Changeset 745 for trunk/server/source3/winbindd/winbindd_util.c

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• source3/winbindd/winbindd_util.c (modified) (34 diffs)

trunk/server/source3/winbindd/winbindd_util.c

@@ -23 +23 @@
 #include "includes.h"
 #include "winbindd.h"
+#include "secrets.h"
+#include "../libcli/security/security.h"
+#include "../libcli/auth/pam_errors.h"
+#include "passdb/machine_sid.h"
 
 #undef DBGC_CLASS
@@ -28 +32 @@
 
 extern struct winbindd_methods cache_methods;
-extern struct winbindd_methods builtin_passdb_methods;
-extern struct winbindd_methods sam_passdb_methods;
-
 
 /**
- * @file winbindd_util.c
+ * @file winbindd_util.cq
  *
  * Winbind daemon for NT domain authentication nss module.
@@ -59 +60 @@
 /* Free all entries in the trusted domain list */
 
-void free_domain_list(void)
+static void free_domain_list(void)
 {
         struct winbindd_domain *domain = _domain_list;
@@ -72 +73 @@
 }
 
-static bool is_internal_domain(const DOM_SID *sid)
+static bool is_internal_domain(const struct dom_sid *sid)
 {
         if (sid == NULL)
@@ -80 +81 @@
 }
 
-static bool is_in_internal_domain(const DOM_SID *sid)
+static bool is_in_internal_domain(const struct dom_sid *sid)
 {
         if (sid == NULL)
@@ -92 +93 @@
 static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
                                                   struct winbindd_methods *methods,
-                                                  const DOM_SID *sid)
+                                                  const struct dom_sid *sid)
 {
         struct winbindd_domain *domain;
@@ -138 +139 @@
                         }
 
-                        if (sid_equal(sid, &domain->sid)) {
+                        if (dom_sid_equal(sid, &domain->sid)) {
                                 break;
                         }
@@ -144 +145 @@
         }
 
-        /* See if we found a match.  Check if we need to update the
-           SID. */
-
-        if ( domain && sid) {
-                if ( sid_equal( &domain->sid, &global_sid_NULL ) )
+        if (domain != NULL) {
+                /*
+                 * We found a match. Possibly update the SID
+                 */
+                if ((sid != NULL)
+                    && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
                         sid_copy( &domain->sid, sid );
-
+                }
                 return domain;
         }
@@ -162 +164 @@
 
         ZERO_STRUCTP(domain);
+
+        domain->children = SMB_MALLOC_ARRAY(
+                struct winbindd_child, lp_winbind_max_domain_connections());
+        if (domain->children == NULL) {
+                SAFE_FREE(domain);
+                return NULL;
+        }
+        memset(domain->children, 0,
+               sizeof(struct winbindd_child)
+               * lp_winbind_max_domain_connections());
 
         fstrcpy(domain->name, domain_name);
@@ -224 +236 @@
 }
 
+bool domain_is_forest_root(const struct winbindd_domain *domain)
+{
+        const uint32_t fr_flags =
+                (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST);
+
+        return ((domain->domain_flags & fr_flags) == fr_flags);
+}
+
 /********************************************************************
   rescan our domains looking for new trusted domains
@@ -229 +249 @@
 
 struct trustdom_state {
-        TALLOC_CTX *mem_ctx;
-        bool primary;
-        bool forest_root;
-        struct winbindd_response *response;
+        struct winbindd_domain *domain;
+        struct winbindd_request request;
 };
 
-static void trustdom_recv(void *private_data, bool success);
+static void trustdom_list_done(struct tevent_req *req);
 static void rescan_forest_root_trusts( void );
 static void rescan_forest_trusts( void );
@@ -241 +259 @@
 static void add_trusted_domains( struct winbindd_domain *domain )
 {
-        TALLOC_CTX *mem_ctx;
-        struct winbindd_request *request;
+        struct trustdom_state *state;
+        struct tevent_req *req;
+
+        state = TALLOC_ZERO_P(NULL, struct trustdom_state);
+        if (state == NULL) {
+                DEBUG(0, ("talloc failed\n"));
+                return;
+        }
+        state->domain = domain;
+
+        state->request.length = sizeof(state->request);
+        state->request.cmd = WINBINDD_LIST_TRUSTDOM;
+
+        req = wb_domain_request_send(state, winbind_event_context(),
+                                     domain, &state->request);
+        if (req == NULL) {
+                DEBUG(1, ("wb_domain_request_send failed\n"));
+                TALLOC_FREE(state);
+                return;
+        }
+        tevent_req_set_callback(req, trustdom_list_done, state);
+}
+
+static void trustdom_list_done(struct tevent_req *req)
+{
+        struct trustdom_state *state = tevent_req_callback_data(
+                req, struct trustdom_state);
         struct winbindd_response *response;
-        uint32 fr_flags = (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST);
-
-        struct trustdom_state *state;
-
-        mem_ctx = talloc_init("add_trusted_domains");
-        if (mem_ctx == NULL) {
-                DEBUG(0, ("talloc_init failed\n"));
-                return;
-        }
-
-        request = TALLOC_ZERO_P(mem_ctx, struct winbindd_request);
-        response = TALLOC_P(mem_ctx, struct winbindd_response);
-        state = TALLOC_P(mem_ctx, struct trustdom_state);
-
-        if ((request == NULL) || (response == NULL) || (state == NULL)) {
-                DEBUG(0, ("talloc failed\n"));
-                talloc_destroy(mem_ctx);
-                return;
-        }
-
-        state->mem_ctx = mem_ctx;
-        state->response = response;
-
-        /* Flags used to know how to continue the forest trust search */
-
-        state->primary = domain->primary;
-        state->forest_root = ((domain->domain_flags & fr_flags) == fr_flags );
-
-        request->length = sizeof(*request);
-        request->cmd = WINBINDD_LIST_TRUSTDOM;
-
-        async_domain_request(mem_ctx, domain, request, response,
-                             trustdom_recv, state);
-}
-
-static void trustdom_recv(void *private_data, bool success)
-{
-        struct trustdom_state *state =
-                talloc_get_type_abort(private_data, struct trustdom_state);
-        struct winbindd_response *response = state->response;
+        int res, err;
         char *p;
 
-        if ((!success) || (response->result != WINBINDD_OK)) {
+        res = wb_domain_request_recv(req, state, &response, &err);
+        if ((res == -1) || (response->result != WINBINDD_OK)) {
                 DEBUG(1, ("Could not receive trustdoms\n"));
-                talloc_destroy(state->mem_ctx);
+                TALLOC_FREE(state);
                 return;
         }
@@ -296 +301 @@
         while ((p != NULL) && (*p != '\0')) {
                 char *q, *sidstr, *alt_name;
-                DOM_SID sid;
+                struct dom_sid sid;
                 struct winbindd_domain *domain;
                 char *alternate_name = NULL;
@@ -346 +351 @@
                                                     &sid);
                         if (domain) {
-                                setup_domain_child(domain,
-                                                   &domain->child);
+                                setup_domain_child(domain);
                         }
                 }
@@ -363 +367 @@
         */
 
-        if ( state->primary ) {
+        if (state->domain->primary) {
                 /* If this is our primary domain and we are not in the
                    forest root, we have to scan the root trusts first */
 
-                if ( !state->forest_root )
+                if (!domain_is_forest_root(state->domain))
                         rescan_forest_root_trusts();
                 else
                         rescan_forest_trusts();
 
-        } else if ( state->forest_root ) {
+        } else if (domain_is_forest_root(state->domain)) {
                 /* Once we have done root forest trust search, we can
                    go on to search the trusted forests */
@@ -379 +383 @@
         }
 
-        talloc_destroy(state->mem_ctx);
+        TALLOC_FREE(state);
 
         return;
@@ -424 +428 @@
                                                 &dom_list[i].sid );
                         if (d != NULL) {
-                                setup_domain_child(d, &d->child);
+                                setup_domain_child(d);
                         }
                 }
@@ -496 +500 @@
                                                         &dom_list[i].sid );
                                 if (d != NULL) {
-                                        setup_domain_child(d, &d->child);
+                                        setup_domain_child(d);
                                 }
                         }
@@ -606 +610 @@
         /* BUILTIN domain */
 
-        domain = add_trusted_domain("BUILTIN", NULL, &builtin_passdb_methods,
+        domain = add_trusted_domain("BUILTIN", NULL, &cache_methods,
                                     &global_sid_Builtin);
         if (domain) {
-                setup_domain_child(domain,
-                                   &domain->child);
+                setup_domain_child(domain);
         }
 
@@ -616 +619 @@
 
         domain = add_trusted_domain(get_global_sam_name(), NULL,
-                                    &sam_passdb_methods, get_global_sam_sid());
+                                    &cache_methods, get_global_sam_sid());
         if (domain) {
                 if ( role != ROLE_DOMAIN_MEMBER ) {
                         domain->primary = True;
                 }
-                setup_domain_child(domain,
-                                   &domain->child);
+                setup_domain_child(domain);
         }
 
@@ -628 +630 @@
 
         if ( role == ROLE_DOMAIN_MEMBER ) {
-                DOM_SID our_sid;
+                struct dom_sid our_sid;
 
                 if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
@@ -639 +641 @@
                 if (domain) {
                         domain->primary = True;
-                        setup_domain_child(domain,
-                                           &domain->child);
+                        setup_domain_child(domain);
 
                         /* Even in the parent winbindd we'll need to
@@ -653 +654 @@
 
         return True;
-}
-
-void check_domain_trusted( const char *name, const DOM_SID *user_sid )
-{
-        struct winbindd_domain *domain;
-        DOM_SID dom_sid;
-        uint32 rid;
-
-        /* Check if we even care */
-
-        if (!lp_allow_trusted_domains())
-                return;
-
-        domain = find_domain_from_name_noinit( name );
-        if ( domain )
-                return;
-
-        sid_copy( &dom_sid, user_sid );
-        if ( !sid_split_rid( &dom_sid, &rid ) )
-                return;
-
-        /* add the newly discovered trusted domain */
-
-        domain = add_trusted_domain( name, NULL, &cache_methods,
-                                     &dom_sid);
-
-        if ( !domain )
-                return;
-
-        /* assume this is a trust from a one-way transitive
-           forest trust */
-
-        domain->active_directory = True;
-        domain->domain_flags = NETR_TRUST_FLAG_OUTBOUND;
-        domain->domain_type  = NETR_TRUST_TYPE_UPLEVEL;
-        domain->internal = False;
-        domain->online = True;
-
-        setup_domain_child(domain,
-                           &domain->child);
-
-        wcache_tdc_add_domain( domain );
-
-        return;
 }
 
@@ -747 +704 @@
 /* Given a domain sid, return the struct winbindd domain info for it */
 
-struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid)
+struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid)
 {
         struct winbindd_domain *domain;
@@ -754 +711 @@
 
         for (domain = domain_list(); domain != NULL; domain = domain->next) {
-                if (sid_compare_domain(sid, &domain->sid) == 0)
+                if (dom_sid_compare_domain(sid, &domain->sid) == 0)
                         return domain;
         }
@@ -765 +722 @@
 /* Given a domain sid, return the struct winbindd domain info for it */
 
-struct winbindd_domain *find_domain_from_sid(const DOM_SID *sid)
+struct winbindd_domain *find_domain_from_sid(const struct dom_sid *sid)
 {
         struct winbindd_domain *domain;
@@ -799 +756 @@
         struct winbindd_domain *ours = find_our_domain();
 
-        if ( !ours )
+        if (ours->forest_name[0] == '\0') {
                 return NULL;
-
-        if ( strlen(ours->forest_name) == 0 )
-                return NULL;
+        }
 
         return find_domain_from_name( ours->forest_name );
@@ -810 +765 @@
 struct winbindd_domain *find_builtin_domain(void)
 {
-        DOM_SID sid;
         struct winbindd_domain *domain;
 
-        string_to_sid(&sid, "S-1-5-32");
-        domain = find_domain_from_sid(&sid);
-
+        domain = find_domain_from_sid(&global_sid_Builtin);
         if (domain == NULL) {
                 smb_panic("Could not find BUILTIN domain");
@@ -825 +777 @@
 /* Find the appropriate domain to lookup a name or SID */
 
-struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
+struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
 {
         /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
@@ -943 +895 @@
 }
 
-/* add a domain user name to a buffer */
-void parse_add_domuser(void *buf, char *domuser, int *len)
-{
-        fstring domain;
-        char *p, *user;
-
-        user = domuser;
-        p = strchr(domuser, *lp_winbind_separator());
-
-        if (p) {
-
-                fstrcpy(domain, domuser);
-                domain[PTR_DIFF(p, domuser)] = 0;
-                p++;
-
-                if (assume_domain(domain)) {
-
-                        user = p;
-                        *len -= (PTR_DIFF(p, domuser));
-                }
-        }
-
-        safe_strcpy((char *)buf, user, *len);
-}
-
 /* Ensure an incoming username from NSS is fully qualified. Replace the
    incoming fstring with DOMAIN <separator> user. Returns the same
@@ -1046 +973 @@
 
 /*
- * Winbindd socket accessor functions
- */
-
-const char *get_winbind_pipe_dir(void)
-{
-        return lp_parm_const_string(-1, "winbindd", "socket dir", WINBINDD_SOCKET_DIR);
-}
-
-char *get_winbind_priv_pipe_dir(void)
-{
-        return lock_path(WINBINDD_PRIV_SOCKET_SUBDIR);
-}
-
-/* Open the winbindd socket */
-
-static int _winbindd_socket = -1;
-static int _winbindd_priv_socket = -1;
-
-int open_winbindd_socket(void)
-{
-        if (_winbindd_socket == -1) {
-                _winbindd_socket = create_pipe_sock(
-                        get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755);
-                DEBUG(10, ("open_winbindd_socket: opened socket fd %d\n",
-                           _winbindd_socket));
-        }
-
-        return _winbindd_socket;
-}
-
-int open_winbindd_priv_socket(void)
-{
-        if (_winbindd_priv_socket == -1) {
-                _winbindd_priv_socket = create_pipe_sock(
-                        get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
-                DEBUG(10, ("open_winbindd_priv_socket: opened socket fd %d\n",
-                           _winbindd_priv_socket));
-        }
-
-        return _winbindd_priv_socket;
-}
-
-/*
  * Client list accessor functions
  */
@@ -1118 +1002 @@
 }
 
-/* Close all open clients */
-
-void winbindd_kill_all_clients(void)
-{
-        struct winbindd_cli_state *cl = winbindd_client_list();
-
-        DEBUG(10, ("winbindd_kill_all_clients: going postal\n"));
-
-        while (cl) {
-                struct winbindd_cli_state *next;
-
-                next = cl->next;
-                winbindd_remove_client(cl);
-                cl = next;
-        }
-}
-
 /* Return number of open clients */
 
@@ -1144 +1011 @@
 NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
                                   TALLOC_CTX *mem_ctx,
-                                  const DOM_SID *user_sid,
-                                  uint32 *p_num_groups, DOM_SID **user_sids)
+                                  const struct dom_sid *user_sid,
+                                  uint32_t *p_num_groups, struct dom_sid **user_sids)
 {
         struct netr_SamInfo3 *info3 = NULL;
         NTSTATUS status = NT_STATUS_NO_MEMORY;
-        size_t num_groups = 0;
+        uint32_t num_groups = 0;
 
         DEBUG(3,(": lookup_usergroups_cached\n"));
@@ -1479 +1346 @@
         return !domain->online;
 }
+
+bool is_domain_online(const struct winbindd_domain *domain)
+{
+        return !is_domain_offline(domain);
+}
+
+bool parse_sidlist(TALLOC_CTX *mem_ctx, const char *sidstr,
+                   struct dom_sid **sids, uint32_t *num_sids)
+{
+        const char *p;
+
+        p = sidstr;
+        if (p == NULL)
+                return False;
+
+        while (p[0] != '\0') {
+                struct dom_sid sid;
+                const char *q = NULL;
+
+                if (!dom_sid_parse_endp(p, &sid, &q)) {
+                        DEBUG(1, ("Could not parse sid %s\n", p));
+                        return false;
+                }
+                if ((q == NULL) || (q[0] != '\n')) {
+                        DEBUG(1, ("Got invalid sidstr: %s\n", p));
+                        return false;
+                }
+                if (!NT_STATUS_IS_OK(add_sid_to_array(mem_ctx, &sid, sids,
+                                                      num_sids)))
+                {
+                        return False;
+                }
+                p = q+1;
+        }
+        return True;
+}