/*
- Unix SMB/Netbios implementation.
- Version 2.0
+ Unix SMB/CIFS implementation.
- Winbind daemon - user related function
+ Winbind daemon - user related functions
Copyright (C) Tim Potter 2000
+ Copyright (C) Jeremy Allison 2001.
+ Copyright (C) Gerald (Jerry) Carter 2003.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "winbindd.h"
-/* Fill a pwent structure with information we have obtained */
-
-static void winbindd_fill_pwent(struct winbindd_pw *pw, char *name,
- uid_t unix_uid, gid_t unix_gid,
- char *full_name)
-{
- pstring homedir;
- fstring name_domain, name_user;
-
- if (!pw || !name) {
- return;
- }
-
- /* Fill in uid/gid */
-
- pw->pw_uid = unix_uid;
- pw->pw_gid = unix_gid;
-
- /* Username */
-
- safe_strcpy(pw->pw_name, name, sizeof(pw->pw_name) - 1);
-
- /* Full name (gecos) */
-
- safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1);
-
- /* Home directory and shell - use template config parameters. The
- defaults are /tmp for the home directory and /bin/false for shell. */
-
- parse_domain_user(name, name_domain, name_user);
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_WINBIND
- pstrcpy(homedir, lp_template_homedir());
+extern userdom_struct current_user_info;
- pstring_sub(homedir, "%U", name_user);
- pstring_sub(homedir, "%D", name_domain);
-
- safe_strcpy(pw->pw_dir, homedir, sizeof(pw->pw_dir) - 1);
-
- safe_strcpy(pw->pw_shell, lp_template_shell(), sizeof(pw->pw_shell) - 1);
-
- /* Password - set to "x" as we can't generate anything useful here.
- Authentication can be done using the pam_ntdom module. */
+/* Fill a pwent structure with information we have obtained */
- safe_strcpy(pw->pw_passwd, "x", sizeof(pw->pw_passwd) - 1);
+static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
+ DOM_SID *user_sid, DOM_SID *group_sid,
+ char *full_name, struct winbindd_pw *pw)
+{
+ fstring output_username;
+ pstring homedir;
+ fstring sid_string;
+
+ if (!pw || !dom_name || !user_name)
+ return False;
+
+ /* Resolve the uid number */
+
+ if (!NT_STATUS_IS_OK(idmap_sid_to_uid(user_sid, &(pw->pw_uid), 0))) {
+ DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid)));
+ return False;
+ }
+
+ /* Resolve the gid number */
+
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(group_sid, &(pw->pw_gid), 0))) {
+ DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid)));
+ return False;
+ }
+
+ /* Username */
+
+ fill_domain_username(output_username, dom_name, user_name);
+
+ safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1);
+
+ /* Full name (gecos) */
+
+ safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1);
+
+ /* Home directory and shell - use template config parameters. The
+ defaults are /tmp for the home directory and /bin/false for
+ shell. */
+
+ /* The substitution of %U and %D in the 'template homedir' is done
+ by lp_string() calling standard_sub_basic(). */
+
+ fstrcpy(current_user_info.smb_name, user_name);
+ sub_set_smb_name(user_name);
+ fstrcpy(current_user_info.domain, dom_name);
+
+ pstrcpy(homedir, lp_template_homedir());
+
+ safe_strcpy(pw->pw_dir, homedir, sizeof(pw->pw_dir) - 1);
+
+ safe_strcpy(pw->pw_shell, lp_template_shell(),
+ sizeof(pw->pw_shell) - 1);
+
+ /* Password - set to "x" as we can't generate anything useful here.
+ Authentication can be done using the pam_winbind module. */
+
+ safe_strcpy(pw->pw_passwd, "x", sizeof(pw->pw_passwd) - 1);
+
+ return True;
}
-/* Return a password structure from a username. Specify whether cached data
- can be returned. */
+/* Return a password structure from a username. */
-enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
{
- uint32 name_type, user_rid, group_rid;
- SAM_USERINFO_CTR user_info;
- DOM_SID user_sid;
- fstring name_domain, name_user, name, gecos_name;
- struct winbindd_domain *domain;
- uid_t uid;
- gid_t gid;
-
- /* Parse domain and username */
- parse_domain_user(state->request.data.username, name_domain, name_user);
-
- /* Reject names that don't have a domain - i.e name_domain contains the
- entire name. */
-
- if (strequal(name_domain, "")) {
- return WINBINDD_ERROR;
- }
-
- /* Get info for the domain */
-
- if ((domain = find_domain_from_name(name_domain)) == NULL) {
- DEBUG(0, ("could not find domain entry for domain %s\n", name_domain));
- return WINBINDD_ERROR;
- }
-
- /* Check for cached user entry */
-
- if (winbindd_fetch_user_cache_entry(name_domain, name_user,
- &state->response.data.pw)) {
- return WINBINDD_OK;
- }
-
- slprintf(name,sizeof(name),"%s\\%s", name_domain, name_user);
-
- /* Get rid and name type from name */
- /* the following costs 1 packet */
- if (!winbindd_lookup_sid_by_name(domain, name, &user_sid, &name_type)) {
- DEBUG(1, ("user '%s' does not exist\n", name_user));
- return WINBINDD_ERROR;
- }
-
- if (name_type != SID_NAME_USER) {
- DEBUG(1, ("name '%s' is not a user name: %d\n", name_user, name_type));
- return WINBINDD_ERROR;
- }
-
- /* Get some user info. Split the user rid from the sid obtained from
- the winbind_lookup_by_name() call and use it in a
- winbind_lookup_userinfo() */
+ WINBIND_USERINFO user_info;
+ WINBINDD_PW *pw;
+ DOM_SID user_sid;
+ NTSTATUS status;
+ fstring name_domain, name_user;
+ enum SID_NAME_USE name_type;
+ struct winbindd_domain *domain;
+ TALLOC_CTX *mem_ctx;
+
+ /* Ensure null termination */
+ state->request.data.username[sizeof(state->request.data.username)-1]='\0';
+
+ DEBUG(3, ("[%5lu]: getpwnam %s\n", (unsigned long)state->pid,
+ state->request.data.username));
+
+ /* Parse domain and username */
+
+ parse_domain_user(state->request.data.username,
+ name_domain, name_user);
+
+ /* if this is our local domain (or no domain), the do a local tdb search */
+
+ if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
+ if ( !(pw = wb_getpwnam(name_user)) ) {
+ DEBUG(5,("winbindd_getpwnam: lookup for %s\\%s failed\n",
+ name_domain, name_user));
+ return WINBINDD_ERROR;
+ }
+ memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
+ return WINBINDD_OK;
+ }
+
+ /* should we deal with users for our domain? */
+
+ if ( lp_winbind_trusted_domains_only() && strequal(name_domain, lp_workgroup())) {
+ DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n",
+ name_domain, name_user));
+ return WINBINDD_ERROR;
+ }
+
+ if ((domain = find_domain_from_name(name_domain)) == NULL) {
+ DEBUG(5, ("no such domain: %s\n", name_domain));
+ return WINBINDD_ERROR;
+ }
+
+ /* Get rid and name type from name */
+
+ if (!winbindd_lookup_sid_by_name(domain, name_user, &user_sid, &name_type)) {
+ DEBUG(1, ("user '%s' does not exist\n", name_user));
+ return WINBINDD_ERROR;
+ }
+
+ if (name_type != SID_NAME_USER) {
+ DEBUG(1, ("name '%s' is not a user name: %d\n", name_user,
+ name_type));
+ return WINBINDD_ERROR;
+ }
+
+ /* Get some user info. Split the user rid from the sid obtained
+ from the winbind_lookup_by_name() call and use it in a
+ winbind_lookup_userinfo() */
- sid_split_rid(&user_sid, &user_rid);
-
- /* the following costs 3 packets */
- if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
- DEBUG(1, ("pwnam_from_user(): error getting user info for user '%s'\n",
- name_user));
- return WINBINDD_ERROR;
- }
+ if (!(mem_ctx = talloc_init("winbindd_getpwnam([%s]\\[%s])",
+ name_domain, name_user))) {
+ DEBUG(1, ("out of memory\n"));
+ return WINBINDD_ERROR;
+ }
+
+ status = domain->methods->query_user(domain, mem_ctx, &user_sid,
+ &user_info);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("error getting user info for user '[%s]\\[%s]'\n",
+ name_domain, name_user));
+ talloc_destroy(mem_ctx);
+ return WINBINDD_ERROR;
+ }
- group_rid = user_info.info.id21->group_rid;
- unistr2_to_ascii(gecos_name, &user_info.info.id21->uni_full_name,
- sizeof(gecos_name) - 1);
-
- free_samr_userinfo_ctr(&user_info);
-
- /* Resolve the uid number */
-
- if (!winbindd_idmap_get_uid_from_rid(domain->name, user_rid, &uid)) {
- DEBUG(1, ("error getting user id for user %s\n", name_user));
- return WINBINDD_ERROR;
- }
-
- /* Resolve the gid number */
-
- if (!winbindd_idmap_get_gid_from_rid(domain->name, group_rid, &gid)) {
- DEBUG(1, ("error getting group id for user %s\n", name_user));
- return WINBINDD_ERROR;
- }
-
- /* Now take all this information and fill in a passwd structure */
-
- winbindd_fill_pwent(&state->response.data.pw,
- state->request.data.username, uid, gid,
- gecos_name);
-
- winbindd_fill_user_cache_entry(name_domain, name_user,
- &state->response.data.pw);
-
- return WINBINDD_OK;
+ /* Now take all this information and fill in a passwd structure */
+ if (!winbindd_fill_pwent(name_domain, name_user,
+ user_info.user_sid, user_info.group_sid,
+ user_info.full_name,
+ &state->response.data.pw)) {
+ talloc_destroy(mem_ctx);
+ return WINBINDD_ERROR;
+ }
+
+ talloc_destroy(mem_ctx);
+
+ return WINBINDD_OK;
}
/* Return a password structure given a uid number */
-enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
- *state)
+enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
{
- DOM_SID user_sid;
- struct winbindd_domain *domain;
- uint32 user_rid, group_rid;
- fstring user_name, gecos_name;
- enum SID_NAME_USE name_type;
- SAM_USERINFO_CTR user_info;
- gid_t gid;
-
- /* Get rid from uid */
- if (!winbindd_idmap_get_rid_from_uid(state->request.data.uid, &user_rid,
- &domain)) {
- DEBUG(1, ("Could not convert uid %d to rid\n",
- state->request.data.uid));
- return WINBINDD_ERROR;
- }
-
- /* Check for cached uid entry */
- if (winbindd_fetch_uid_cache_entry(domain->name, state->request.data.uid,
- &state->response.data.pw)) {
- return WINBINDD_OK;
- }
-
-
- /* Get name and name type from rid */
-
- sid_copy(&user_sid, &domain->sid);
- sid_append_rid(&user_sid, user_rid);
-
- if (!winbindd_lookup_name_by_sid(domain, &user_sid, user_name,
- &name_type)) {
- fstring temp;
-
- sid_to_string(temp, &user_sid);
- DEBUG(1, ("Could not lookup sid %s\n", temp));
- return WINBINDD_ERROR;
- }
-
- string_sub(user_name, "\\", "/", sizeof(fstring));
-
- /* Get some user info */
-
- if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
- DEBUG(1, ("pwnam_from_uid(): error getting user info for user '%s'\n",
- user_name));
- return WINBINDD_ERROR;
- }
-
- group_rid = user_info.info.id21->group_rid;
- unistr2_to_ascii(gecos_name, &user_info.info.id21->uni_full_name,
- sizeof(gecos_name) - 1);
-
- free_samr_userinfo_ctr(&user_info);
-
- /* Resolve gid number */
-
- if (!winbindd_idmap_get_gid_from_rid(domain->name, group_rid, &gid)) {
- DEBUG(1, ("error getting group id for user %s\n", user_name));
- return WINBINDD_ERROR;
- }
-
- /* Fill in password structure */
-
- winbindd_fill_pwent(&state->response.data.pw, user_name,
- state->request.data.uid, gid, gecos_name);
-
- winbindd_fill_uid_cache_entry(domain->name, state->request.data.uid,
- &state->response.data.pw);
-
- return WINBINDD_OK;
+ DOM_SID user_sid;
+ struct winbindd_domain *domain;
+ WINBINDD_PW *pw;
+ fstring dom_name;
+ fstring user_name;
+ enum SID_NAME_USE name_type;
+ WINBIND_USERINFO user_info;
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ gid_t gid;
+
+ /* Bug out if the uid isn't in the winbind range */
+
+ if ((state->request.data.uid < server_state.uid_low ) ||
+ (state->request.data.uid > server_state.uid_high))
+ return WINBINDD_ERROR;
+
+ DEBUG(3, ("[%5lu]: getpwuid %lu\n", (unsigned long)state->pid,
+ (unsigned long)state->request.data.uid));
+
+ /* always try local tdb first */
+
+ if ( (pw = wb_getpwuid(state->request.data.uid)) != NULL ) {
+ memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
+ return WINBINDD_OK;
+ }
+
+ /* Get rid from uid */
+
+ if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&user_sid, state->request.data.uid))) {
+ DEBUG(1, ("could not convert uid %lu to SID\n",
+ (unsigned long)state->request.data.uid));
+ return WINBINDD_ERROR;
+ }
+
+ /* Get name and name type from rid */
+
+ if (!winbindd_lookup_name_by_sid(&user_sid, dom_name, user_name, &name_type)) {
+ fstring temp;
+
+ sid_to_string(temp, &user_sid);
+ DEBUG(1, ("could not lookup sid %s\n", temp));
+ return WINBINDD_ERROR;
+ }
+
+ domain = find_domain_from_sid(&user_sid);
+
+ if (!domain) {
+ DEBUG(1,("Can't find domain from sid\n"));
+ return WINBINDD_ERROR;
+ }
+
+ /* Get some user info */
+
+ if (!(mem_ctx = talloc_init("winbind_getpwuid(%lu)",
+ (unsigned long)state->request.data.uid))) {
+
+ DEBUG(1, ("out of memory\n"));
+ return WINBINDD_ERROR;
+ }
+
+ status = domain->methods->query_user(domain, mem_ctx, &user_sid,
+ &user_info);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("error getting user info for user '%s'\n",
+ user_name));
+ talloc_destroy(mem_ctx);
+ return WINBINDD_ERROR;
+ }
+
+ /* Check group has a gid number */
+
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_info.group_sid, &gid, 0))) {
+ DEBUG(1, ("error getting group id for user %s\n", user_name));
+ talloc_destroy(mem_ctx);
+ return WINBINDD_ERROR;
+ }
+
+ /* Fill in password structure */
+
+ if (!winbindd_fill_pwent(domain->name, user_name, user_info.user_sid,
+ user_info.group_sid,
+ user_info.full_name, &state->response.data.pw)) {
+ talloc_destroy(mem_ctx);
+ return WINBINDD_ERROR;
+ }
+
+ talloc_destroy(mem_ctx);
+
+ return WINBINDD_OK;
}
/*
enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
{
- struct winbindd_domain *tmp;
-
- if (state == NULL) return WINBINDD_ERROR;
-
- /* Free old static data if it exists */
-
- if (state->getpwent_state != NULL) {
- free_getent_state(state->getpwent_state);
- state->getpwent_state = NULL;
- }
-
- /* Create sam pipes for each domain we know about */
-
- for(tmp = domain_list; tmp != NULL; tmp = tmp->next) {
- struct getent_state *domain_state;
-
- /* Skip domains other than WINBINDD_DOMAIN environment variable */
-
- if ((strcmp(state->request.domain, "") != 0) &&
- (strcmp(state->request.domain, tmp->name) != 0)) {
- continue;
- }
-
- /* Create a state record for this domain */
-
- if ((domain_state = (struct getent_state *)
- malloc(sizeof(struct getent_state))) == NULL) {
-
- return WINBINDD_ERROR;
- }
+ struct winbindd_domain *domain;
+
+ DEBUG(3, ("[%5lu]: setpwent\n", (unsigned long)state->pid));
+
+ /* Check user has enabled this */
+
+ if (!lp_winbind_enum_users())
+ return WINBINDD_ERROR;
- ZERO_STRUCTP(domain_state);
- domain_state->domain = tmp;
+ /* Free old static data if it exists */
+
+ if (state->getpwent_state != NULL) {
+ free_getent_state(state->getpwent_state);
+ state->getpwent_state = NULL;
+ }
+
+#if 0 /* JERRY */
+ /* add any local users we have */
+
+ if ( (domain_state = (struct getent_state *)malloc(sizeof(struct getent_state))) == NULL )
+ return WINBINDD_ERROR;
+
+ ZERO_STRUCTP(domain_state);
- /* Add to list of open domains */
+ /* Add to list of open domains */
+
+ DLIST_ADD(state->getpwent_state, domain_state);
+#endif
+
+ /* Create sam pipes for each domain we know about */
+
+ for(domain = domain_list(); domain != NULL; domain = domain->next) {
+ struct getent_state *domain_state;
+
+
+ /* don't add our domaina if we are a PDC or if we
+ are a member of a Samba domain */
+
+ if ( (IS_DC || lp_winbind_trusted_domains_only())
+ && strequal(domain->name, lp_workgroup()) )
+ {
+ continue;
+ }
+
+ /* Create a state record for this domain */
+
+ if ((domain_state = (struct getent_state *)
+ malloc(sizeof(struct getent_state))) == NULL)
+ return WINBINDD_ERROR;
+
+ ZERO_STRUCTP(domain_state);
- DLIST_ADD(state->getpwent_state, domain_state)
- }
+ fstrcpy(domain_state->domain_name, domain->name);
- return WINBINDD_OK;
+ /* Add to list of open domains */
+
+ DLIST_ADD(state->getpwent_state, domain_state);
+ }
+
+ return WINBINDD_OK;
}
/* Close file pointer to ntdom passwd database */
enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state)
{
- if (state == NULL) return WINBINDD_ERROR;
+ DEBUG(3, ("[%5lu]: endpwent\n", (unsigned long)state->pid));
+
+ free_getent_state(state->getpwent_state);
+ state->getpwent_state = NULL;
+
+ return WINBINDD_OK;
+}
- free_getent_state(state->getpwent_state);
- state->getpwent_state = NULL;
+/* Get partial list of domain users for a domain. We fill in the sam_entries,
+ and num_sam_entries fields with domain user information. The dispinfo_ndx
+ field is incremented to the index of the next user to fetch. Return True if
+ some users were returned, False otherwise. */
- return WINBINDD_OK;
+#define MAX_FETCH_SAM_ENTRIES 100
+
+static BOOL get_sam_user_entries(struct getent_state *ent)
+{
+ NTSTATUS status;
+ uint32 num_entries;
+ WINBIND_USERINFO *info;
+ struct getpwent_user *name_list = NULL;
+ BOOL result = False;
+ TALLOC_CTX *mem_ctx;
+ struct winbindd_domain *domain;
+ struct winbindd_methods *methods;
+ unsigned int i;
+
+ if (ent->num_sam_entries)
+ return False;
+
+ if (!(mem_ctx = talloc_init("get_sam_user_entries(%s)",
+ ent->domain_name)))
+ return False;
+
+ if (!(domain = find_domain_from_name(ent->domain_name))) {
+ DEBUG(3, ("no such domain %s in get_sam_user_entries\n",
+ ent->domain_name));
+ return False;
+ }
+
+ methods = domain->methods;
+
+ /* Free any existing user info */
+
+ SAFE_FREE(ent->sam_entries);
+ ent->num_sam_entries = 0;
+
+ /* Call query_user_list to get a list of usernames and user rids */
+
+ num_entries = 0;
+
+ status = methods->query_user_list(domain, mem_ctx, &num_entries,
+ &info);
+
+ if (num_entries) {
+ struct getpwent_user *tnl;
+
+ tnl = (struct getpwent_user *)Realloc(name_list,
+ sizeof(struct getpwent_user) *
+ (ent->num_sam_entries +
+ num_entries));
+
+ if (!tnl) {
+ DEBUG(0,("get_sam_user_entries realloc failed.\n"));
+ SAFE_FREE(name_list);
+ goto done;
+ } else
+ name_list = tnl;
+ }
+
+ for (i = 0; i < num_entries; i++) {
+ /* Store account name and gecos */
+ if (!info[i].acct_name) {
+ fstrcpy(name_list[ent->num_sam_entries + i].name, "");
+ } else {
+ fstrcpy(name_list[ent->num_sam_entries + i].name,
+ info[i].acct_name);
+ }
+ if (!info[i].full_name) {
+ fstrcpy(name_list[ent->num_sam_entries + i].gecos, "");
+ } else {
+ fstrcpy(name_list[ent->num_sam_entries + i].gecos,
+ info[i].full_name);
+ }
+
+ /* User and group ids */
+ sid_copy(&name_list[ent->num_sam_entries+i].user_sid, info[i].user_sid);
+ sid_copy(&name_list[ent->num_sam_entries+i].group_sid, info[i].group_sid);
+ }
+
+ ent->num_sam_entries += num_entries;
+
+ /* Fill in remaining fields */
+
+ ent->sam_entries = name_list;
+ ent->sam_entry_index = 0;
+ result = ent->num_sam_entries > 0;
+
+ done:
+
+ talloc_destroy(mem_ctx);
+
+ return result;
}
/* Fetch next passwd entry from ntdom database */
+#define MAX_GETPWENT_USERS 500
+
enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
{
- if (state == NULL) return WINBINDD_ERROR;
+ struct getent_state *ent;
+ struct winbindd_pw *user_list;
+ int num_users, user_list_ndx = 0, i;
- /* Process the current head of the getent_state list */
+ DEBUG(3, ("[%5lu]: getpwent\n", (unsigned long)state->pid));
- while(state->getpwent_state != NULL) {
- struct getent_state *ent = state->getpwent_state;
+ /* Check user has enabled this */
- /* Get list of user entries for this pipe */
+ if (!lp_winbind_enum_users())
+ return WINBINDD_ERROR;
- if (!ent->got_sam_entries) {
- uint32 status, start_ndx = 0;
+ /* Allocate space for returning a chunk of users */
- /* Look in cache for entries, else get them direct */
+ num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
+
+ if ((state->response.extra_data =
+ malloc(num_users * sizeof(struct winbindd_pw))) == NULL)
+ return WINBINDD_ERROR;
- if (!winbindd_fetch_user_cache(ent->domain->name,
- &ent->sam_entries,
- &ent->num_sam_entries)) {
+ memset(state->response.extra_data, 0, num_users *
+ sizeof(struct winbindd_pw));
- /* Fetch the user entries */
+ user_list = (struct winbindd_pw *)state->response.extra_data;
+
+ if (!(ent = state->getpwent_state))
+ return WINBINDD_ERROR;
- if (!domain_handles_open(ent->domain)) goto cleanup;
+ /* Start sending back users */
- do {
- status =
- samr_enum_dom_users(
- &ent->domain->sam_dom_handle, &start_ndx, 0, 0,
- 0x10000, &ent->sam_entries, &ent->num_sam_entries);
- } while (status == STATUS_MORE_ENTRIES);
+ for (i = 0; i < num_users; i++) {
+ struct getpwent_user *name_list = NULL;
+ uint32 result;
- /* Fill cache with received entries */
-
- winbindd_fill_user_cache(ent->domain->name, ent->sam_entries,
- ent->num_sam_entries);
- }
-
- ent->got_sam_entries = True;
- }
-
- /* Send back a user */
+ /* Do we need to fetch another chunk of users? */
- while (ent->sam_entry_index < ent->num_sam_entries) {
- enum winbindd_result result;
- fstring domain_user_name;
- char *user_name = (ent->sam_entries)
- [ent->sam_entry_index].acct_name;
-
- /* Don't bother with machine accounts */
+ if (ent->num_sam_entries == ent->sam_entry_index) {
- if (user_name[strlen(user_name) - 1] == '$') {
- ent->sam_entry_index++;
- continue;
- }
+ while(ent && !get_sam_user_entries(ent)) {
+ struct getent_state *next_ent;
- /* Prepend domain to name */
+ /* Free state information for this domain */
- slprintf(domain_user_name, sizeof(domain_user_name),
- "%s/%s", ent->domain->name, user_name);
-
- /* Get passwd entry from user name */
-
- fstrcpy(state->request.data.username, domain_user_name);
- result = winbindd_getpwnam_from_user(state);
+ SAFE_FREE(ent->sam_entries);
- ent->sam_entry_index++;
-
- /* Return if user lookup worked */
-
- if (result == WINBINDD_OK) {
- return result;
- }
-
- /* Try next user */
-
- DEBUG(1, ("could not getpwnam_from_user for username %s\n",
- domain_user_name));
- }
+ next_ent = ent->next;
+ DLIST_REMOVE(state->getpwent_state, ent);
- /* We've exhausted all users for this pipe - close it down and
- start on the next one. */
+ SAFE_FREE(ent);
+ ent = next_ent;
+ }
+
+ /* No more domains */
+
+ if (!ent)
+ break;
+ }
+
+ name_list = ent->sam_entries;
+
+ /* Skip machine accounts */
+
+ if (name_list[ent->sam_entry_index].
+ name[strlen(name_list[ent->sam_entry_index].name) - 1]
+ == '$') {
+ ent->sam_entry_index++;
+ continue;
+ }
+
+ /* Lookup user info */
+
+ result = winbindd_fill_pwent(
+ ent->domain_name,
+ name_list[ent->sam_entry_index].name,
+ &name_list[ent->sam_entry_index].user_sid,
+ &name_list[ent->sam_entry_index].group_sid,
+ name_list[ent->sam_entry_index].gecos,
+ &user_list[user_list_ndx]);
+
+ ent->sam_entry_index++;
+
+ /* Add user to return list */
+
+ if (result) {
+
+ user_list_ndx++;
+ state->response.data.num_entries++;
+ state->response.length +=
+ sizeof(struct winbindd_pw);
+
+ } else
+ DEBUG(1, ("could not lookup domain user %s\n",
+ name_list[ent->sam_entry_index].name));
+ }
+
+ /* Out of domains */
+
+ return (user_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR;
+}
+
+/* List domain users without mapping to unix ids */
- cleanup:
+enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
+{
+ struct winbindd_domain *domain;
+ WINBIND_USERINFO *info;
+ const char *which_domain;
+ uint32 num_entries = 0, total_entries = 0;
+ char *ted, *extra_data = NULL;
+ int extra_data_len = 0;
+ TALLOC_CTX *mem_ctx;
+ enum winbindd_result rv = WINBINDD_ERROR;
+
+ DEBUG(3, ("[%5lu]: list users\n", (unsigned long)state->pid));
+
+ if (!(mem_ctx = talloc_init("winbindd_list_users")))
+ return WINBINDD_ERROR;
+
+ /* Ensure null termination */
+ state->request.domain_name[sizeof(state->request.domain_name)-1]='\0';
+ which_domain = state->request.domain_name;
+
+ /* Enumerate over trusted domains */
+
+ for (domain = domain_list(); domain; domain = domain->next) {
+ NTSTATUS status;
+ struct winbindd_methods *methods;
+ unsigned int i;
+
+ /* if we have a domain name restricting the request and this
+ one in the list doesn't match, then just bypass the remainder
+ of the loop */
+
+ if ( *which_domain && !strequal(which_domain, domain->name) )
+ continue;
+
+ methods = domain->methods;
+
+ /* Query display info */
+ status = methods->query_user_list(domain, mem_ctx,
+ &num_entries, &info);
+
+ if (num_entries == 0)
+ continue;
+
+ /* Allocate some memory for extra data */
+ total_entries += num_entries;
+
+ ted = Realloc(extra_data, sizeof(fstring) * total_entries);
+
+ if (!ted) {
+ DEBUG(0,("failed to enlarge buffer!\n"));
+ SAFE_FREE(extra_data);
+ goto done;
+ } else
+ extra_data = ted;
+
+ /* Pack user list into extra data fields */
+
+ for (i = 0; i < num_entries; i++) {
+ fstring acct_name, name;
+
+ if (!info[i].acct_name) {
+ fstrcpy(acct_name, "");
+ } else {
+ fstrcpy(acct_name, info[i].acct_name);
+ }
+
+ fill_domain_username(name, domain->name, acct_name);
+
+ /* Append to extra data */
+ memcpy(&extra_data[extra_data_len], name,
+ strlen(name));
+ extra_data_len += strlen(name);
+ extra_data[extra_data_len++] = ',';
+ }
+ }
- /* Free mallocated memory for sam entries. The data stored here
- may have been allocated from the cache. */
+ /* Assign extra_data fields in response structure */
- if (ent->sam_entries != NULL) free(ent->sam_entries);
- ent->sam_entries = NULL;
+ if (extra_data) {
+ extra_data[extra_data_len - 1] = '\0';
+ state->response.extra_data = extra_data;
+ state->response.length += extra_data_len;
+ }
- /* Free state information for this domain */
+ /* No domains responded but that's still OK so don't return an
+ error. */
- {
- struct getent_state *old_ent;
+ rv = WINBINDD_OK;
- old_ent = state->getpwent_state;
- DLIST_REMOVE(state->getpwent_state, state->getpwent_state);
- free(old_ent);
- }
- }
+ done:
- /* Out of pipes so we're done */
+ talloc_destroy(mem_ctx);
- return WINBINDD_ERROR;
+ return rv;
}
git.samba.org / tprouty / samba.git / blobdiff