smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
smbd/unix_acls.o lib/msrpc-client.o lib/msrpc_use.o \
smbd/process.o smbd/service.o smbd/error.o \
- printing/printfsp.o nsswitch/common.o lib/util_seaccess.o
+ printing/printfsp.o nsswitch/wb_common.o lib/util_seaccess.o \
+ nsswitch/wb_client.o
PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_cups.o printing/load.o
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
-PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/common.po
+PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po
SMBW_OBJ = smbwrapper/smbw.o \
smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(NSSWINS_OBJ) $(SIDDB_OBJ) $(LIBSMB_OBJ)
-WBINFO_OBJ = nsswitch/wbinfo.o nsswitch/common.o
+WBINFO_OBJ = nsswitch/wbinfo.o nsswitch/wb_common.o
-WINBIND_NSS_OBJ = nsswitch/winbind.o nsswitch/common.o
+WINBIND_NSS_OBJ = nsswitch/winbind.o nsswitch/wb_common.o
WINBIND_NSS_PICOBJS = $(WINBIND_NSS_OBJ:.o=.po)
/*The following definitions come from lib/util_seaccess.c */
-BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid);
-BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid);
BOOL se_access_check(SEC_DESC *sd, uid_t uid, gid_t gid, int ngroups,
gid_t *groups, uint32 acc_desired,
uint32 *acc_granted, uint32 *status);
void dump_workgroups(BOOL force_write);
void expire_workgroups_and_servers(time_t t);
-/*The following definitions come from nsswitch/common.c */
+/*The following definitions come from nsswitch/wb_client.c */
+
+BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type);
+BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
+ uint8 *name_type);
+BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid);
+BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid);
+
+/*The following definitions come from nsswitch/wb_common.c */
void init_request(struct winbindd_request *req,int rq_type);
void close_sock(void);
int write_sock(void *buffer, int count);
int read_reply(struct winbindd_response *response);
void free_response(struct winbindd_response *response);
-enum nss_status winbindd_request(int req_type, struct winbindd_request *request,
+enum nss_status winbindd_request(int req_type,
+ struct winbindd_request *request,
struct winbindd_response *response);
/*The following definitions come from param/loadparm.c */
fstring value, uint8 **data, uint32 *type, uint32 *len);
uint32 nt_printing_setsec(char *printername, struct current_user *user,
SEC_DESC_BUF *secdesc_ctr);
-BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type);
BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr);
BOOL print_access_check(struct current_user *user, int snum,
uint32 required_access);
/*The following definitions come from rpc_server/srv_lsa.c */
#if OLD_NTDOMAIN
-BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
- uint8 *name_type);
BOOL api_ntlsa_rpc(pipes_struct *p);
#endif
extern int DEBUGLEVEL;
-/* Call winbindd to convert uid to sid */
-
-BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- int result;
-
- if (!sid) return False;
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.data.uid = uid;
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
-
- /* Copy out result */
-
- if (result == NSS_STATUS_SUCCESS) {
- string_to_sid(sid, response.data.sid.sid);
- } else {
- sid_copy(sid, &global_sid_NULL);
- }
-
- return (result == NSS_STATUS_SUCCESS);
-}
-
-/* Call winbindd to convert uid to sid */
-
-BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- int result;
-
- if (!sid) return False;
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.data.gid = gid;
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
-
- /* Copy out result */
-
- if (result == NSS_STATUS_SUCCESS) {
- string_to_sid(sid, response.data.sid.sid);
- } else {
- sid_copy(sid, &global_sid_NULL);
- }
-
- return (result == NSS_STATUS_SUCCESS);
-}
-
/* Process an access allowed ACE */
static BOOL ace_grant(uint32 mask, uint32 *acc_desired, uint32 *acc_granted)
--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.0
+
+ winbind client code
+
+ Copyright (C) Tim Potter 2000
+ Copyright (C) Andrew Tridgell 2000
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+*/
+
+#include "includes.h"
+
+/* Call winbindd to convert a name to a sid */
+
+BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ enum nss_status result;
+
+ if (!sid || !name_type) return False;
+
+ /* Send off request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ fstrcpy(request.data.name, name);
+ if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request,
+ &response)) == NSS_STATUS_SUCCESS) {
+ string_to_sid(sid, response.data.sid.sid);
+ *name_type = response.data.sid.type;
+ }
+
+ return result == NSS_STATUS_SUCCESS;
+}
+
+/* Call winbindd to convert sid to name */
+
+BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
+ uint8 *name_type)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ enum nss_status result;
+ DOM_SID tmp_sid;
+ uint32 rid;
+ fstring sid_str;
+
+ if (!name_type) return False;
+
+ /* Check if this is our own sid. This should perhaps be done by
+ winbind? For the moment handle it here. */
+
+ if (sid->num_auths == 5) {
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ if (sid_equal(&global_sam_sid, &tmp_sid)) {
+
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_local_rid(rid, name, name_type);
+ }
+ }
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ sid_to_string(sid_str, sid);
+ fstrcpy(request.data.sid, sid_str);
+
+ /* Make request */
+
+ result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
+
+ /* Copy out result */
+
+ if (result == NSS_STATUS_SUCCESS) {
+ parse_domain_user(response.data.name.name, dom_name, name);
+ *name_type = response.data.name.type;
+ } else {
+
+ DEBUG(10,("winbind_lookup_sid: winbind lookup for %s failed - trying builtin.\n",
+ sid_str));
+
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_known_rid(&tmp_sid, rid, name, name_type);
+ }
+
+ return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert uid to sid */
+
+BOOL winbind_uid_to_sid(uid_t uid, DOM_SID *sid)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ int result;
+
+ if (!sid) return False;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ request.data.uid = uid;
+
+ /* Make request */
+
+ result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
+
+ /* Copy out result */
+
+ if (result == NSS_STATUS_SUCCESS) {
+ string_to_sid(sid, response.data.sid.sid);
+ } else {
+ sid_copy(sid, &global_sid_NULL);
+ }
+
+ return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert uid to sid */
+
+BOOL winbind_gid_to_sid(gid_t gid, DOM_SID *sid)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ int result;
+
+ if (!sid) return False;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ request.data.gid = gid;
+
+ /* Make request */
+
+ result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
+
+ /* Copy out result */
+
+ if (result == NSS_STATUS_SUCCESS) {
+ string_to_sid(sid, response.data.sid.sid);
+ } else {
+ sid_copy(sid, &global_sid_NULL);
+ }
+
+ return (result == NSS_STATUS_SUCCESS);
+}
if (!resolve_name(domain_name, &ip, 0x1B)) return False;
- return lookup_pdc_name(global_myname, domain_name, &ip, domain_controller);
+ return lookup_pdc_name(global_myname, domain_name, &ip,
+ domain_controller);
}
-
static struct winbindd_domain *add_trusted_domain(char *domain_name)
{
struct winbindd_domain *domain;
/* Add our workgroup - keep handle to look up trusted domains */
if (!add_trusted_domain(lp_workgroup())) {
- DEBUG(0, ("could not add record for domain %s\n", lp_workgroup()));
+ DEBUG(0, ("could not add record for domain %s\n",
+ lp_workgroup()));
return False;
}
/* Add each domain to the trusted domain list */
for(i = 0; i < num_doms; i++) {
if (!add_trusted_domain(domains[i])) {
- DEBUG(0, ("could not add record for domain %s\n", domains[i]));
+ DEBUG(0, ("could not add record for domain %s\n",
+ domains[i]));
result = False;
}
}
}
if ((domain->sam_handle_open && !rpc_hnd_ok(&domain->sam_handle)) ||
- (domain->sam_dom_handle_open && !rpc_hnd_ok(&domain->sam_dom_handle))) {
+ (domain->sam_dom_handle_open &&
+ !rpc_hnd_ok(&domain->sam_dom_handle))) {
+
domain->got_domain_info = get_domain_info(domain);
if (domain->sam_dom_handle_open) {
samr_close(&domain->sam_dom_handle);
}
/* Open sam handle if it isn't already open */
+
if (!domain->sam_handle_open) {
+
domain->sam_handle_open =
- samr_connect(domain->controller, SEC_RIGHTS_MAXIMUM_ALLOWED,
+ samr_connect(domain->controller,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
&domain->sam_handle);
+
if (!domain->sam_handle_open) return False;
}
/* Open sam domain handle if it isn't already open */
+
if (!domain->sam_dom_handle_open) {
+
domain->sam_dom_handle_open =
samr_open_domain(&domain->sam_handle,
- SEC_RIGHTS_MAXIMUM_ALLOWED, &domain->sid,
- &domain->sam_dom_handle);
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &domain->sid, &domain->sam_dom_handle);
+
if (!domain->sam_dom_handle_open) return False;
}
return True;
}
+/* Close all LSA and SAM connections */
+
static void winbindd_kill_connections(void)
{
+ struct winbindd_cli_state *cli;
struct winbindd_domain *domain;
DEBUG(1,("killing winbindd connections\n"));
+ /* Close LSA connection */
+
server_state.pwdb_initialised = False;
server_state.lsa_handle_open = False;
lsa_close(&server_state.lsa_handle);
- for (domain=domain_list; domain; domain=domain->next) {
+ /* Close SAM connections */
+
+ domain = domain_list;
+
+ while(domain) {
+ struct winbindd_domain *next;
+
+ /* Close SAM handles */
+
if (domain->sam_dom_handle_open) {
samr_close(&domain->sam_dom_handle);
domain->sam_dom_handle_open = False;
}
+
if (domain->sam_handle_open) {
samr_close(&domain->sam_handle);
domain->sam_handle_open = False;
}
+
+ /* Remove from list */
+
+ next = domain->next;
DLIST_REMOVE(domain_list, domain);
free(domain);
+
+ domain = next;
+ }
+
+ /* We also need to go through and trash any pointers to domains in
+ get{pw,gr}ent state records */
+
+ for (cli = client_list; cli; cli = cli->next) {
+ free_getent_state(cli->getpwent_state);
+ free_getent_state(cli->getgrent_state);
}
}
+/* Try to establish connections to NT servers */
+
void establish_connections(void)
{
struct winbindd_domain *domain;
return status;
}
-/* Call winbindd to convert a name to a sid */
-
-BOOL winbind_lookup_name(char *name, DOM_SID *sid, uint8 *name_type)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- enum nss_status result;
-
- if (!sid || !name_type) return False;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.name, name);
- if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request,
- &response)) == NSS_STATUS_SUCCESS) {
- string_to_sid(sid, response.data.sid.sid);
- *name_type = response.data.sid.type;
- }
-
- return result == NSS_STATUS_SUCCESS;
-}
-
/****************************************************************************
Construct a default security descriptor buffer for a printer.
****************************************************************************/
r_l->status = 0x0;
}
-/* Call winbindd to convert sid to name */
-
-BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
- uint8 *name_type)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- enum nss_status result;
- DOM_SID tmp_sid;
- uint32 rid;
- fstring sid_str;
-
- if (!name_type) return False;
-
- /* Check if this is our own sid. This should perhaps be done by
- winbind? For the moment handle it here. */
-
- if (sid->num_auths == 5) {
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
-
- if (sid_equal(&global_sam_sid, &tmp_sid)) {
-
- return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- lookup_local_rid(rid, name, name_type);
- }
- }
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- sid_to_string(sid_str, sid);
- fstrcpy(request.data.sid, sid_str);
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
-
- /* Copy out result */
-
- if (result == NSS_STATUS_SUCCESS) {
- parse_domain_user(response.data.name.name, dom_name, name);
- *name_type = response.data.name.type;
- } else {
-
- DEBUG(10,("winbind_lookup_sid: winbind lookup for %s failed - trying builtin.\n",
- sid_str));
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- return map_domain_sid_to_name(&tmp_sid, dom_name) &&
- lookup_known_rid(&tmp_sid, rid, name, name_type);
- }
-
- return (result == NSS_STATUS_SUCCESS);
-}
-
/***************************************************************************
Init lsa_trans_names.
***************************************************************************/
git.samba.org / vlendec / samba-autobuild / .git / commitdiff