memcpy(request.data.auth_crap.nt_resp, user_info->password.response.nt.data,
request.data.auth_crap.nt_resp_len);
- result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+ result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
nt_status = NT_STATUS(response.data.auth.nt_status);
NT_STATUS_NOT_OK_RETURN(nt_status);
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "includes.h"
-#include "nsswitch/winbind_client.h"
+#include "winbind_client.h"
/* Global variables. These are effectively the client state information */
int winbindd_fd = -1; /* fd for winbindd socket */
+static int is_privileged = 0;
/* Free a response structure */
-void free_response(struct winbindd_response *response)
+void winbindd_free_response(struct winbindd_response *response)
{
/* Free any allocated extra_data */
/* Initialise a request structure */
-void init_request(struct winbindd_request *request, int request_type)
+void winbindd_init_request(struct winbindd_request *request, int request_type)
{
request->length = sizeof(struct winbindd_request);
/* Initialise a response structure */
-void init_response(struct winbindd_response *response)
+static void init_response(struct winbindd_response *response)
{
/* Initialise return value */
/* Close established socket */
-void close_sock(void)
+void winbind_close_sock(void)
{
if (winbindd_fd != -1) {
close(winbindd_fd);
}
#define CONNECT_TIMEOUT 30
-#if 0 /* unused */
-#define WRITE_TIMEOUT CONNECT_TIMEOUT
-#define READ_TIMEOUT CONNECT_TIMEOUT
-#endif
/* Make sure socket handle isn't stdin, stdout or stderr */
#define RECURSION_LIMIT 3
{
struct sockaddr_un sunaddr;
struct stat st;
- char *path;
+ pstring path;
int fd;
int wait_time;
int slept;
}
/* Connect to socket */
-
- asprintf(&path, "%s%s", dir, "/" WINBINDD_SOCKET_NAME);
+
+ strncpy(path, dir, sizeof(path) - 1);
+ path[sizeof(path) - 1] = '\0';
+
+ strncat(path, "/", sizeof(path) - 1 - strlen(path));
+ path[sizeof(path) - 1] = '\0';
+
+ strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1 - strlen(path));
+ path[sizeof(path) - 1] = '\0';
+
ZERO_STRUCT(sunaddr);
sunaddr.sun_family = AF_UNIX;
strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
the winbindd daemon is not running. */
if (lstat(path, &st) == -1) {
- SAFE_FREE(path);
return -1;
}
-
- SAFE_FREE(path);
/* Check permissions on unix socket file */
close(fd);
return -1;
+}
- if (connect(fd, (struct sockaddr *)&sunaddr,
- sizeof(sunaddr)) == -1) {
- close(fd);
- return -1;
+static const char *winbindd_socket_dir(void)
+{
+#ifdef SOCKET_WRAPPER
+ const char *env_dir;
+
+ env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
+ if (env_dir) {
+ return env_dir;
}
-
- return fd;
+#endif
+
+ return WINBINDD_SOCKET_DIR;
}
/* Connect to winbindd socket */
-int winbind_open_pipe_sock(void)
+static int winbind_open_pipe_sock(int recursing, int need_priv)
{
#ifdef HAVE_UNIXSOCKET
static pid_t our_pid;
struct winbindd_request request;
struct winbindd_response response;
- const char *winbindd_socket_dir_env;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (our_pid != getpid()) {
- close_sock();
+ winbind_close_sock();
our_pid = getpid();
}
+
+ if ((need_priv != 0) && (is_privileged == 0)) {
+ winbind_close_sock();
+ }
if (winbindd_fd != -1) {
return winbindd_fd;
}
-#ifdef SOCKET_WRAPPER
- winbindd_socket_dir_env = getenv(WINBINDD_SOCKET_DIR_ENV);
-
- if (!winbindd_socket_dir_env)
- {
- winbindd_socket_dir_env = WINBINDD_SOCKET_DIR;
+ if (recursing) {
+ return -1;
}
-#else
- winbindd_socket_dir_env = WINBINDD_SOCKET_DIR;
-#endif
-
- winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir_env);
- if (winbindd_fd == -1)
- {
+ if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
return -1;
}
+ is_privileged = 0;
+
/* version-check the socket */
- if ((winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
- close_sock();
+ request.wb_flags = WBFLAG_RECURSE;
+ if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
+ winbind_close_sock();
return -1;
}
/* try and get priv pipe */
- if (winbindd_request(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
+ request.wb_flags = WBFLAG_RECURSE;
+ if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
int fd;
- if ((fd = winbind_named_pipe_sock(response.extra_data.data)) != -1) {
+ if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
close(winbindd_fd);
winbindd_fd = fd;
+ is_privileged = 1;
}
}
+ if ((need_priv != 0) && (is_privileged == 0)) {
+ return -1;
+ }
+
SAFE_FREE(response.extra_data.data);
return winbindd_fd;
/* Write data to winbindd socket */
-int write_sock(void *buffer, int count)
+int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
{
int result, nwritten;
restart:
- if (winbind_open_pipe_sock() == -1) {
+ if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
return -1;
}
ZERO_STRUCT(tv);
if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
- close_sock();
+ winbind_close_sock();
return -1; /* Select error */
}
/* Write failed */
- close_sock();
+ winbind_close_sock();
return -1;
}
/* Pipe has closed on remote end */
- close_sock();
+ winbind_close_sock();
goto restart;
}
}
/* Read data from winbindd socket */
-static int read_sock(void *buffer, int count)
+int winbind_read_sock(void *buffer, int count)
{
int nread = 0;
int total_time = 0, selret;
+ if (winbindd_fd == -1) {
+ return -1;
+ }
+
/* Read data from socket */
while(nread < count) {
struct timeval tv;
tv.tv_sec = 5;
if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
- close_sock();
+ winbind_close_sock();
return -1; /* Select error */
}
/* Not ready for read yet... */
if (total_time >= 30) {
/* Timeout */
- close_sock();
+ winbind_close_sock();
return -1;
}
total_time += 5;
can do here is just return -1 and fail since the
transaction has failed half way through. */
- close_sock();
+ winbind_close_sock();
return -1;
}
/* Read reply */
-int read_reply(struct winbindd_response *response)
+int winbindd_read_reply(struct winbindd_response *response)
{
int result1, result2 = 0;
/* Read fixed length response */
- if ((result1 = read_sock(response, sizeof(struct winbindd_response)))
- == -1) {
-
+ result1 = winbind_read_sock(response,
+ sizeof(struct winbindd_response));
+ if (result1 == -1) {
return -1;
}
return -1;
}
- if ((result2 = read_sock(response->extra_data.data, extra_data_len))
- == -1) {
- free_response(response);
+ result2 = winbind_read_sock(response->extra_data.data,
+ extra_data_len);
+ if (result2 == -1) {
+ winbindd_free_response(response);
return -1;
}
}
return result1 + result2;
}
+bool winbind_env_set(void)
+{
+ char *env;
+
+ if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
+ if(strcmp(env, "1") == 0) {
+ return true;
+ }
+ }
+ return false;
+}
+
/*
* send simple types of requests
*/
-NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
+NSS_STATUS winbindd_send_request(int req_type, int need_priv,
+ struct winbindd_request *request)
{
struct winbindd_request lrequest;
- char *env;
- int value;
-
+
/* Check for our tricky environment variable */
- if ( (env = getenv(WINBINDD_DONT_ENV)) != NULL ) {
- value = atoi(env);
- if ( value == 1 )
- return NSS_STATUS_NOTFOUND;
+ if (winbind_env_set()) {
+ return NSS_STATUS_NOTFOUND;
}
if (!request) {
/* Fill in request and send down pipe */
- init_request(request, req_type);
+ winbindd_init_request(request, req_type);
- if (write_sock(request, sizeof(*request)) == -1) {
+ if (winbind_write_sock(request, sizeof(*request),
+ request->wb_flags & WBFLAG_RECURSE,
+ need_priv) == -1) {
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ if ((request->extra_len != 0) &&
+ (winbind_write_sock(request->extra_data.data,
+ request->extra_len,
+ request->wb_flags & WBFLAG_RECURSE,
+ need_priv) == -1)) {
return NSS_STATUS_UNAVAIL;
}
init_response(response);
/* Wait for reply */
- if (read_reply(response) == -1) {
+ if (winbindd_read_reply(response) == -1) {
return NSS_STATUS_UNAVAIL;
}
/* Throw away extra data if client didn't request it */
if (response == &lresponse) {
- free_response(response);
+ winbindd_free_response(response);
}
/* Copy reply data from socket */
/* Handle simple types of requests */
-NSS_STATUS winbindd_request(int req_type,
+NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response)
{
- NSS_STATUS status;
+ NSS_STATUS status = NSS_STATUS_UNAVAIL;
+ int count = 0;
- status = winbindd_send_request(req_type, request);
- if (status != NSS_STATUS_SUCCESS)
- return(status);
- return winbindd_get_response(response);
+ while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
+ status = winbindd_send_request(req_type, 0, request);
+ if (status != NSS_STATUS_SUCCESS)
+ return(status);
+ status = winbindd_get_response(response);
+ count += 1;
+ }
+
+ return status;
+}
+
+NSS_STATUS winbindd_priv_request_response(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response)
+{
+ NSS_STATUS status = NSS_STATUS_UNAVAIL;
+ int count = 0;
+
+ while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
+ status = winbindd_send_request(req_type, 1, request);
+ if (status != NSS_STATUS_SUCCESS)
+ return(status);
+ status = winbindd_get_response(response);
+ count += 1;
+ }
+
+ return status;
}
/*************************************************************************
enable them
************************************************************************/
-bool winbind_off( void )
+bool winbind_off(void)
{
- setenv(WINBINDD_DONT_ENV, "1", 1);
- return True;
+ return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
}
-bool winbind_on( void )
+bool winbind_on(void)
{
- setenv(WINBINDD_DONT_ENV, "0", 1);
- return True;
+ return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
+}
+
+/*************************************************************************
+ ************************************************************************/
+
+const char *nss_err_str(NSS_STATUS ret)
+{
+ switch (ret) {
+ case NSS_STATUS_TRYAGAIN:
+ return "NSS_STATUS_TRYAGAIN";
+ case NSS_STATUS_SUCCESS:
+ return "NSS_STATUS_SUCCESS";
+ case NSS_STATUS_NOTFOUND:
+ return "NSS_STATUS_NOTFOUND";
+ case NSS_STATUS_UNAVAIL:
+ return "NSS_STATUS_UNAVAIL";
+#ifdef NSS_STATUS_RETURN
+ case NSS_STATUS_RETURN:
+ return "NSS_STATUS_RETURN";
+#endif
+ default:
+ return "UNKNOWN RETURN CODE!!!!!!!";
+ }
}
/* Send off request */
- if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
+ if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
NSS_STATUS_SUCCESS) {
d_fprintf(stderr, "could not obtain winbind separator!\n");
if (strict) {
/* Send off request */
- if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
+ if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
NSS_STATUS_SUCCESS) {
d_fprintf(stderr, "could not obtain winbind domain name!\n");
fstrcpy(request.data.username, user);
- result = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
+ result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
if (result != NSS_STATUS_SUCCESS)
return False;
request.data.uid = uid;
- result = winbindd_request(WINBINDD_GETPWUID, &request, &response);
+ result = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
if (result != NSS_STATUS_SUCCESS)
return False;
fstrcpy(request.data.groupname, group);
- result = winbindd_request(WINBINDD_GETGRNAM, &request,
+ result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
&response);
if ( result != NSS_STATUS_SUCCESS)
fstrcpy(request.data.username, user);
- result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+ result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
if (result != NSS_STATUS_SUCCESS)
return False;
/* Send request */
fstrcpy(request.data.sid, user_sid);
- result = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
+ result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
if (result != NSS_STATUS_SUCCESS)
return False;
/* Send request */
fstrcpy(request.data.sid, user_sid);
- result = winbindd_request(WINBINDD_GETUSERDOMGROUPS, &request,
+ result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
&response);
if (result != NSS_STATUS_SUCCESS)
fstrcpy(request.data.winsreq, name);
- if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
NSS_STATUS_SUCCESS) {
return False;
}
fstrcpy(request.data.winsreq, ip);
- if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
NSS_STATUS_SUCCESS) {
return False;
}
request.data.list_all_domains = list_all_domains;
- if (winbindd_request(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
/* Send request */
- if (winbindd_request(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
/* Send request */
- if (winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
/* Send request */
- if (winbindd_request(WINBINDD_GETDCNAME, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
NSS_STATUS_SUCCESS) {
d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
return False;
ZERO_STRUCT(response);
- result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
+ result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
d_printf("checking the trust secret via RPC calls %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
request.data.uid = uid;
- if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
request.data.gid = gid;
- if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
fstrcpy(request.data.sid, sid);
- if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
fstrcpy(request.data.sid, sid);
- if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
fstrcpy(request.data.sid, sid);
- if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
parse_wbinfo_domain_user(name, request.data.name.dom_name,
request.data.name.name);
- if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
/* Authenticate a user with a plaintext password */
-static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
+static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
{
struct winbindd_request request;
struct winbindd_response response;
request.data.auth.uid = geteuid();
- result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+ result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
/* Display response */
} else
fstrcpy(request.data.auth.user, username);
- result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+ result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
/* Display response */
request.data.auth_crap.nt_resp_len = 24;
}
- result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+ result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
/* Display response */
fstrcpy( request.domain_name, domain );
}
- if (winbindd_request(WINBINDD_LIST_USERS, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
fstrcpy( request.domain_name, domain );
}
- if (winbindd_request(WINBINDD_LIST_GROUPS, &request, &response) !=
+ if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
NSS_STATUS_SUCCESS)
return False;
{
NSS_STATUS result;
- result = winbindd_request(WINBINDD_PING, NULL, NULL);
+ result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
/* Display response */
break;
}
case 'K': {
- uint32 flags = WBFLAG_PAM_KRB5 |
+ uint32_t flags = WBFLAG_PAM_KRB5 |
WBFLAG_PAM_CACHED_LOGIN |
WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
WBFLAG_PAM_INFO3_TEXT;
-#include "nsswitch/winbind_nss_config.h"
-#include "nsswitch/winbind_struct_protocol.h"
+#include "winbind_nss_config.h"
+#include "winbind_struct_protocol.h"
-void init_request(struct winbindd_request *req,int rq_type);
-NSS_STATUS winbindd_send_request(int req_type,
+void winbindd_init_request(struct winbindd_request *req,int rq_type);
+void winbindd_free_response(struct winbindd_response *response);
+NSS_STATUS winbindd_send_request(int req_type, int need_priv,
struct winbindd_request *request);
NSS_STATUS winbindd_get_response(struct winbindd_response *response);
-NSS_STATUS winbindd_request(int req_type,
+NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
-int winbind_open_pipe_sock(void);
-int write_sock(void *buffer, int count);
-int read_reply(struct winbindd_response *response);
-void close_sock(void);
-void free_response(struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response);
+int winbindd_read_reply(struct winbindd_response *response);
+bool winbind_env_set(void);
+bool winbind_off(void);
+bool winbind_on(void);
+
+int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
+int winbind_read_sock(void *buffer, int count);
+void winbind_close_sock(void);
+
+const char *nss_err_str(NSS_STATUS ret);
#include "nsswitch/winbind_nss_hpux.h"
-#else /* Nothing's defined. Neither gnu nor sun nor hp */
+#elif defined(__NetBSD__) && defined(HAVE_GETPWENT_R)
+
+/*
+ * NetBSD 3 and newer
+ */
+
+#include "nsswitch/winbind_nss_netbsd.h"
+
+#else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */
typedef enum
{
typedef char fstring[FSTRING_LEN];
#endif
-#if !defined(uint32)
-#if (SIZEOF_INT == 4)
-#define uint32 unsigned int
-#elif (SIZEOF_LONG == 4)
-#define uint32 unsigned long
-#elif (SIZEOF_SHORT == 4)
-#define uint32 unsigned short
-#endif
-#endif
-
-#if !defined(uint16)
-#if (SIZEOF_SHORT == 4)
-#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
-#else /* SIZEOF_SHORT != 4 */
-#define uint16 unsigned short
-#endif /* SIZEOF_SHORT != 4 */
-#endif
-
-#ifndef uint8
-#define uint8 unsigned char
-#endif
-
-/*
- * check for 8 byte long long
- */
-
-#if !defined(uint64)
-#if (SIZEOF_LONG == 8)
-#define uint64 unsigned long
-#elif (SIZEOF_LONG_LONG == 8)
-#define uint64 unsigned long long
-#endif /* don't lie. If we don't have it, then don't use it */
-#endif
-
-#if !defined(int64)
-#if (SIZEOF_LONG == 8)
-#define int64 long
-#elif (SIZEOF_LONG_LONG == 8)
-#define int64 long long
-#endif /* don't lie. If we don't have it, then don't use it */
-#endif
-
/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
#ifndef S_IFSOCK
#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK)
#endif
-#ifndef HAVE_SOCKLEN_T
-#define HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
#endif
NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
} NSS_STATUS;
-#define NSD_MEM_STATIC 0
-#define NSD_MEM_VOLATILE 1
-#define NSD_MEM_DYNAMIC 2
-
#endif /* _WINBIND_NSS_IRIX_H */
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "includes.h"
#include "winbind_client.h"
/* Maximum number of users to pass back over the unix domain socket
#define MAX_GETPWENT_USERS 250
#define MAX_GETGRENT_USERS 250
-_PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
+NSS_STATUS _nss_winbind_setpwent(void);
+NSS_STATUS _nss_winbind_endpwent(void);
+NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
+NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
+NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
+NSS_STATUS _nss_winbind_setgrent(void);
+NSS_STATUS _nss_winbind_endgrent(void);
+NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
+NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
+NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
+NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
+NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
long int *size, gid_t **groups,
long int limit, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
+NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
int *num_groups, char *buffer, size_t buf_size,
int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
+NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
+NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
+NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
+NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
+NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
+NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
size_t buflen, int *errnop);
/* Prototypes from wb_common.c */
extern int winbindd_fd;
-#ifdef DEBUG_NSS
-static const char *nss_err_str(NSS_STATUS ret) {
- switch (ret) {
- case NSS_STATUS_TRYAGAIN:
- return "NSS_STATUS_TRYAGAIN";
- case NSS_STATUS_SUCCESS:
- return "NSS_STATUS_SUCCESS";
- case NSS_STATUS_NOTFOUND:
- return "NSS_STATUS_NOTFOUND";
- case NSS_STATUS_UNAVAIL:
- return "NSS_STATUS_UNAVAIL";
- case NSS_STATUS_RETURN:
- return "NSS_STATUS_RETURN";
- default:
- return "UNKNOWN RETURN CODE!!!!!!!";
- }
-}
-#endif
-
/* Allocate some space from the nss static buffer. The buffer and buflen
are the pointers passed in by the C library to the _nss_ntdom_*
functions. */
lib/util_str.c as I really don't want to have to link in any other
objects if I can possibly avoid it. */
-static BOOL next_tok(char **ptr,char *buff,const char *sep, size_t bufsize)
+static bool next_token(char **ptr,char *buff,const char *sep, size_t bufsize)
{
char *s;
- BOOL quoted;
+ bool quoted;
size_t len=1;
- if (!ptr) return(False);
+ if (!ptr) return false;
s = *ptr;
while (*s && strchr(sep,*s)) s++;
/* nothing left? */
- if (! *s) return(False);
+ if (! *s) return false;
/* copy over the token */
- for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
+ for (quoted = false; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
if (*s == '\"') {
quoted = !quoted;
} else {
*ptr = (*s) ? s+1 : s;
*buff = 0;
- return(True);
+ return true;
}
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->pw_name, pw->pw_name, strlen(pw->pw_name) + 1);
+ strcpy(result->pw_name, pw->pw_name);
/* Password */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->pw_passwd, pw->pw_passwd, strlen(pw->pw_passwd) + 1);
+ strcpy(result->pw_passwd, pw->pw_passwd);
/* [ug]id */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->pw_gecos, pw->pw_gecos, strlen(pw->pw_gecos) + 1);
+ strcpy(result->pw_gecos, pw->pw_gecos);
/* Home directory */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->pw_dir, pw->pw_dir, strlen(pw->pw_dir) + 1);
+ strcpy(result->pw_dir, pw->pw_dir);
/* Logon shell */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->pw_shell, pw->pw_shell, strlen(pw->pw_shell) + 1);
+ strcpy(result->pw_shell, pw->pw_shell);
/* The struct passwd for Solaris has some extra fields which must
be initialised or nscd crashes. */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->gr_name, gr->gr_name, strlen(gr->gr_name) + 1);
+ strcpy(result->gr_name, gr->gr_name);
/* Password */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy(result->gr_passwd, gr->gr_passwd, strlen(gr->gr_passwd) + 1);
+ strcpy(result->gr_passwd, gr->gr_passwd);
/* gid */
i = 0;
- while(next_tok((char **)&gr_mem, name, ",", sizeof(fstring))) {
+ while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
/* Allocate space for member */
return NSS_STATUS_TRYAGAIN;
}
- strlcpy((result->gr_mem)[i], name, strlen(name) + 1);
+ strcpy((result->gr_mem)[i], name);
i++;
}
/* Rewind "file pointer" to start of ntdom password database */
-_PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void)
+NSS_STATUS
+_nss_winbind_setpwent(void)
{
NSS_STATUS ret;
#ifdef DEBUG_NSS
if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
- free_response(&getpwent_response);
+ winbindd_free_response(&getpwent_response);
}
- ret = winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
+ ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
nss_err_str(ret), ret);
/* Close ntdom password database "file pointer" */
-_PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void)
+NSS_STATUS
+_nss_winbind_endpwent(void)
{
NSS_STATUS ret;
#ifdef DEBUG_NSS
if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
- free_response(&getpwent_response);
+ winbindd_free_response(&getpwent_response);
}
- ret = winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+ ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
nss_err_str(ret), ret);
/* Fetch the next password entry from ntdom password database */
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
- char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwent_r(struct passwd *result, char *buffer,
+ size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
/* Else call winbindd to get a bunch of entries */
if (num_pw_cache > 0) {
- free_response(&getpwent_response);
+ winbindd_free_response(&getpwent_response);
}
ZERO_STRUCT(request);
request.data.num_entries = MAX_GETPWENT_USERS;
- ret = winbindd_request(WINBINDD_GETPWENT, &request,
+ ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
&getpwent_response);
if (ret == NSS_STATUS_SUCCESS) {
/* Out of memory - try again */
if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = True;
+ called_again = true;
*errnop = errno = ERANGE;
goto done;
}
*errnop = errno = 0;
- called_again = False;
+ called_again = false;
ndx_pw_cache++;
/* If we've finished with this lot of results free cache */
if (ndx_pw_cache == num_pw_cache) {
ndx_pw_cache = num_pw_cache = 0;
- free_response(&getpwent_response);
+ winbindd_free_response(&getpwent_response);
}
}
done:
/* Return passwd struct from uid */
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
- char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
+ size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
request.data.uid = uid;
- ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_pwent(result, &response.data.pw,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
- keep_response = False;
+ keep_response = false;
*errnop = errno = 0;
}
- free_response(&response);
+ winbindd_free_response(&response);
done:
#ifdef DEBUG_NSS
}
/* Return passwd struct from username */
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name,
- struct passwd *result, char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
+ size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
request.data.username
[sizeof(request.data.username) - 1] = '\0';
- ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_pwent(result, &response.data.pw, &buffer,
&buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
- keep_response = False;
+ keep_response = false;
*errnop = errno = 0;
}
- free_response(&response);
+ winbindd_free_response(&response);
done:
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
/* Rewind "file pointer" to start of ntdom group database */
-_PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void)
+NSS_STATUS
+_nss_winbind_setgrent(void)
{
NSS_STATUS ret;
#ifdef DEBUG_NSS
if (num_gr_cache > 0) {
ndx_gr_cache = num_gr_cache = 0;
- free_response(&getgrent_response);
+ winbindd_free_response(&getgrent_response);
}
- ret = winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
+ ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
nss_err_str(ret), ret);
/* Close "file pointer" for ntdom group database */
-_PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void)
+NSS_STATUS
+_nss_winbind_endgrent(void)
{
NSS_STATUS ret;
#ifdef DEBUG_NSS
if (num_gr_cache > 0) {
ndx_gr_cache = num_gr_cache = 0;
- free_response(&getgrent_response);
+ winbindd_free_response(&getgrent_response);
}
- ret = winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
+ ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
nss_err_str(ret), ret);
/* Else call winbindd to get a bunch of entries */
if (num_gr_cache > 0) {
- free_response(&getgrent_response);
+ winbindd_free_response(&getgrent_response);
}
ZERO_STRUCT(request);
request.data.num_entries = MAX_GETGRENT_USERS;
- ret = winbindd_request(cmd, &request,
+ ret = winbindd_request_response(cmd, &request,
&getgrent_response);
if (ret == NSS_STATUS_SUCCESS) {
/* Out of memory - try again */
if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = True;
+ called_again = true;
*errnop = errno = ERANGE;
goto done;
}
*errnop = 0;
- called_again = False;
+ called_again = false;
ndx_gr_cache++;
/* If we've finished with this lot of results free cache */
if (ndx_gr_cache == num_gr_cache) {
ndx_gr_cache = num_gr_cache = 0;
- free_response(&getgrent_response);
+ winbindd_free_response(&getgrent_response);
}
}
done:
}
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrent_r(struct group *result,
+NSS_STATUS
+_nss_winbind_getgrent_r(struct group *result,
char *buffer, size_t buflen, int *errnop)
{
return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
}
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result,
+NSS_STATUS
+_nss_winbind_getgrlst_r(struct group *result,
char *buffer, size_t buflen, int *errnop)
{
return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
/* Return group struct from group name */
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
+NSS_STATUS
+_nss_winbind_getgrnam_r(const char *name,
struct group *result, char *buffer,
size_t buflen, int *errnop)
{
request.data.groupname
[sizeof(request.data.groupname) - 1] = '\0';
- ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_grent(result, &response.data.gr,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
&buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
- keep_response = False;
+ keep_response = false;
*errnop = 0;
}
- free_response(&response);
+ winbindd_free_response(&response);
done:
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
/* Return group struct from gid */
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
+NSS_STATUS
+_nss_winbind_getgrgid_r(gid_t gid,
struct group *result, char *buffer,
size_t buflen, int *errnop)
{
request.data.gid = gid;
- ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
&buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = True;
+ keep_response = true;
*errnop = errno = ERANGE;
goto done;
}
- keep_response = False;
+ keep_response = false;
*errnop = 0;
}
- free_response(&response);
+ winbindd_free_response(&response);
done:
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
/* Initialise supplementary groups */
-_PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group,
- long int *start, long int *size, gid_t **groups,
- long int limit, int *errnop)
+NSS_STATUS
+_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
+ long int *size, gid_t **groups, long int limit,
+ int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
strncpy(request.data.username, user,
sizeof(request.data.username) - 1);
- ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
int num_gids = response.data.num_entries;
/* return a list of group SIDs for a user SID */
-_PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid,
- char **group_sids, int *num_groups,
- char *buffer, size_t buf_size, int *errnop)
+NSS_STATUS
+_nss_winbind_getusersids(const char *user_sid, char **group_sids,
+ int *num_groups,
+ char *buffer, size_t buf_size, int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
- ret = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
goto done;
errno = *errnop = 0;
done:
- free_response(&response);
+ winbindd_free_response(&response);
return ret;
}
/* map a user or group name to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid,
- char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
+ size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
sizeof(request.data.name.name) - 1);
request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
- ret = winbindd_request(WINBINDD_LOOKUPNAME, &request, &response);
+ ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
*errnop = errno = 0;
*sid = buffer;
- strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+ strcpy(*sid, response.data.sid.sid);
failed:
- free_response(&response);
+ winbindd_free_response(&response);
return ret;
}
/* map a sid string to a user or group name */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name,
- char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
+ size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
/* we need to fetch the separator first time through */
if (!sep_char) {
- ret = winbindd_request(WINBINDD_INFO, &request, &response);
+ ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
sep_char = response.data.info.winbind_separator;
- free_response(&response);
+ winbindd_free_response(&response);
}
sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
- ret = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
*errnop = errno = 0;
failed:
- free_response(&response);
+ winbindd_free_response(&response);
return ret;
}
/* map a sid to a uid */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid,
- int *errnop)
+NSS_STATUS
+_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
- ret = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
/* map a sid to a gid */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid,
- int *errnop)
+NSS_STATUS
+_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
- ret = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
/* map a uid to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
+NSS_STATUS
+_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
request.data.uid = uid;
- ret = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
*errnop = errno = 0;
*sid = buffer;
- strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+ strcpy(*sid, response.data.sid.sid);
failed:
- free_response(&response);
+ winbindd_free_response(&response);
return ret;
}
/* map a gid to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
+NSS_STATUS
+_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
request.data.gid = gid;
- ret = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
+ ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
*errnop = errno = 0;
*sid = buffer;
- strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+ strcpy(*sid, response.data.sid.sid);
failed:
- free_response(&response);
+ winbindd_free_response(&response);
return ret;
}
#ifndef _WINBIND_NSS_SOLARIS_H
#define _WINBIND_NSS_SOLARIS_H
+/* Solaris has a broken nss_common header file containing C++ reserved names. */
+#ifndef __cplusplus
+#undef class
+#undef private
+#undef public
+#undef protected
+#undef template
+#undef this
+#undef new
+#undef delete
+#undef friend
+#endif
+
#include <nss_common.h>
+
+#ifndef __cplusplus
+#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#endif
+
#include <nss_dbdefs.h>
#include <nsswitch.h>
products. You do not need to give any attribution.
*/
-
-#ifndef CONST_DISCARD
-#define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr)))
-#endif
-
-#ifndef CONST_ADD
-#define CONST_ADD(type, ptr) ((type) ((const void *) (ptr)))
-#endif
-
#ifndef SAFE_FREE
#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
#endif
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
#endif
+/*
+ * when compiled with socket_wrapper support
+ * the location of the WINBINDD_SOCKET_DIR
+ * can be overwritten via an environment variable
+ */
+#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
+
#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
-
-#ifdef SOCKET_WRAPPER
-#define WINBINDD_SOCKET_DIR_ENV "WINBINDD_SOCKET_DIR"
-#endif
+#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
/* Update this when you change the interface. */
-#define WINBIND_INTERFACE_VERSION 18
+#define WINBIND_INTERFACE_VERSION 19
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
The easiest way to do this is to always use 8byte values for time_t. */
-#if defined(int64)
-# define SMB_TIME_T int64
-#else
-# define SMB_TIME_T time_t
-#endif
+#define SMB_TIME_T int64_t
/* Socket commands */
/* Lookup functions */
- WINBINDD_SID_TO_UID,
+ WINBINDD_SID_TO_UID,
WINBINDD_SID_TO_GID,
WINBINDD_SIDS_TO_XIDS,
WINBINDD_UID_TO_SID,
WINBINDD_DOMAIN_INFO, /* Most of what we know from
struct winbindd_domain */
WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
+ WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
fstring gr_name;
fstring gr_passwd;
gid_t gr_gid;
- uint32 num_gr_mem;
- uint32 gr_mem_ofs; /* offset to group membership */
+ uint32_t num_gr_mem;
+ uint32_t gr_mem_ofs; /* offset to group membership */
} WINBINDD_GR;
-
-#define WBFLAG_PAM_INFO3_NDR 0x0001
-#define WBFLAG_PAM_INFO3_TEXT 0x0002
-#define WBFLAG_PAM_USER_SESSION_KEY 0x0004
-#define WBFLAG_PAM_LMKEY 0x0008
-#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010
-#define WBFLAG_QUERY_ONLY 0x0020
-#define WBFLAG_PAM_UNIX_NAME 0x0080
-#define WBFLAG_PAM_AFS_TOKEN 0x0100
-#define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200
-
+/* PAM specific request flags */
+#define WBFLAG_PAM_INFO3_NDR 0x00000001
+#define WBFLAG_PAM_INFO3_TEXT 0x00000002
+#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
+#define WBFLAG_PAM_LMKEY 0x00000008
+#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
+#define WBFLAG_PAM_UNIX_NAME 0x00000080
+#define WBFLAG_PAM_AFS_TOKEN 0x00000100
+#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
+#define WBFLAG_PAM_KRB5 0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 /* not used */
+
+/* generic request flags */
+#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
/* This is a flag that can only be sent from parent to child */
-#define WBFLAG_IS_PRIVILEGED 0x0400
+#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
/* Flag to say this is a winbindd internal send - don't recurse. */
-#define WBFLAG_RECURSE 0x0800
+#define WBFLAG_RECURSE 0x00000800
-#define WBFLAG_PAM_KRB5 0x1000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
-#define WBFLAG_PAM_CACHED_LOGIN 0x4000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */
#define WINBINDD_MAX_EXTRA_DATA (128*1024)
******************************************************************************/
struct winbindd_request {
- uint32 length;
+ uint32_t length;
enum winbindd_cmd cmd; /* Winbindd command to execute */
enum winbindd_cmd original_cmd; /* Original Winbindd command
issued to parent process */
pid_t pid; /* pid of calling process */
- uint32 flags; /* flags relavant to a given request */
+ uint32_t wb_flags; /* generic flags */
+ uint32_t flags; /* flags relevant *only* to a given request */
fstring domain_name; /* name of domain for which the request applies */
union {
uid_t uid;
} auth; /* pam_winbind auth module */
struct {
- unsigned char chal[8];
- uint32 logon_parameters;
+ uint8_t chal[8];
+ uint32_t logon_parameters;
fstring user;
fstring domain;
fstring lm_resp;
- uint32 lm_resp_len;
+ uint32_t lm_resp_len;
fstring nt_resp;
- uint32 nt_resp_len;
+ uint32_t nt_resp_len;
fstring workstation;
fstring require_membership_of_sid;
} auth_crap;
struct {
fstring user;
fstring domain;
- unsigned char new_nt_pswd[516];
- uint16 new_nt_pswd_len;
- unsigned char old_nt_hash_enc[16];
- uint16 old_nt_hash_enc_len;
- unsigned char new_lm_pswd[516];
- uint16 new_lm_pswd_len;
- unsigned char old_lm_hash_enc[16];
- uint16 old_lm_hash_enc_len;
+ uint8_t new_nt_pswd[516];
+ uint16_t new_nt_pswd_len;
+ uint8_t old_nt_hash_enc[16];
+ uint16_t old_nt_hash_enc_len;
+ uint8_t new_lm_pswd[516];
+ uint16_t new_lm_pswd_len;
+ uint8_t old_lm_hash_enc[16];
+ uint16_t old_lm_hash_enc_len;
} chng_pswd_auth_crap;/* pam_winbind passwd module */
struct {
fstring user;
fstring dom_name; /* lookupname */
fstring name;
} name;
- uint32 num_entries; /* getpwent, getgrent */
+ uint32_t num_entries; /* getpwent, getgrent */
struct {
fstring username;
fstring groupname;
} dual_sid2id;
struct {
fstring sid;
- uint32 type;
- uint32 id;
+ uint32_t type;
+ uint32_t id;
} dual_idmapset;
bool list_all_domains;
produce an actual challenge response. It merely
succeeds if there are cached credentials available
that could be used. */
- uint32 initial_blob_len; /* blobs in extra_data */
- uint32 challenge_blob_len;
+ uint32_t initial_blob_len; /* blobs in extra_data */
+ uint32_t challenge_blob_len;
} ccache_ntlm_auth;
/* padding -- needed to fix alignment between 32bit and 64bit libs.
SMB_TIME_T padding;
char *data;
} extra_data;
- uint32 extra_len;
+ uint32_t extra_len;
char null_term;
};
/* Header information */
- uint32 length; /* Length of response */
+ uint32_t length; /* Length of response */
enum winbindd_result result; /* Result code */
/* Fixed length return data */
struct winbindd_gr gr;
- uint32 num_entries; /* getpwent, getgrent */
+ uint32_t num_entries; /* getpwent, getgrent */
struct winbindd_sid {
fstring sid; /* lookupname, [ug]id_to_sid */
int type;
} sid;
struct winbindd_name {
fstring dom_name; /* lookupsid */
- fstring name;
+ fstring name;
int type;
} name;
uid_t uid; /* sid_to_uid */
fstring dc_name;
struct auth_reply {
- uint32 nt_status;
+ uint32_t nt_status;
fstring nt_status_string;
fstring error_string;
int pam_error;
char user_session_key[16];
char first_8_lm_hash[8];
fstring krb5ccname;
- uint32 reject_reason;
- uint32 padding;
+ uint32_t reject_reason;
+ uint32_t padding;
struct policy_settings {
- uint32 min_length_password;
- uint32 password_history;
- uint32 password_properties;
- uint32 padding;
+ uint32_t min_length_password;
+ uint32_t password_history;
+ uint32_t password_properties;
+ uint32_t padding;
SMB_TIME_T expire;
SMB_TIME_T min_passwordage;
} policy;
SMB_TIME_T pass_last_set_time;
SMB_TIME_T pass_can_change_time;
SMB_TIME_T pass_must_change_time;
- uint32 logon_count;
- uint32 bad_pw_count;
- uint32 user_rid;
- uint32 group_rid;
- uint32 num_groups;
- uint32 user_flgs;
- uint32 acct_flags;
- uint32 num_other_sids;
+ uint32_t logon_count;
+ uint32_t bad_pw_count;
+ uint32_t user_rid;
+ uint32_t group_rid;
+ uint32_t num_groups;
+ uint32_t user_flgs;
+ uint32_t acct_flags;
+ uint32_t num_other_sids;
fstring dom_sid;
fstring user_name;
fstring full_name;
bool native_mode;
bool active_directory;
bool primary;
- uint32 sequence_number;
+ uint32_t sequence_number;
} domain_info;
struct {
fstring acct_name;
fstring full_name;
fstring homedir;
fstring shell;
- uint32 primary_gid;
- uint32 group_rid;
+ uint32_t primary_gid;
+ uint32_t group_rid;
} user_info;
struct {
- uint32 auth_blob_len; /* blob in extra_data */
+ uint32_t auth_blob_len; /* blob in extra_data */
} ccache_ntlm_auth;
} data;
uid_t uid;
int ref_count;
size_t len;
- unsigned char *nt_hash; /* Base pointer for the following 2 */
- unsigned char *lm_hash;
+ uint8_t *nt_hash; /* Base pointer for the following 2 */
+ uint8_t *lm_hash;
char *pass;
};