 state->request.data.auth_crap.lm_resp_len); 1844 nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp, 1845 state->request.data.auth_crap.nt_resp_len); 1847 1848 if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) { 1849 nt_resp = data_blob_talloc(state->mem_ctx, 1850 state->request.extra_data.data, 1851 state->request.data.auth_crap.nt_resp_len); 1852 } else { 1853 nt_resp = data_blob_talloc(state->mem_ctx, 1854 state->request.data.auth_crap.nt_resp, 1855 state->request.data.auth_crap.nt_resp_len); 1856 } 1846 1857 1847 1858 /* what domain should we contact? */ -
branches/samba-3.2.x/source/winbindd/winbindd_passdb.c
r149 r228 268 268 269 269 if ( !pdb_getsampwsid( user, user_sid ) ) { 270 TALLOC_FREE( user ); 270 271 return NT_STATUS_NO_SUCH_USER; 271 272 } … … 639 640 continue; 640 641 } 641 if (!((*names)[ i] = talloc_strdup((*names),642 if (!((*names)[num_mapped] = talloc_strdup((*names), 642 643 lsa_names[i].name))) { 643 644 TALLOC_FREE(tmp_ctx); … … 645 646 } 646 647 647 (*name_types)[ i] = lsa_names[i].type;648 (*name_types)[num_mapped] = lsa_names[i].type; 648 649 649 650 num_mapped += 1; -
branches/samba-3.2.x/source/winbindd/winbindd_proto.h
r204 r228 447 447 /* The following definitions come from winbindd/winbindd_rpc.c */ 448 448 449 NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,450 TALLOC_CTX *mem_ctx,451 enum winbindd_cmd original_cmd,452 const char *domain_name,453 const char *name,454 DOM_SID *sid,455 enum lsa_SidType *type);456 NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,457 TALLOC_CTX *mem_ctx,458 const DOM_SID *sid,459 char **domain_name,460 char **name,461 enum lsa_SidType *type);462 NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,463 TALLOC_CTX *mem_ctx,464 const DOM_SID *sid,465 uint32 *rids,466 size_t num_rids,467 char **domain_name,468 char ***names,469 enum lsa_SidType **types);470 NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,471 TALLOC_CTX *mem_ctx,472 uint32 num_sids, const DOM_SID *sids,473 uint32 *num_aliases, uint32 **alias_rids);474 NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,475 TALLOC_CTX *mem_ctx,476 struct samr_DomInfo12 *lockout_policy);477 NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,478 TALLOC_CTX *mem_ctx,479 struct samr_DomInfo1 *password_policy);480 449 481 450 /* The following definitions come from winbindd/winbindd_sid.c */ … … 550 519 bool canonicalize_username(fstring username_inout, fstring domain, fstring user); 551 520 void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume); 521 char *fill_domain_username_talloc(TALLOC_CTX *mem_ctx, 522 const char *domain, 523 const char *user, 524 bool can_assume); 552 525 const char *get_winbind_pipe_dir(void) ; 553 526 char *get_winbind_priv_pipe_dir(void) ; -
branches/samba-3.2.x/source/winbindd/winbindd_rpc.c
r133 r228 266 266 267 267 /* convert a single name to a sid in a domain */ 268 NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,269 270 271 272 273 274 268 static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, 269 TALLOC_CTX *mem_ctx, 270 enum winbindd_cmd original_cmd, 271 const char *domain_name, 272 const char *name, 273 DOM_SID *sid, 274 enum lsa_SidType *type) 275 275 { 276 276 NTSTATUS result; … … 320 320 convert a domain SID to a user or group name 321 321 */ 322 NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,323 324 325 326 327 322 static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, 323 TALLOC_CTX *mem_ctx, 324 const DOM_SID *sid, 325 char **domain_name, 326 char **name, 327 enum lsa_SidType *type) 328 328 { 329 329 char **domains; … … 363 363 } 364 364 365 NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,366 367 368 369 370 371 372 365 static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, 366 TALLOC_CTX *mem_ctx, 367 const DOM_SID *sid, 368 uint32 *rids, 369 size_t num_rids, 370 char **domain_name, 371 char ***names, 372 enum lsa_SidType **types) 373 373 { 374 374 char **domains; … … 603 603 } 604 604 605 NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, 606 TALLOC_CTX *mem_ctx, 607 uint32 num_sids, const DOM_SID *sids, 608 uint32 *num_aliases, uint32 **alias_rids) 605 static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, 606 TALLOC_CTX *mem_ctx, 607 uint32 num_sids, const DOM_SID *sids, 608 uint32 *num_aliases, 609 uint32 **alias_rids) 609 610 { 610 611 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; … … 821 822 822 823 for (r=0; r<tmp_names.count; r++) { 823 (*names)[i+r] = CONST_DISCARD(char *, tmp_names.names[r].string); 824 (*names)[i+r] = fill_domain_username_talloc(mem_ctx, 825 domain->name, 826 tmp_names.names[r].string, 827 true); 824 828 (*name_types)[i+r] = tmp_types.ids[r]; 825 829 } … … 1066 1070 1067 1071 /* find the lockout policy for a domain */ 1068 NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,1069 1070 1072 static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, 1073 TALLOC_CTX *mem_ctx, 1074 struct samr_DomInfo12 *lockout_policy) 1071 1075 { 1072 1076 NTSTATUS result; … … 1107 1111 1108 1112 /* find the password policy for a domain */ 1109 NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,1110 1111 1113 static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, 1114 TALLOC_CTX *mem_ctx, 1115 struct samr_DomInfo1 *password_policy) 1112 1116 { 1113 1117 NTSTATUS result; -
branches/samba-3.2.x/source/winbindd/winbindd_user.c
r141 r228 385 385 /* Get info for the domain */ 386 386 387 domain = find_domain_from_name (domname);387 domain = find_domain_from_name_noinit(domname); 388 388 389 389 if (domain == NULL) { -
branches/samba-3.2.x/source/winbindd/winbindd_util.c
r204 r228 110 110 struct winbindd_domain *domain; 111 111 const char *alternative_name = NULL; 112 112 const char **ignored_domains, **dom; 113 114 ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); 115 for (dom=ignored_domains; dom && *dom; dom++) { 116 if (gen_fnmatch(*dom, domain_name) == 0) { 117 DEBUG(2,("Ignoring domain '%s'\n", domain_name)); 118 return NULL; 119 } 120 } 121 113 122 /* ignore alt_name if we are not in an AD domain */ 114 123 115 124 if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { 116 125 alternative_name = alt_name; 117 126 } 118 127 119 128 /* We can't call domain_list() as this function is called from 120 129 init_domain_list() and we'll get stuck in a loop. */ … … 403 412 } 404 413 414 if (d == NULL) { 415 continue; 416 } 417 405 418 DEBUG(10,("rescan_forest_root_trusts: Following trust path " 406 419 "for domain tree root %s (%s)\n", … … 466 479 &cache_methods, 467 480 &dom_list[i].sid ); 481 } 482 483 if (d == NULL) { 484 continue; 468 485 } 469 486 … … 1025 1042 1026 1043 while(temp != NULL) { 1027 struct getent_state *next ;1044 struct getent_state *next = temp->next; 1028 1045 1029 1046 /* Free sam entries then list entry */ … … 1031 1048 SAFE_FREE(state->sam_entries); 1032 1049 DLIST_REMOVE(state, state); 1033 next = temp->next;1034 1050 1035 1051 SAFE_FREE(temp); … … 1127 1143 } 1128 1144 1129 safe_strcpy( buf, user, *len);1145 safe_strcpy((char *)buf, user, *len); 1130 1146 } 1131 1147 … … 1180 1196 } 1181 1197 1198 /** 1199 * talloc version of fill_domain_username() 1200 * return NULL on talloc failure. 1201 */ 1202 char *fill_domain_username_talloc(TALLOC_CTX *mem_ctx, 1203 const char *domain, 1204 const char *user, 1205 bool can_assume) 1206 { 1207 char *tmp_user, *name; 1208 1209 tmp_user = talloc_strdup(mem_ctx, user); 1210 strlower_m(tmp_user); 1211 1212 if (can_assume && assume_domain(domain)) { 1213 name = tmp_user; 1214 } else { 1215 name = talloc_asprintf(mem_ctx, "%s%c%s", 1216 domain, 1217 *lp_winbind_separator(), 1218 tmp_user); 1219 TALLOC_FREE(tmp_user); 1220 } 1221 1222 return name; 1223 } 1224 1182 1225 /* 1183 1226 * Winbindd socket accessor functions
Note:
See TracChangeset
for help on using the changeset viewer.
