case "$host_os" in
*linux*)
SMB_LIBRARY(nss_winbind,
- [nsswitch/winbind_nss_linux.o],
+ [../nsswitch/winbind_nss_linux.o],
[LIBWINBIND-CLIENT])
;;
*)
;;
esac
-
#################################
wbinfo_OBJ_FILES = \
- $(nsswitchsrcdir)/wbinfo.o
+ $(nsswitchsrcdir)/wbinfo4.o
-/*
+/*
Unix SMB/CIFS implementation.
nss tester for winbindd
Copyright (C) Andrew Tridgell 2001
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
{
last_error = status;
total_errors++;
- printf("ERROR %s: NSS_STATUS=%d %d (nss_errno=%d)\n",
+ printf("ERROR %s: NSS_STATUS=%d %d (nss_errno=%d)\n",
who, status, NSS_STATUS_SUCCESS, nss_errno);
}
static struct passwd *nss_getpwent(void)
{
- NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
+ NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
size_t , int *) = find_fn("getpwent_r");
static struct passwd pwd;
static char buf[1000];
static struct passwd *nss_getpwnam(const char *name)
{
- NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *,
+ NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *,
size_t , int *) = find_fn("getpwnam_r");
static struct passwd pwd;
static char buf[1000];
NSS_STATUS status;
-
+
status = _nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &nss_errno);
if (status == NSS_STATUS_NOTFOUND) {
return NULL;
static struct passwd *nss_getpwuid(uid_t uid)
{
- NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *,
+ NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *,
size_t , int *) = find_fn("getpwuid_r");
static struct passwd pwd;
static char buf[1000];
NSS_STATUS status;
-
+
status = _nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &nss_errno);
if (status == NSS_STATUS_NOTFOUND) {
return NULL;
static struct group *nss_getgrent(void)
{
- NSS_STATUS (*_nss_getgrent_r)(struct group *, char *,
+ NSS_STATUS (*_nss_getgrent_r)(struct group *, char *,
size_t , int *) = find_fn("getgrent_r");
static struct group grp;
static char *buf;
if (!buf) buf = malloc_array_p(char, buflen);
-again:
+again:
status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
static struct group *nss_getgrnam(const char *name)
{
- NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *,
+ NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *,
size_t , int *) = find_fn("getgrnam_r");
static struct group grp;
static char *buf;
NSS_STATUS status;
if (!buf) buf = malloc_array_p(char, buflen);
-again:
+again:
status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
static struct group *nss_getgrgid(gid_t gid)
{
- NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *,
+ NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *,
size_t , int *) = find_fn("getgrgid_r");
static struct group grp;
static char *buf;
static int buflen = 1000;
NSS_STATUS status;
-
+
if (!buf) buf = malloc_array_p(char, buflen);
-again:
+again:
status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *start, long int *size)
{
NSS_STATUS (*_nss_initgroups)(char *, gid_t , long int *,
- long int *, gid_t **, long int , int *) =
+ long int *, gid_t **, long int , int *) =
find_fn("initgroups_dyn");
NSS_STATUS status;
static void print_passwd(struct passwd *pwd)
{
- printf("%s:%s:%d:%d:%s:%s:%s\n",
+ printf("%s:%s:%d:%d:%s:%s:%s\n",
pwd->pw_name,
pwd->pw_passwd,
pwd->pw_uid,
static void print_group(struct group *grp)
{
int i;
- printf("%s:%s:%d: ",
+ printf("%s:%s:%d: ",
grp->gr_name,
grp->gr_passwd,
grp->gr_gid);
-
+
if (!grp->gr_mem[0]) {
printf("\n");
return;
}
-
+
for (i=0; grp->gr_mem[i+1]; i++) {
printf("%s, ", grp->gr_mem[i]);
}
}
int main(int argc, char *argv[])
-{
+{
if (argc > 1) so_path = argv[1];
if (argc > 2) nss_name = argv[2];
-/*
+/*
Unix SMB/CIFS implementation.
nss includes for the nss tester
Copyright (C) Kai Blin 2007
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifdef HAVE_NSS_COMMON_H
-/*
+/*
* Sun Solaris
*/
case "$host_os" in
- *linux*)
+ *linux*)
SMB_ENABLE(nsstest,YES)
;;
*)
SMB_ENABLE(nsstest,NO)
;;
esac
-
testit "wbinfo --separator against $TARGET" $wbinfo --separator || failed=`expr $failed + 1`
exit $failed
-
-/*
+/*
Unix SMB/CIFS implementation.
Winbind status program.
Copyright (C) Tim Potter 2000-2003
Copyright (C) Andrew Bartlett 2002-2007
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "dynconfig/dynconfig.h"
#include "param/param.h"
+#ifndef fstrcpy
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#endif
+
extern int winbindd_fd;
static char winbind_separator_int(bool strict)
/* HACK: (this module should not call lp_ funtions) */
sep = *lp_winbind_separator(cmdline_lp_ctx);
}
-
+
return sep;
}
if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
NSS_STATUS_SUCCESS) {
d_fprintf(stderr, "could not obtain winbind domain name!\n");
-
+
/* HACK: (this module should not call lp_ funtions) */
return lp_workgroup(cmdline_lp_ctx);
}
/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
form DOMAIN/user into a domain and a user */
-static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
+static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
fstring user)
{
fstrcpy(domain, get_winbind_domain());
return true;
}
-
+
fstrcpy(user, p+1);
fstrcpy(domain, domuser);
domain[PTR_DIFF(p, domuser)] = 0;
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
-
+
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* Send request */
-
+
fstrcpy(request.data.username, user);
result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
-
+
if (result != NSS_STATUS_SUCCESS)
return false;
-
+
d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
response.data.pw.pw_name,
response.data.pw.pw_passwd,
response.data.pw.pw_gecos,
response.data.pw.pw_dir,
response.data.pw.pw_shell );
-
+
return true;
}
if ( result != NSS_STATUS_SUCCESS)
return false;
- d_printf( "%s:%s:%d\n",
+ d_printf( "%s:%s:%d\n",
response.data.gr.gr_name,
response.data.gr.gr_passwd,
response.data.gr.gr_gid );
-
+
return true;
}
struct winbindd_response response;
NSS_STATUS result;
int i;
-
+
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (response.data.num_entries != 0)
printf("%s", (char *)response.extra_data.data);
-
+
SAFE_FREE(response.extra_data.data);
return true;
ZERO_STRUCT(response);
result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
-
- d_printf("checking the trust secret via RPC calls %s\n",
+
+ d_printf("checking the trust secret via RPC calls %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
- if (result != NSS_STATUS_SUCCESS)
- d_fprintf(stderr, "error code was %s (0x%x)\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status);
-
- return result == NSS_STATUS_SUCCESS;
+ if (result != NSS_STATUS_SUCCESS)
+ d_fprintf(stderr, "error code was %s (0x%x)\n",
+ response.data.auth.nt_status_string,
+ response.data.auth.nt_status);
+
+ return result == NSS_STATUS_SUCCESS;
}
/* Convert uid to sid */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- parse_wbinfo_domain_user(name, request.data.name.dom_name,
+ parse_wbinfo_domain_user(name, request.data.name.dom_name,
request.data.name.name);
if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
/* Display response */
- d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
+ d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
+ d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+ response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
/* Display response */
- d_printf("plaintext password authentication %s\n",
+ d_printf("plaintext password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
+ d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+ response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
*p = 0;
fstrcpy(pass, p + 1);
}
-
+
parse_wbinfo_domain_user(username, name_domain, name_user);
request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
fstrcpy(request.data.auth_crap.user, name_user);
- fstrcpy(request.data.auth_crap.domain,
+ fstrcpy(request.data.auth_crap.domain,
name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8);
-
+
if (lp_client_ntlmv2_auth(lp_ctx)) {
DATA_BLOB server_chal;
- DATA_BLOB names_blob;
+ DATA_BLOB names_blob;
DATA_BLOB lm_response;
DATA_BLOB nt_response;
return false;
}
- server_chal = data_blob(request.data.auth_crap.chal, 8);
-
+ server_chal = data_blob(request.data.auth_crap.chal, 8);
+
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
-
- if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
+
+ if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
&names_blob,
&lm_response, &nt_response, NULL, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&names_blob);
data_blob_free(&server_chal);
- memcpy(request.data.auth_crap.nt_resp, nt_response.data,
- MIN(nt_response.length,
+ memcpy(request.data.auth_crap.nt_resp, nt_response.data,
+ MIN(nt_response.length,
sizeof(request.data.auth_crap.nt_resp)));
request.data.auth_crap.nt_resp_len = nt_response.length;
- memcpy(request.data.auth_crap.lm_resp, lm_response.data,
- MIN(lm_response.length,
+ memcpy(request.data.auth_crap.lm_resp, lm_response.data,
+ MIN(lm_response.length,
sizeof(request.data.auth_crap.lm_resp)));
request.data.auth_crap.lm_resp_len = lm_response.length;
-
+
data_blob_free(&nt_response);
data_blob_free(&lm_response);
} else {
- if (lp_client_lanman_auth(lp_ctx)
- && SMBencrypt(pass, request.data.auth_crap.chal,
+ if (lp_client_lanman_auth(lp_ctx)
+ && SMBencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.lm_resp)) {
request.data.auth_crap.lm_resp_len = 24;
} else {
/* Display response */
- d_printf("challenge/response password authentication %s\n",
+ d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
+ d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
+ response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
ZERO_STRUCT(request);
ZERO_STRUCT(response);
-
+
if (domain) {
/* '.' is the special sign for our own domain */
if ( strequal(domain, ".") )
while(next_token(&extra_data, name, ",", sizeof(fstring)))
d_printf("%s\n", name);
-
+
SAFE_FREE(response.extra_data.data);
return true;
d_printf("%s\n", name);
SAFE_FREE(response.extra_data.data);
-
+
return true;
}
/* Display response */
- d_printf("Ping to winbindd %s on fd %d\n",
+ d_printf("Ping to winbindd %s on fd %d\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
return result == NSS_STATUS_SUCCESS;
struct poptOption long_options[] = {
POPT_AUTOHELP
- /* longName, shortName, argInfo, argPtr, value, descrip,
+ /* longName, shortName, argInfo, argPtr, value, descrip,
argDesc */
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
{ "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
- { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
+ { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
"Get a DC name for a foreign domain", "domainname" },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
poptFreeContext(pc);
- pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
+ pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
while((opt = poptGetNextOpt(pc)) != -1) {
break;
case 'r':
if (!wbinfo_get_usergroups(string_arg)) {
- d_fprintf(stderr, "Could not get groups for user %s\n",
+ d_fprintf(stderr, "Could not get groups for user %s\n",
string_arg);
goto done;
}
break;
case OPT_USERSIDS:
if (!wbinfo_get_usersids(string_arg)) {
- d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
+ d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
string_arg);
goto done;
}
m4_include(../lib/popt/samba.m4)
m4_include(../lib/util/charset/config.m4)
m4_include(lib/socket/config.m4)
-m4_include(nsswitch/nsstest.m4)
+m4_include(../nsswitch/nsstest.m4)
m4_include(../pidl/config.m4)
AC_ZLIB([
SMB_EXT_LIB(ZLIB, [${ZLIB_LIBS}])
m4_include(auth/config.m4)
m4_include(kdc/config.m4)
m4_include(ntvfs/sysdep/config.m4)
-m4_include(nsswitch/config.m4)
+m4_include(../nsswitch/config.m4)
dnl Samba 4 files
AC_SUBST(LD)
clustersrcdir := $(samba4srcdir)/cluster
libnetsrcdir := $(samba4srcdir)/libnet
authsrcdir := $(samba4srcdir)/auth
-nsswitchsrcdir := $(samba4srcdir)/nsswitch
+nsswitchsrcdir := $(samba4srcdir)/../nsswitch
libsrcdir := $(samba4srcdir)/lib
libsocketsrcdir := $(samba4srcdir)/lib/socket
libcharsetsrcdir := $(samba4srcdir)/../lib/util/charset
pythonmods:: $(PYTHON_PYS) $(PYTHON_SO)
-all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 pythonmods setup
+all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 bin/wbinfo4 pythonmods setup
torture:: bin/smbtorture4
everything:: $(patsubst %,%4,$(BINARIES))
setup:
clustersrcdir := cluster
libnetsrcdir := libnet
authsrcdir := auth
-nsswitchsrcdir := nsswitch
+nsswitchsrcdir := ../nsswitch
libsrcdir := lib
libsocketsrcdir := lib/socket
libcharsetsrcdir := ../lib/util/charset
],[
SMB_INCLUDE_MK(lib/zlib.mk)
])
-m4_include(nsswitch/nsstest.m4)
+m4_include(../nsswitch/nsstest.m4)
m4_include(../pidl/config.m4)
AC_CONFIG_FILES(lib/registry/registry.pc)
m4_include(auth/config.m4)
m4_include(kdc/config.m4)
m4_include(ntvfs/sysdep/config.m4)
-m4_include(nsswitch/config.m4)
+m4_include(../nsswitch/config.m4)
#################################################
# add *_CFLAGS only for the real build
mkinclude smbd/process_model.mk
mkinclude libnet/config.mk
mkinclude auth/config.mk
-mkinclude nsswitch/config.mk
+mkinclude ../nsswitch/config.mk
mkinclude lib/samba3/config.mk
mkinclude lib/socket/config.mk
mkinclude ../lib/util/charset/config.mk
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- winbind client common code
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Andrew Tridgell 2000
- Copyright (C) Andrew Bartlett 2002
-
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "winbind_client.h"
-
-/* Global variables. These are effectively the client state information */
-
-int winbindd_fd = -1; /* fd for winbindd socket */
-static int is_privileged = 0;
-
-/* Free a response structure */
-
-void winbindd_free_response(struct winbindd_response *response)
-{
- /* Free any allocated extra_data */
-
- if (response)
- SAFE_FREE(response->extra_data.data);
-}
-
-/* Initialise a request structure */
-
-void winbindd_init_request(struct winbindd_request *request, int request_type)
-{
- request->length = sizeof(struct winbindd_request);
-
- request->cmd = (enum winbindd_cmd)request_type;
- request->pid = getpid();
-
-}
-
-/* Initialise a response structure */
-
-static void init_response(struct winbindd_response *response)
-{
- /* Initialise return value */
-
- response->result = WINBINDD_ERROR;
-}
-
-/* Close established socket */
-
-void winbind_close_sock(void)
-{
- if (winbindd_fd != -1) {
- close(winbindd_fd);
- winbindd_fd = -1;
- }
-}
-
-#define CONNECT_TIMEOUT 30
-
-/* Make sure socket handle isn't stdin, stdout or stderr */
-#define RECURSION_LIMIT 3
-
-static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
-{
- int new_fd;
- if (fd >= 0 && fd <= 2) {
-#ifdef F_DUPFD
- if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
- return -1;
- }
- /* Paranoia */
- if (new_fd < 3) {
- close(new_fd);
- return -1;
- }
- close(fd);
- return new_fd;
-#else
- if (limit <= 0)
- return -1;
-
- new_fd = dup(fd);
- if (new_fd == -1)
- return -1;
-
- /* use the program stack to hold our list of FDs to close */
- new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
- close(fd);
- return new_fd;
-#endif
- }
- return fd;
-}
-
-/****************************************************************************
- Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
- else
- if SYSV use O_NDELAY
- if BSD use FNDELAY
- Set close on exec also.
-****************************************************************************/
-
-static int make_safe_fd(int fd)
-{
- int result, flags;
- int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
- if (new_fd == -1) {
- close(fd);
- return -1;
- }
-
- /* Socket should be nonblocking. */
-#ifdef O_NONBLOCK
-#define FLAG_TO_SET O_NONBLOCK
-#else
-#ifdef SYSV
-#define FLAG_TO_SET O_NDELAY
-#else /* BSD */
-#define FLAG_TO_SET FNDELAY
-#endif
-#endif
-
- if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
- close(new_fd);
- return -1;
- }
-
- flags |= FLAG_TO_SET;
- if (fcntl(new_fd, F_SETFL, flags) == -1) {
- close(new_fd);
- return -1;
- }
-
-#undef FLAG_TO_SET
-
- /* Socket should be closed on exec() */
-#ifdef FD_CLOEXEC
- result = flags = fcntl(new_fd, F_GETFD, 0);
- if (flags >= 0) {
- flags |= FD_CLOEXEC;
- result = fcntl( new_fd, F_SETFD, flags );
- }
- if (result < 0) {
- close(new_fd);
- return -1;
- }
-#endif
- return new_fd;
-}
-
-/* Connect to winbindd socket */
-
-static int winbind_named_pipe_sock(const char *dir)
-{
- struct sockaddr_un sunaddr;
- struct stat st;
- char *path;
- int fd;
- int wait_time;
- int slept;
-
- /* Check permissions on unix socket directory */
-
- if (lstat(dir, &st) == -1) {
- return -1;
- }
-
- if (!S_ISDIR(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
- return -1;
- }
-
- /* Connect to socket */
-
- asprintf(&path, "%s/%s", dir, WINBINDD_SOCKET_NAME);
-
- ZERO_STRUCT(sunaddr);
- sunaddr.sun_family = AF_UNIX;
- strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
- SAFE_FREE(path);
-
- /* If socket file doesn't exist, don't bother trying to connect
- with retry. This is an attempt to make the system usable when
- the winbindd daemon is not running. */
-
- if (lstat(sunaddr.sun_path, &st) == -1) {
- return -1;
- }
-
- /* Check permissions on unix socket file */
-
- if (!S_ISSOCK(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
- return -1;
- }
-
- /* Connect to socket */
-
- if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
- return -1;
- }
-
- /* Set socket non-blocking and close on exec. */
-
- if ((fd = make_safe_fd( fd)) == -1) {
- return fd;
- }
-
- for (wait_time = 0; connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1;
- wait_time += slept) {
- struct timeval tv;
- fd_set w_fds;
- int ret;
- int connect_errno = 0;
- socklen_t errnosize;
-
- if (wait_time >= CONNECT_TIMEOUT)
- goto error_out;
-
- switch (errno) {
- case EINPROGRESS:
- FD_ZERO(&w_fds);
- FD_SET(fd, &w_fds);
- tv.tv_sec = CONNECT_TIMEOUT - wait_time;
- tv.tv_usec = 0;
-
- ret = select(fd + 1, NULL, &w_fds, NULL, &tv);
-
- if (ret > 0) {
- errnosize = sizeof(connect_errno);
-
- ret = getsockopt(fd, SOL_SOCKET,
- SO_ERROR, &connect_errno, &errnosize);
-
- if (ret >= 0 && connect_errno == 0) {
- /* Connect succeed */
- goto out;
- }
- }
-
- slept = CONNECT_TIMEOUT;
- break;
- case EAGAIN:
- slept = rand() % 3 + 1;
- sleep(slept);
- break;
- default:
- goto error_out;
- }
-
- }
-
- out:
-
- return fd;
-
- error_out:
-
- close(fd);
- return -1;
-}
-
-static const char *winbindd_socket_dir(void)
-{
-#ifdef SOCKET_WRAPPER
- const char *env_dir;
-
- env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
- if (env_dir) {
- return env_dir;
- }
-#endif
-
- return WINBINDD_SOCKET_DIR;
-}
-
-/* Connect to winbindd socket */
-
-static int winbind_open_pipe_sock(int recursing, int need_priv)
-{
-#ifdef HAVE_UNIXSOCKET
- static pid_t our_pid;
- struct winbindd_request request;
- struct winbindd_response response;
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if (our_pid != getpid()) {
- winbind_close_sock();
- our_pid = getpid();
- }
-
- if ((need_priv != 0) && (is_privileged == 0)) {
- winbind_close_sock();
- }
-
- if (winbindd_fd != -1) {
- return winbindd_fd;
- }
-
- if (recursing) {
- return -1;
- }
-
- if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
- return -1;
- }
-
- is_privileged = 0;
-
- /* version-check the socket */
-
- request.wb_flags = WBFLAG_RECURSE;
- if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
- winbind_close_sock();
- return -1;
- }
-
- /* try and get priv pipe */
-
- request.wb_flags = WBFLAG_RECURSE;
- if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
- int fd;
- if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
- close(winbindd_fd);
- winbindd_fd = fd;
- is_privileged = 1;
- }
- }
-
- if ((need_priv != 0) && (is_privileged == 0)) {
- return -1;
- }
-
- SAFE_FREE(response.extra_data.data);
-
- return winbindd_fd;
-#else
- return -1;
-#endif /* HAVE_UNIXSOCKET */
-}
-
-/* Write data to winbindd socket */
-
-int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
-{
- int result, nwritten;
-
- /* Open connection to winbind daemon */
-
- restart:
-
- if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
- return -1;
- }
-
- /* Write data to socket */
-
- nwritten = 0;
-
- while(nwritten < count) {
- struct timeval tv;
- fd_set r_fds;
-
- /* Catch pipe close on other end by checking if a read()
- call would not block by calling select(). */
-
- FD_ZERO(&r_fds);
- FD_SET(winbindd_fd, &r_fds);
- ZERO_STRUCT(tv);
-
- if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
- winbind_close_sock();
- return -1; /* Select error */
- }
-
- /* Write should be OK if fd not available for reading */
-
- if (!FD_ISSET(winbindd_fd, &r_fds)) {
-
- /* Do the write */
-
- result = write(winbindd_fd,
- (char *)buffer + nwritten,
- count - nwritten);
-
- if ((result == -1) || (result == 0)) {
-
- /* Write failed */
-
- winbind_close_sock();
- return -1;
- }
-
- nwritten += result;
-
- } else {
-
- /* Pipe has closed on remote end */
-
- winbind_close_sock();
- goto restart;
- }
- }
-
- return nwritten;
-}
-
-/* Read data from winbindd socket */
-
-int winbind_read_sock(void *buffer, int count)
-{
- int nread = 0;
- int total_time = 0, selret;
-
- if (winbindd_fd == -1) {
- return -1;
- }
-
- /* Read data from socket */
- while(nread < count) {
- struct timeval tv;
- fd_set r_fds;
-
- /* Catch pipe close on other end by checking if a read()
- call would not block by calling select(). */
-
- FD_ZERO(&r_fds);
- FD_SET(winbindd_fd, &r_fds);
- ZERO_STRUCT(tv);
- /* Wait for 5 seconds for a reply. May need to parameterise this... */
- tv.tv_sec = 5;
-
- if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
- winbind_close_sock();
- return -1; /* Select error */
- }
-
- if (selret == 0) {
- /* Not ready for read yet... */
- if (total_time >= 30) {
- /* Timeout */
- winbind_close_sock();
- return -1;
- }
- total_time += 5;
- continue;
- }
-
- if (FD_ISSET(winbindd_fd, &r_fds)) {
-
- /* Do the Read */
-
- int result = read(winbindd_fd, (char *)buffer + nread,
- count - nread);
-
- if ((result == -1) || (result == 0)) {
-
- /* Read failed. I think the only useful thing we
- can do here is just return -1 and fail since the
- transaction has failed half way through. */
-
- winbind_close_sock();
- return -1;
- }
-
- nread += result;
-
- }
- }
-
- return nread;
-}
-
-/* Read reply */
-
-int winbindd_read_reply(struct winbindd_response *response)
-{
- int result1, result2 = 0;
-
- if (!response) {
- return -1;
- }
-
- /* Read fixed length response */
-
- result1 = winbind_read_sock(response,
- sizeof(struct winbindd_response));
- if (result1 == -1) {
- return -1;
- }
-
- /* We actually send the pointer value of the extra_data field from
- the server. This has no meaning in the client's address space
- so we clear it out. */
-
- response->extra_data.data = NULL;
-
- /* Read variable length response */
-
- if (response->length > sizeof(struct winbindd_response)) {
- int extra_data_len = response->length -
- sizeof(struct winbindd_response);
-
- /* Mallocate memory for extra data */
-
- if (!(response->extra_data.data = malloc(extra_data_len))) {
- return -1;
- }
-
- result2 = winbind_read_sock(response->extra_data.data,
- extra_data_len);
- if (result2 == -1) {
- winbindd_free_response(response);
- return -1;
- }
- }
-
- /* Return total amount of data read */
-
- return result1 + result2;
-}
-
-bool winbind_env_set(void)
-{
- char *env;
-
- if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
- if(strcmp(env, "1") == 0) {
- return true;
- }
- }
- return false;
-}
-
-/*
- * send simple types of requests
- */
-
-NSS_STATUS winbindd_send_request(int req_type, int need_priv,
- struct winbindd_request *request)
-{
- struct winbindd_request lrequest;
-
- /* Check for our tricky environment variable */
-
- if (winbind_env_set()) {
- return NSS_STATUS_NOTFOUND;
- }
-
- if (!request) {
- ZERO_STRUCT(lrequest);
- request = &lrequest;
- }
-
- /* Fill in request and send down pipe */
-
- winbindd_init_request(request, req_type);
-
- if (winbind_write_sock(request, sizeof(*request),
- request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1) {
- return NSS_STATUS_UNAVAIL;
- }
-
- if ((request->extra_len != 0) &&
- (winbind_write_sock(request->extra_data.data,
- request->extra_len,
- request->wb_flags & WBFLAG_RECURSE,
- need_priv) == -1)) {
- return NSS_STATUS_UNAVAIL;
- }
-
- return NSS_STATUS_SUCCESS;
-}
-
-/*
- * Get results from winbindd request
- */
-
-NSS_STATUS winbindd_get_response(struct winbindd_response *response)
-{
- struct winbindd_response lresponse;
-
- if (!response) {
- ZERO_STRUCT(lresponse);
- response = &lresponse;
- }
-
- init_response(response);
-
- /* Wait for reply */
- if (winbindd_read_reply(response) == -1) {
- return NSS_STATUS_UNAVAIL;
- }
-
- /* Throw away extra data if client didn't request it */
- if (response == &lresponse) {
- winbindd_free_response(response);
- }
-
- /* Copy reply data from socket */
- if (response->result != WINBINDD_OK) {
- return NSS_STATUS_NOTFOUND;
- }
-
- return NSS_STATUS_SUCCESS;
-}
-
-/* Handle simple types of requests */
-
-NSS_STATUS winbindd_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response)
-{
- NSS_STATUS status = NSS_STATUS_UNAVAIL;
- int count = 0;
-
- while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
- status = winbindd_send_request(req_type, 0, request);
- if (status != NSS_STATUS_SUCCESS)
- return(status);
- status = winbindd_get_response(response);
- count += 1;
- }
-
- return status;
-}
-
-NSS_STATUS winbindd_priv_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response)
-{
- NSS_STATUS status = NSS_STATUS_UNAVAIL;
- int count = 0;
-
- while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
- status = winbindd_send_request(req_type, 1, request);
- if (status != NSS_STATUS_SUCCESS)
- return(status);
- status = winbindd_get_response(response);
- count += 1;
- }
-
- return status;
-}
-
-/*************************************************************************
- A couple of simple functions to disable winbindd lookups and re-
- enable them
- ************************************************************************/
-
-bool winbind_off(void)
-{
- return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
-}
-
-bool winbind_on(void)
-{
- return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
-}
-
-/*************************************************************************
- ************************************************************************/
-
-const char *nss_err_str(NSS_STATUS ret)
-{
- switch (ret) {
- case NSS_STATUS_TRYAGAIN:
- return "NSS_STATUS_TRYAGAIN";
- case NSS_STATUS_SUCCESS:
- return "NSS_STATUS_SUCCESS";
- case NSS_STATUS_NOTFOUND:
- return "NSS_STATUS_NOTFOUND";
- case NSS_STATUS_UNAVAIL:
- return "NSS_STATUS_UNAVAIL";
-#ifdef NSS_STATUS_RETURN
- case NSS_STATUS_RETURN:
- return "NSS_STATUS_RETURN";
-#endif
- default:
- return "UNKNOWN RETURN CODE!!!!!!!";
- }
-}
+++ /dev/null
-#include "winbind_nss_config.h"
-#include "winbind_struct_protocol.h"
-
-void winbindd_init_request(struct winbindd_request *req,int rq_type);
-void winbindd_free_response(struct winbindd_response *response);
-NSS_STATUS winbindd_send_request(int req_type, int need_priv,
- struct winbindd_request *request);
-NSS_STATUS winbindd_get_response(struct winbindd_response *response);
-NSS_STATUS winbindd_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response);
-NSS_STATUS winbindd_priv_request_response(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response);
-int winbindd_read_reply(struct winbindd_response *response);
-
-bool winbind_env_set(void);
-bool winbind_off(void);
-bool winbind_on(void);
-
-int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
-int winbind_read_sock(void *buffer, int count);
-void winbind_close_sock(void);
-
-const char *nss_err_str(NSS_STATUS ret);
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- A common place to work out how to define NSS_STATUS on various
- platforms.
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _NSSWITCH_NSS_H
-#define _NSSWITCH_NSS_H
-
-#ifdef HAVE_NSS_COMMON_H
-
-/*
- * Sun Solaris
- */
-
-#include "nsswitch/winbind_nss_solaris.h"
-
-#elif HAVE_NSS_H
-
-/*
- * Linux (glibc)
- */
-
-#include "nsswitch/winbind_nss_linux.h"
-
-#elif HAVE_NS_API_H
-
-/*
- * SGI IRIX
- */
-
-#include "nsswitch/winbind_nss_irix.h"
-
-#elif defined(HPUX) && defined(HAVE_NSSWITCH_H)
-
-/* HP-UX 11 */
-
-#include "nsswitch/winbind_nss_hpux.h"
-
-#elif defined(__NetBSD__) && defined(HAVE_GETPWENT_R)
-
-/*
- * NetBSD 3 and newer
- */
-
-#include "nsswitch/winbind_nss_netbsd.h"
-
-#else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=0,
- NSS_STATUS_NOTFOUND=1,
- NSS_STATUS_UNAVAIL=2,
- NSS_STATUS_TRYAGAIN=3
-} NSS_STATUS;
-
-#endif
-
-#endif /* _NSSWITCH_NSS_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_CONFIG_H
-#define _WINBIND_NSS_CONFIG_H
-
-/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */
-#ifdef SIZEOF_LONG
-#undef SIZEOF_LONG
-#endif
-
-
-/* Include header files from data in config.h file */
-
-#ifndef NO_CONFIG_H
-#include "../replace/replace.h"
-#endif
-
-#include "system/passwd.h"
-#include "system/filesys.h"
-#include "system/network.h"
-
-#include "nsswitch/winbind_nss.h"
-
-/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
-
-#ifndef S_IFSOCK
-#define S_IFSOCK S_IFIFO
-#endif
-
-#ifndef S_ISSOCK
-#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK)
-#endif
-
-#endif
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Donated by HP to enable Winbindd to build on HPUX 11.x.
- Copyright (C) Jeremy Allison 2002.
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_HPUX_H
-#define _WINBIND_NSS_HPUX_H
-
-#include <nsswitch.h>
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-#ifdef HAVE_SYNCH_H
-#include <synch.h>
-#endif
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-
-typedef enum {
- NSS_SUCCESS,
- NSS_NOTFOUND,
- NSS_UNAVAIL,
- NSS_TRYAGAIN
-} nss_status_t;
-
-typedef nss_status_t NSS_STATUS;
-
-struct nss_backend;
-
-typedef nss_status_t (*nss_backend_op_t)(struct nss_backend *, void *args);
-
-struct nss_backend {
- nss_backend_op_t *ops;
- int n_ops;
-};
-typedef struct nss_backend nss_backend_t;
-typedef int nss_dbop_t;
-
-#include <errno.h>
-#include <netdb.h>
-#include <limits.h>
-
-#ifndef NSS_INCLUDE_UNSAFE
-#define NSS_INCLUDE_UNSAFE 1 /* Build old, MT-unsafe interfaces, */
-#endif /* NSS_INCLUDE_UNSAFE */
-
-enum nss_netgr_argn {
- NSS_NETGR_MACHINE,
- NSS_NETGR_USER,
- NSS_NETGR_DOMAIN,
- NSS_NETGR_N
-};
-
-enum nss_netgr_status {
- NSS_NETGR_FOUND,
- NSS_NETGR_NO,
- NSS_NETGR_NOMEM
-};
-
-typedef unsigned nss_innetgr_argc;
-typedef char **nss_innetgr_argv;
-
-struct nss_innetgr_1arg {
- nss_innetgr_argc argc;
- nss_innetgr_argv argv;
-};
-
-typedef struct {
- void *result; /* "result" parameter to getXbyY_r() */
- char *buffer; /* "buffer" " " */
- int buflen; /* "buflen" " " */
-} nss_XbyY_buf_t;
-
-extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
-extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
-
-union nss_XbyY_key {
- uid_t uid;
- gid_t gid;
- const char *name;
- int number;
- struct {
- long net;
- int type;
- } netaddr;
- struct {
- const char *addr;
- int len;
- int type;
- } hostaddr;
- struct {
- union {
- const char *name;
- int port;
- } serv;
- const char *proto;
- } serv;
- void *ether;
-};
-
-typedef struct nss_XbyY_args {
- nss_XbyY_buf_t buf;
- int stayopen;
- /*
- * Support for setXXXent(stayopen)
- * Used only in hosts, protocols,
- * networks, rpc, and services.
- */
- int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen);
- union nss_XbyY_key key;
-
- void *returnval;
- int erange;
- int h_errno;
- nss_status_t status;
-} nss_XbyY_args_t;
-
-#endif /* _WINBIND_NSS_HPUX_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_IRIX_H
-#define _WINBIND_NSS_IRIX_H
-
-/* following required to prevent warnings of double definition
- * of datum from ns_api.h
-*/
-#ifdef DATUM
-#define _DATUM_DEFINED
-#endif
-
-#include <ns_api.h>
-
-typedef enum
-{
- NSS_STATUS_SUCCESS=NS_SUCCESS,
- NSS_STATUS_NOTFOUND=NS_NOTFOUND,
- NSS_STATUS_UNAVAIL=NS_UNAVAIL,
- NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
-} NSS_STATUS;
-
-#endif /* _WINBIND_NSS_IRIX_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Windows NT Domain nsswitch module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "winbind_client.h"
-
-/* Maximum number of users to pass back over the unix domain socket
- per call. This is not a static limit on the total number of users
- or groups returned in total. */
-
-#define MAX_GETPWENT_USERS 250
-#define MAX_GETGRENT_USERS 250
-
-NSS_STATUS _nss_winbind_setpwent(void);
-NSS_STATUS _nss_winbind_endpwent(void);
-NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_setgrent(void);
-NSS_STATUS _nss_winbind_endgrent(void);
-NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
- char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
- long int *size, gid_t **groups,
- long int limit, int *errnop);
-NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
- int *num_groups, char *buffer, size_t buf_size,
- int *errnop);
-NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
-NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
-NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
- size_t buflen, int *errnop);
-
-/* Prototypes from wb_common.c */
-
-extern int winbindd_fd;
-
-/* Allocate some space from the nss static buffer. The buffer and buflen
- are the pointers passed in by the C library to the _nss_ntdom_*
- functions. */
-
-static char *get_static(char **buffer, size_t *buflen, size_t len)
-{
- char *result;
-
- /* Error check. We return false if things aren't set up right, or
- there isn't enough buffer space left. */
-
- if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
- return NULL;
- }
-
- /* Return an index into the static buffer */
-
- result = *buffer;
- *buffer += len;
- *buflen -= len;
-
- return result;
-}
-
-/* I've copied the strtok() replacement function next_token() from
- lib/util_str.c as I really don't want to have to link in any other
- objects if I can possibly avoid it. */
-
-static bool next_token(char **ptr,char *buff,const char *sep, size_t bufsize)
-{
- char *s;
- bool quoted;
- size_t len=1;
-
- if (!ptr) return false;
-
- s = *ptr;
-
- /* default to simple separators */
- if (!sep) sep = " \t\n\r";
-
- /* find the first non sep char */
- while (*s && strchr(sep,*s)) s++;
-
- /* nothing left? */
- if (! *s) return false;
-
- /* copy over the token */
- for (quoted = false; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
- if (*s == '\"') {
- quoted = !quoted;
- } else {
- len++;
- *buff++ = *s;
- }
- }
-
- *ptr = (*s) ? s+1 : s;
- *buff = 0;
-
- return true;
-}
-
-
-/* Fill a pwent structure from a winbindd_response structure. We use
- the static data passed to us by libc to put strings and stuff in.
- Return NSS_STATUS_TRYAGAIN if we run out of memory. */
-
-static NSS_STATUS fill_pwent(struct passwd *result,
- struct winbindd_pw *pw,
- char **buffer, size_t *buflen)
-{
- /* User name */
-
- if ((result->pw_name =
- get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_name, pw->pw_name);
-
- /* Password */
-
- if ((result->pw_passwd =
- get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_passwd, pw->pw_passwd);
-
- /* [ug]id */
-
- result->pw_uid = pw->pw_uid;
- result->pw_gid = pw->pw_gid;
-
- /* GECOS */
-
- if ((result->pw_gecos =
- get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_gecos, pw->pw_gecos);
-
- /* Home directory */
-
- if ((result->pw_dir =
- get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_dir, pw->pw_dir);
-
- /* Logon shell */
-
- if ((result->pw_shell =
- get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->pw_shell, pw->pw_shell);
-
- /* The struct passwd for Solaris has some extra fields which must
- be initialised or nscd crashes. */
-
-#if HAVE_PASSWD_PW_COMMENT
- result->pw_comment = "";
-#endif
-
-#if HAVE_PASSWD_PW_AGE
- result->pw_age = "";
-#endif
-
- return NSS_STATUS_SUCCESS;
-}
-
-/* Fill a grent structure from a winbindd_response structure. We use
- the static data passed to us by libc to put strings and stuff in.
- Return NSS_STATUS_TRYAGAIN if we run out of memory. */
-
-static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
- char *gr_mem, char **buffer, size_t *buflen)
-{
- fstring name;
- int i;
- char *tst;
-
- /* Group name */
-
- if ((result->gr_name =
- get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->gr_name, gr->gr_name);
-
- /* Password */
-
- if ((result->gr_passwd =
- get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy(result->gr_passwd, gr->gr_passwd);
-
- /* gid */
-
- result->gr_gid = gr->gr_gid;
-
- /* Group membership */
-
- if ((gr->num_gr_mem < 0) || !gr_mem) {
- gr->num_gr_mem = 0;
- }
-
- /* this next value is a pointer to a pointer so let's align it */
-
- /* Calculate number of extra bytes needed to align on pointer size boundry */
- if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
- i = sizeof(char*) - i;
-
- if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
- sizeof(char *)+i))) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
- result->gr_mem = (char **)(tst + i);
-
- if (gr->num_gr_mem == 0) {
-
- /* Group is empty */
-
- *(result->gr_mem) = NULL;
- return NSS_STATUS_SUCCESS;
- }
-
- /* Start looking at extra data */
-
- i = 0;
-
- while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
-
- /* Allocate space for member */
-
- if (((result->gr_mem)[i] =
- get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
-
- /* Out of memory */
-
- return NSS_STATUS_TRYAGAIN;
- }
-
- strcpy((result->gr_mem)[i], name);
- i++;
- }
-
- /* Terminate list */
-
- (result->gr_mem)[i] = NULL;
-
- return NSS_STATUS_SUCCESS;
-}
-
-/*
- * NSS user functions
- */
-
-static struct winbindd_response getpwent_response;
-
-static int ndx_pw_cache; /* Current index into pwd cache */
-static int num_pw_cache; /* Current size of pwd cache */
-
-/* Rewind "file pointer" to start of ntdom password database */
-
-NSS_STATUS
-_nss_winbind_setpwent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setpwent\n", getpid());
-#endif
-
- if (num_pw_cache > 0) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Close ntdom password database "file pointer" */
-
-NSS_STATUS
-_nss_winbind_endpwent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endpwent\n", getpid());
-#endif
-
- if (num_pw_cache > 0) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Fetch the next password entry from ntdom password database */
-
-NSS_STATUS
-_nss_winbind_getpwent_r(struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- static int called_again;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwent\n", getpid());
-#endif
-
- /* Return an entry from the cache if we have one, or if we are
- called again because we exceeded our static buffer. */
-
- if ((ndx_pw_cache < num_pw_cache) || called_again) {
- goto return_result;
- }
-
- /* Else call winbindd to get a bunch of entries */
-
- if (num_pw_cache > 0) {
- winbindd_free_response(&getpwent_response);
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(getpwent_response);
-
- request.data.num_entries = MAX_GETPWENT_USERS;
-
- ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
- &getpwent_response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- struct winbindd_pw *pw_cache;
-
- /* Fill cache */
-
- ndx_pw_cache = 0;
- num_pw_cache = getpwent_response.data.num_entries;
-
- /* Return a result */
-
- return_result:
-
- pw_cache = (struct winbindd_pw *)
- getpwent_response.extra_data.data;
-
- /* Check data is valid */
-
- if (pw_cache == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
- &buffer, &buflen);
-
- /* Out of memory - try again */
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- *errnop = errno = 0;
- called_again = false;
- ndx_pw_cache++;
-
- /* If we've finished with this lot of results free cache */
-
- if (ndx_pw_cache == num_pw_cache) {
- ndx_pw_cache = num_pw_cache = 0;
- winbindd_free_response(&getpwent_response);
- }
- }
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return passwd struct from uid */
-
-NSS_STATUS
-_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response=0;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwuid %d\n", getpid(), (unsigned int)uid);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.uid = uid;
-
- ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_pwent(result, &response.data.pw,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = errno = 0;
- }
-
- winbindd_free_response(&response);
- done:
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
- (unsigned int)uid, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return passwd struct from username */
-NSS_STATUS
-_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- strncpy(request.data.username, name,
- sizeof(request.data.username) - 1);
- request.data.username
- [sizeof(request.data.username) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_pwent(result, &response.data.pw, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = errno = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
- name, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/*
- * NSS group functions
- */
-
-static struct winbindd_response getgrent_response;
-
-static int ndx_gr_cache; /* Current index into grp cache */
-static int num_gr_cache; /* Current size of grp cache */
-
-/* Rewind "file pointer" to start of ntdom group database */
-
-NSS_STATUS
-_nss_winbind_setgrent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setgrent\n", getpid());
-#endif
-
- if (num_gr_cache > 0) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Close "file pointer" for ntdom group database */
-
-NSS_STATUS
-_nss_winbind_endgrent(void)
-{
- NSS_STATUS ret;
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endgrent\n", getpid());
-#endif
-
- if (num_gr_cache > 0) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
-
- ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Get next entry from ntdom group database */
-
-static NSS_STATUS
-winbind_getgrent(enum winbindd_cmd cmd,
- struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_request request;
- static int called_again;
-
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrent\n", getpid());
-#endif
-
- /* Return an entry from the cache if we have one, or if we are
- called again because we exceeded our static buffer. */
-
- if ((ndx_gr_cache < num_gr_cache) || called_again) {
- goto return_result;
- }
-
- /* Else call winbindd to get a bunch of entries */
-
- if (num_gr_cache > 0) {
- winbindd_free_response(&getgrent_response);
- }
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(getgrent_response);
-
- request.data.num_entries = MAX_GETGRENT_USERS;
-
- ret = winbindd_request_response(cmd, &request,
- &getgrent_response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- struct winbindd_gr *gr_cache;
- int mem_ofs;
-
- /* Fill cache */
-
- ndx_gr_cache = 0;
- num_gr_cache = getgrent_response.data.num_entries;
-
- /* Return a result */
-
- return_result:
-
- gr_cache = (struct winbindd_gr *)
- getgrent_response.extra_data.data;
-
- /* Check data is valid */
-
- if (gr_cache == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- /* Fill group membership. The offset into the extra data
- for the group membership is the reported offset plus the
- size of all the winbindd_gr records returned. */
-
- mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
- num_gr_cache * sizeof(struct winbindd_gr);
-
- ret = fill_grent(result, &gr_cache[ndx_gr_cache],
- ((char *)getgrent_response.extra_data.data)+mem_ofs,
- &buffer, &buflen);
-
- /* Out of memory - try again */
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- called_again = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- *errnop = 0;
- called_again = false;
- ndx_gr_cache++;
-
- /* If we've finished with this lot of results free cache */
-
- if (ndx_gr_cache == num_gr_cache) {
- ndx_gr_cache = num_gr_cache = 0;
- winbindd_free_response(&getgrent_response);
- }
- }
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrent returns %s (%d)\n", getpid(),
- nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-
-NSS_STATUS
-_nss_winbind_getgrent_r(struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
-}
-
-NSS_STATUS
-_nss_winbind_getgrlst_r(struct group *result,
- char *buffer, size_t buflen, int *errnop)
-{
- return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
-}
-
-/* Return group struct from group name */
-
-NSS_STATUS
-_nss_winbind_getgrnam_r(const char *name,
- struct group *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.groupname, name,
- sizeof(request.data.groupname));
- request.data.groupname
- [sizeof(request.data.groupname) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
- name, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Return group struct from gid */
-
-NSS_STATUS
-_nss_winbind_getgrgid_r(gid_t gid,
- struct group *result, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- static struct winbindd_response response;
- struct winbindd_request request;
- static int keep_response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
-#endif
-
- /* If our static buffer needs to be expanded we are called again */
-
- if (!keep_response) {
-
- /* Call for the first time */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.data.gid = gid;
-
- ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data,
- &buffer, &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
- }
-
- } else {
-
- /* We've been called again */
-
- ret = fill_grent(result, &response.data.gr,
- (char *)response.extra_data.data, &buffer,
- &buflen);
-
- if (ret == NSS_STATUS_TRYAGAIN) {
- keep_response = true;
- *errnop = errno = ERANGE;
- goto done;
- }
-
- keep_response = false;
- *errnop = 0;
- }
-
- winbindd_free_response(&response);
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
- (unsigned int)gid, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-/* Initialise supplementary groups */
-
-NSS_STATUS
-_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
- long int *size, gid_t **groups, long int limit,
- int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- struct winbindd_response response;
- int i;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
- user, group);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.username, user,
- sizeof(request.data.username) - 1);
-
- ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
-
- if (ret == NSS_STATUS_SUCCESS) {
- int num_gids = response.data.num_entries;
- gid_t *gid_list = (gid_t *)response.extra_data.data;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
- "and %d gids\n", getpid(),
- user, num_gids);
-#endif
- if (gid_list == NULL) {
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
-
- /* Copy group list to client */
-
- for (i = 0; i < num_gids; i++) {
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s (%d): "
- "processing gid %d \n", getpid(),
- user, group, gid_list[i]);
-#endif
-
- /* Skip primary group */
-
- if (gid_list[i] == group) {
- continue;
- }
-
- /* Filled buffer ? If so, resize. */
-
- if (*start == *size) {
- long int newsize;
- gid_t *newgroups;
-
- newsize = 2 * (*size);
- if (limit > 0) {
- if (*size == limit) {
- goto done;
- }
- if (newsize > limit) {
- newsize = limit;
- }
- }
-
- newgroups = (gid_t *)
- realloc((*groups),
- newsize * sizeof(**groups));
- if (!newgroups) {
- *errnop = ENOMEM;
- ret = NSS_STATUS_NOTFOUND;
- goto done;
- }
- *groups = newgroups;
- *size = newsize;
- }
-
- /* Add to buffer */
-
- (*groups)[*start] = gid_list[i];
- *start += 1;
- }
- }
-
- /* Back to your regularly scheduled programming */
-
- done:
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
- user, nss_err_str(ret), ret);
-#endif
- return ret;
-}
-
-
-/* return a list of group SIDs for a user SID */
-NSS_STATUS
-_nss_winbind_getusersids(const char *user_sid, char **group_sids,
- int *num_groups,
- char *buffer, size_t buf_size, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_request request;
- struct winbindd_response response;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
-
- if (ret != NSS_STATUS_SUCCESS) {
- goto done;
- }
-
- if (buf_size < response.length - sizeof(response)) {
- ret = NSS_STATUS_TRYAGAIN;
- errno = *errnop = ERANGE;
- goto done;
- }
-
- *num_groups = response.data.num_entries;
- *group_sids = buffer;
- memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
- errno = *errnop = 0;
-
- done:
- winbindd_free_response(&response);
- return ret;
-}
-
-
-/* map a user or group name to a SID string */
-NSS_STATUS
-_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- strncpy(request.data.name.name, name,
- sizeof(request.data.name.name) - 1);
- request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a sid string to a user or group name */
-NSS_STATUS
-_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
- static char sep_char;
- unsigned needed;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- /* we need to fetch the separator first time through */
- if (!sep_char) {
- ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- sep_char = response.data.info.winbind_separator;
- winbindd_free_response(&response);
- }
-
-
- strncpy(request.data.sid, sid,
- sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- needed =
- strlen(response.data.name.dom_name) +
- strlen(response.data.name.name) + 2;
-
- if (buflen < needed) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- snprintf(buffer, needed, "%s%c%s",
- response.data.name.dom_name,
- sep_char,
- response.data.name.name);
-
- *name = buffer;
- *errnop = errno = 0;
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a sid to a uid */
-NSS_STATUS
-_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- *uid = response.data.uid;
-
-failed:
- return ret;
-}
-
-/* map a sid to a gid */
-NSS_STATUS
-_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
-#endif
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
- request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
- ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- *gid = response.data.gid;
-
-failed:
- return ret;
-}
-
-/* map a uid to a SID string */
-NSS_STATUS
-_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.uid = uid;
-
- ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
-
-/* map a gid to a SID string */
-NSS_STATUS
-_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
- size_t buflen, int *errnop)
-{
- NSS_STATUS ret;
- struct winbindd_response response;
- struct winbindd_request request;
-
-#ifdef DEBUG_NSS
- fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
-#endif
-
- ZERO_STRUCT(response);
- ZERO_STRUCT(request);
-
- request.data.gid = gid;
-
- ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
- if (ret != NSS_STATUS_SUCCESS) {
- *errnop = errno = EINVAL;
- goto failed;
- }
-
- if (buflen < strlen(response.data.sid.sid)+1) {
- ret = NSS_STATUS_TRYAGAIN;
- *errnop = errno = ERANGE;
- goto failed;
- }
-
- *errnop = errno = 0;
- *sid = buffer;
- strcpy(*sid, response.data.sid.sid);
-
-failed:
- winbindd_free_response(&response);
- return ret;
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_LINUX_H
-#define _WINBIND_NSS_LINUX_H
-
-#include <nss.h>
-
-typedef enum nss_status NSS_STATUS;
-
-#endif /* _WINBIND_NSS_LINUX_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- NetBSD loadable authentication module, providing identification
- routines against Samba winbind/Windows NT Domain
-
- Copyright (C) Luke Mewburn 2004-2005
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_NETBSD_H
-#define _WINBIND_NSS_NETBSD_H
-
-#include <nsswitch.h>
-
- /* dynamic nsswitch with "new" getpw* nsdispatch API available */
-#if defined(NSS_MODULE_INTERFACE_VERSION) && defined(HAVE_GETPWENT_R)
-
-typedef int NSS_STATUS;
-
-#define NSS_STATUS_SUCCESS NS_SUCCESS
-#define NSS_STATUS_NOTFOUND NS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NS_TRYAGAIN
-
-#endif /* NSS_MODULE_INTERFACE_VERSION && HAVE_GETPWENT_R */
-
-#endif /* _WINBIND_NSS_NETBSD_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 3 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _WINBIND_NSS_SOLARIS_H
-#define _WINBIND_NSS_SOLARIS_H
-
-/* Solaris has a broken nss_common header file containing C++ reserved names. */
-#ifndef __cplusplus
-#undef class
-#undef private
-#undef public
-#undef protected
-#undef template
-#undef this
-#undef new
-#undef delete
-#undef friend
-#endif
-
-#include <nss_common.h>
-
-/*
-TODO: we need to cleanup samba4's headers..
-
-#ifndef __cplusplus
-#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
-#endif
-*/
-
-#include <nss_dbdefs.h>
-#include <nsswitch.h>
-
-typedef nss_status_t NSS_STATUS;
-
-#define NSS_STATUS_SUCCESS NSS_SUCCESS
-#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
-#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
-#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
-
-/* The solaris winbind is implemented as a wrapper around the linux
- version. */
-
-NSS_STATUS _nss_winbind_setpwent(void);
-NSS_STATUS _nss_winbind_endpwent(void);
-NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result,
- char* buffer, size_t buflen, int* errnop);
-
-NSS_STATUS _nss_winbind_setgrent(void);
-NSS_STATUS _nss_winbind_endgrent(void);
-NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer,
- size_t buflen, int* errnop);
-NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
- struct group *result, char *buffer,
- size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
- struct group *result, char *buffer,
- size_t buflen, int *errnop);
-
-#endif /* _WINBIND_NSS_SOLARIS_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind daemon for ntdom nss module
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Gerald Carter 2006
-
- You are free to use this interface definition in any way you see
- fit, including without restriction, using this header in your own
- products. You do not need to give any attribution.
-*/
-
-#ifndef SAFE_FREE
-#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
-#endif
-
-#ifndef _WINBINDD_NTDOM_H
-#define _WINBINDD_NTDOM_H
-
-#define _PSTRING
-#define FSTRING_LEN 256
-
-typedef char fstring[FSTRING_LEN];
-
-#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
-#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
-
-#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
-
-/* Let the build environment override the public winbindd socket location. This
- * is needed for launchd support -- jpeach.
- */
-#ifndef WINBINDD_SOCKET_DIR
-#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#endif
-
-/*
- * when compiled with socket_wrapper support
- * the location of the WINBINDD_SOCKET_DIR
- * can be overwritten via an environment variable
- */
-#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
-
-#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
-#define WINBINDD_DONT_ENV "_NO_WINBINDD"
-#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
-
-/* Update this when you change the interface. */
-
-#define WINBIND_INTERFACE_VERSION 19
-
-/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
- On a 64bit Linux box, we have to support a constant structure size
- between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
- The easiest way to do this is to always use 8byte values for time_t. */
-
-#define SMB_TIME_T int64_t
-
-/* Socket commands */
-
-enum winbindd_cmd {
-
- WINBINDD_INTERFACE_VERSION, /* Always a well known value */
-
- /* Get users and groups */
-
- WINBINDD_GETPWNAM,
- WINBINDD_GETPWUID,
- WINBINDD_GETGRNAM,
- WINBINDD_GETGRGID,
- WINBINDD_GETGROUPS,
-
- /* Enumerate users and groups */
-
- WINBINDD_SETPWENT,
- WINBINDD_ENDPWENT,
- WINBINDD_GETPWENT,
- WINBINDD_SETGRENT,
- WINBINDD_ENDGRENT,
- WINBINDD_GETGRENT,
-
- /* PAM authenticate and password change */
-
- WINBINDD_PAM_AUTH,
- WINBINDD_PAM_AUTH_CRAP,
- WINBINDD_PAM_CHAUTHTOK,
- WINBINDD_PAM_LOGOFF,
- WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
-
- /* List various things */
-
- WINBINDD_LIST_USERS, /* List w/o rid->id mapping */
- WINBINDD_LIST_GROUPS, /* Ditto */
- WINBINDD_LIST_TRUSTDOM,
-
- /* SID conversion */
-
- WINBINDD_LOOKUPSID,
- WINBINDD_LOOKUPNAME,
- WINBINDD_LOOKUPRIDS,
-
- /* Lookup functions */
-
- WINBINDD_SID_TO_UID,
- WINBINDD_SID_TO_GID,
- WINBINDD_SIDS_TO_XIDS,
- WINBINDD_UID_TO_SID,
- WINBINDD_GID_TO_SID,
-
- WINBINDD_ALLOCATE_UID,
- WINBINDD_ALLOCATE_GID,
- WINBINDD_SET_MAPPING,
- WINBINDD_SET_HWM,
-
- /* Miscellaneous other stuff */
-
- WINBINDD_DUMP_MAPS,
-
- WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
- WINBINDD_PING, /* Just tell me winbind is running */
- WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
- WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
-
- WINBINDD_DOMAIN_INFO, /* Most of what we know from
- struct winbindd_domain */
- WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
- WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
-
- WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
-
- /* WINS commands */
-
- WINBINDD_WINS_BYIP,
- WINBINDD_WINS_BYNAME,
-
- /* this is like GETGRENT but gives an empty group list */
- WINBINDD_GETGRLST,
-
- WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
-
- /* find the location of our privileged pipe */
- WINBINDD_PRIV_PIPE_DIR,
-
- /* return a list of group sids for a user sid */
- WINBINDD_GETUSERSIDS,
-
- /* Various group queries */
- WINBINDD_GETUSERDOMGROUPS,
-
- /* Initialize connection in a child */
- WINBINDD_INIT_CONNECTION,
-
- /* Blocking calls that are not allowed on the main winbind pipe, only
- * between parent and children */
- WINBINDD_DUAL_SID2UID,
- WINBINDD_DUAL_SID2GID,
- WINBINDD_DUAL_SIDS2XIDS,
- WINBINDD_DUAL_UID2SID,
- WINBINDD_DUAL_GID2SID,
- WINBINDD_DUAL_SET_MAPPING,
- WINBINDD_DUAL_SET_HWM,
- WINBINDD_DUAL_DUMP_MAPS,
-
- /* Wrapper around possibly blocking unix nss calls */
- WINBINDD_DUAL_UID2NAME,
- WINBINDD_DUAL_NAME2UID,
- WINBINDD_DUAL_GID2NAME,
- WINBINDD_DUAL_NAME2GID,
-
- WINBINDD_DUAL_USERINFO,
- WINBINDD_DUAL_GETSIDALIASES,
-
- /* Complete the challenge phase of the NTLM authentication
- protocol using cached password. */
- WINBINDD_CCACHE_NTLMAUTH,
-
- WINBINDD_NUM_CMDS
-};
-
-typedef struct winbindd_pw {
- fstring pw_name;
- fstring pw_passwd;
- uid_t pw_uid;
- gid_t pw_gid;
- fstring pw_gecos;
- fstring pw_dir;
- fstring pw_shell;
-} WINBINDD_PW;
-
-
-typedef struct winbindd_gr {
- fstring gr_name;
- fstring gr_passwd;
- gid_t gr_gid;
- uint32_t num_gr_mem;
- uint32_t gr_mem_ofs; /* offset to group membership */
-} WINBINDD_GR;
-
-/* PAM specific request flags */
-#define WBFLAG_PAM_INFO3_NDR 0x00000001
-#define WBFLAG_PAM_INFO3_TEXT 0x00000002
-#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
-#define WBFLAG_PAM_LMKEY 0x00000008
-#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
-#define WBFLAG_PAM_UNIX_NAME 0x00000080
-#define WBFLAG_PAM_AFS_TOKEN 0x00000100
-#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
-#define WBFLAG_PAM_KRB5 0x00001000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
-#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 /* not used */
-
-/* generic request flags */
-#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
-/* This is a flag that can only be sent from parent to child */
-#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
-/* Flag to say this is a winbindd internal send - don't recurse. */
-#define WBFLAG_RECURSE 0x00000800
-
-
-#define WINBINDD_MAX_EXTRA_DATA (128*1024)
-
-/* Winbind request structure */
-
-/*******************************************************************************
- * This structure MUST be the same size in the 32bit and 64bit builds
- * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
- *
- * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
- * A 64BIT WINBINDD --jerry
- ******************************************************************************/
-
-struct winbindd_request {
- uint32_t length;
- enum winbindd_cmd cmd; /* Winbindd command to execute */
- enum winbindd_cmd original_cmd; /* Original Winbindd command
- issued to parent process */
- pid_t pid; /* pid of calling process */
- uint32_t wb_flags; /* generic flags */
- uint32_t flags; /* flags relevant *only* to a given request */
- fstring domain_name; /* name of domain for which the request applies */
-
- union {
- fstring winsreq; /* WINS request */
- fstring username; /* getpwnam */
- fstring groupname; /* getgrnam */
- uid_t uid; /* getpwuid, uid_to_sid */
- gid_t gid; /* getgrgid, gid_to_sid */
- struct {
- /* We deliberatedly don't split into domain/user to
- avoid having the client know what the separator
- character is. */
- fstring user;
- fstring pass;
- char require_membership_of_sid[1024];
- fstring krb5_cc_type;
- uid_t uid;
- } auth; /* pam_winbind auth module */
- struct {
- uint8_t chal[8];
- uint32_t logon_parameters;
- fstring user;
- fstring domain;
- fstring lm_resp;
- uint32_t lm_resp_len;
- fstring nt_resp;
- uint32_t nt_resp_len;
- fstring workstation;
- fstring require_membership_of_sid;
- } auth_crap;
- struct {
- fstring user;
- fstring oldpass;
- fstring newpass;
- } chauthtok; /* pam_winbind passwd module */
- struct {
- fstring user;
- fstring domain;
- uint8_t new_nt_pswd[516];
- uint16_t new_nt_pswd_len;
- uint8_t old_nt_hash_enc[16];
- uint16_t old_nt_hash_enc_len;
- uint8_t new_lm_pswd[516];
- uint16_t new_lm_pswd_len;
- uint8_t old_lm_hash_enc[16];
- uint16_t old_lm_hash_enc_len;
- } chng_pswd_auth_crap;/* pam_winbind passwd module */
- struct {
- fstring user;
- fstring krb5ccname;
- uid_t uid;
- } logoff; /* pam_winbind session module */
- fstring sid; /* lookupsid, sid_to_[ug]id */
- struct {
- fstring dom_name; /* lookupname */
- fstring name;
- } name;
- uint32_t num_entries; /* getpwent, getgrent */
- struct {
- fstring username;
- fstring groupname;
- } acct_mgt;
- struct {
- bool is_primary;
- fstring dcname;
- } init_conn;
- struct {
- fstring sid;
- fstring name;
- } dual_sid2id;
- struct {
- fstring sid;
- uint32_t type;
- uint32_t id;
- } dual_idmapset;
- bool list_all_domains;
-
- struct {
- uid_t uid;
- fstring user;
- /* the effective uid of the client, must be the uid for 'user'.
- This is checked by the main daemon, trusted by children. */
- /* if the blobs are length zero, then this doesn't
- produce an actual challenge response. It merely
- succeeds if there are cached credentials available
- that could be used. */
- uint32_t initial_blob_len; /* blobs in extra_data */
- uint32_t challenge_blob_len;
- } ccache_ntlm_auth;
-
- /* padding -- needed to fix alignment between 32bit and 64bit libs.
- The size is the sizeof the union without the padding aligned on
- an 8 byte boundary. --jerry */
-
- char padding[1800];
- } data;
- union {
- SMB_TIME_T padding;
- char *data;
- } extra_data;
- uint32_t extra_len;
- char null_term;
-};
-
-/* Response values */
-
-enum winbindd_result {
- WINBINDD_ERROR,
- WINBINDD_PENDING,
- WINBINDD_OK
-};
-
-/* Winbind response structure */
-
-/*******************************************************************************
- * This structure MUST be the same size in the 32bit and 64bit builds
- * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
- *
- * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
- * A 64BIT WINBINDD --jerry
- ******************************************************************************/
-
-struct winbindd_response {
-
- /* Header information */
-
- uint32_t length; /* Length of response */
- enum winbindd_result result; /* Result code */
-
- /* Fixed length return data */
-
- union {
- int interface_version; /* Try to ensure this is always in the same spot... */
-
- fstring winsresp; /* WINS response */
-
- /* getpwnam, getpwuid */
-
- struct winbindd_pw pw;
-
- /* getgrnam, getgrgid */
-
- struct winbindd_gr gr;
-
- uint32_t num_entries; /* getpwent, getgrent */
- struct winbindd_sid {
- fstring sid; /* lookupname, [ug]id_to_sid */
- int type;
- } sid;
- struct winbindd_name {
- fstring dom_name; /* lookupsid */
- fstring name;
- int type;
- } name;
- uid_t uid; /* sid_to_uid */
- gid_t gid; /* sid_to_gid */
- struct winbindd_info {
- char winbind_separator;
- fstring samba_version;
- } info;
- fstring domain_name;
- fstring netbios_name;
- fstring dc_name;
-
- struct auth_reply {
- uint32_t nt_status;
- fstring nt_status_string;
- fstring error_string;
- int pam_error;
- char user_session_key[16];
- char first_8_lm_hash[8];
- fstring krb5ccname;
- uint32_t reject_reason;
- uint32_t padding;
- struct policy_settings {
- uint32_t min_length_password;
- uint32_t password_history;
- uint32_t password_properties;
- uint32_t padding;
- SMB_TIME_T expire;
- SMB_TIME_T min_passwordage;
- } policy;
- struct info3_text {
- SMB_TIME_T logon_time;
- SMB_TIME_T logoff_time;
- SMB_TIME_T kickoff_time;
- SMB_TIME_T pass_last_set_time;
- SMB_TIME_T pass_can_change_time;
- SMB_TIME_T pass_must_change_time;
- uint32_t logon_count;
- uint32_t bad_pw_count;
- uint32_t user_rid;
- uint32_t group_rid;
- uint32_t num_groups;
- uint32_t user_flgs;
- uint32_t acct_flags;
- uint32_t num_other_sids;
- fstring dom_sid;
- fstring user_name;
- fstring full_name;
- fstring logon_script;
- fstring profile_path;
- fstring home_dir;
- fstring dir_drive;
- fstring logon_srv;
- fstring logon_dom;
- } info3;
- } auth;
- struct {
- fstring name;
- fstring alt_name;
- fstring sid;
- bool native_mode;
- bool active_directory;
- bool primary;
- } domain_info;
- uint32_t sequence_number;
- struct {
- fstring acct_name;
- fstring full_name;
- fstring homedir;
- fstring shell;
- uint32_t primary_gid;
- uint32_t group_rid;
- } user_info;
- struct {
- uint32_t auth_blob_len; /* blob in extra_data */
- } ccache_ntlm_auth;
- } data;
-
- /* Variable length return data */
-
- union {
- SMB_TIME_T padding;
- void *data;
- } extra_data;
-};
-
-struct WINBINDD_MEMORY_CREDS {
- struct WINBINDD_MEMORY_CREDS *next, *prev;
- const char *username; /* lookup key. */
- uid_t uid;
- int ref_count;
- size_t len;
- uint8_t *nt_hash; /* Base pointer for the following 2 */
- uint8_t *lm_hash;
- char *pass;
-};
-
-struct WINBINDD_CCACHE_ENTRY {
- struct WINBINDD_CCACHE_ENTRY *next, *prev;
- const char *principal_name;
- const char *ccname;
- const char *service;
- const char *username;
- const char *realm;
- struct WINBINDD_MEMORY_CREDS *cred_ptr;
- int ref_count;
- uid_t uid;
- time_t create_time;
- time_t renew_until;
- time_t refresh_time;
- struct timed_event *event;
-};
-
-#endif
case WINBINDD_ALLOCATE_UID:
case WINBINDD_ALLOCATE_GID:
case WINBINDD_SET_MAPPING:
+ case WINBINDD_REMOVE_MAPPING:
case WINBINDD_SET_HWM:
case WINBINDD_DOMAIN_INFO:
case WINBINDD_SHOW_SEQUENCE:
case WINBINDD_WINS_BYIP:
case WINBINDD_WINS_BYNAME:
case WINBINDD_GETGRLST:
+ case WINBINDD_DSGETDCNAME:
case WINBINDD_INIT_CONNECTION:
case WINBINDD_DUAL_SIDS2XIDS:
case WINBINDD_DUAL_SET_MAPPING:
+ case WINBINDD_DUAL_REMOVE_MAPPING:
case WINBINDD_DUAL_SET_HWM:
case WINBINDD_DUAL_USERINFO:
case WINBINDD_DUAL_GETSIDALIASES:
git.samba.org / gd / samba-autobuild / .git / commitdiff