[SCM] Samba Shared Repository - branch master updated - ed2b94c1a29017013a8eb773755c051f4c2a2eb0

Günther Deschner gd at samba.org
Fri Oct 10 13:40:31 GMT 2008


The branch, master has been updated
       via  ed2b94c1a29017013a8eb773755c051f4c2a2eb0 (commit)
       via  d397bafa0ac00df862d6c2b165df6b7cf9d2d4bd (commit)
       via  377e4f929a4e0913fcc4b531437049db450659ea (commit)
      from  b1282d720cffeb4b89bc5276b827e60ccef3f110 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ed2b94c1a29017013a8eb773755c051f4c2a2eb0
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 23:33:12 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_LOOKUPNAME/LOOKUPSID.
    
    Guenther

commit d397bafa0ac00df862d6c2b165df6b7cf9d2d4bd
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 18:17:00 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_INFO.
    
    Guenther

commit 377e4f929a4e0913fcc4b531437049db450659ea
Author: Günther Deschner <gd at samba.org>
Date:   Thu Aug 14 18:15:29 2008 +0200

    pam_winbind: use libwbclient for WINBINDD_GETPWNAM.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/nsswitch/pam_winbind.c |  121 +++++++++++++++-------------------------
 1 files changed, 46 insertions(+), 75 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 41dacd7..9448890 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -715,23 +715,6 @@ static int pam_winbind_request(struct pwb_context *ctx,
 		return PAM_SUCCESS;
 	}
 
-	/* no need to check for pam_error codes for getpwnam() */
-	switch (req_type) {
-
-		case WINBINDD_GETPWNAM:
-		case WINBINDD_LOOKUPNAME:
-			if (strlen(response->data.auth.nt_status_string) > 0) {
-				_pam_log(ctx, LOG_ERR,
-					 "request failed, NT error was %s",
-					 response->data.auth.nt_status_string);
-			} else {
-				_pam_log(ctx, LOG_ERR, "request failed");
-			}
-			return PAM_USER_UNKNOWN;
-		default:
-			break;
-	}
-
 	if (response->data.auth.pam_error != PAM_SUCCESS) {
 		_pam_log(ctx, LOG_ERR,
 			 "request failed: %s, "
@@ -785,8 +768,6 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
 		/* Otherwise, the authentication looked good */
 #if 0
 		switch (req_type) {
-			case WINBINDD_INFO:
-				break;
 			case WINBINDD_PAM_AUTH:
 				_pam_log(ctx, LOG_NOTICE,
 					 "user '%s' granted access", user);
@@ -1021,33 +1002,33 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
 				       int sid_list_buffer_size)
 {
 	const char* sid_string;
-	struct winbindd_response sid_response;
 
 	/* lookup name? */
 	if (IS_SID_STRING(name)) {
 		sid_string = name;
 	} else {
-		struct winbindd_request sid_request;
-
-		ZERO_STRUCT(sid_request);
-		ZERO_STRUCT(sid_response);
+		wbcErr wbc_status;
+		struct wbcDomainSid sid;
+		enum wbcSidType type;
+		char *sid_str;
 
 		_pam_log_debug(ctx, LOG_DEBUG,
 			       "no sid given, looking up: %s\n", name);
 
-		/* fortunatly winbindd can handle non-separated names */
-		strncpy(sid_request.data.name.name, name,
-			sizeof(sid_request.data.name.name) - 1);
-
-		if (pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
-					    &sid_request, &sid_response,
-					    user)) {
+		wbc_status = wbcLookupName("", name, &sid, &type);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
 			_pam_log(ctx, LOG_INFO,
 				 "could not lookup name: %s\n", name);
 			return false;
 		}
 
-		sid_string = sid_response.data.sid.sid;
+		wbc_status = wbcSidToString(&sid, &sid_str);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			return false;
+		}
+
+		wbcFreeMemory(sid_str);
+		sid_string = sid_str;
 	}
 
 	if (!safe_append_string(sid_list_buffer, sid_string,
@@ -1723,29 +1704,26 @@ static int valid_user(struct pwb_context *ctx,
 	 * sure it's really a winbind user, this is important when stacking PAM
 	 * modules in the 'account' or 'password' facility. */
 
+	wbcErr wbc_status;
 	struct passwd *pwd = NULL;
-	struct winbindd_request request;
-	struct winbindd_response response;
-	int ret;
-
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
+	struct passwd *wb_pwd = NULL;
 
 	pwd = getpwnam(user);
 	if (pwd == NULL) {
 		return 1;
 	}
 
-	strncpy(request.data.username, user,
-		sizeof(request.data.username) - 1);
-
-	ret = pam_winbind_request_log(ctx, WINBINDD_GETPWNAM,
-				      &request, &response, user);
+	wbc_status = wbcGetpwnam(user, &wb_pwd);
+	wbcFreeMemory(wb_pwd);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		_pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n",
+			wbcErrorString(wbc_status));
+	}
 
-	switch (ret) {
-		case PAM_USER_UNKNOWN:
+	switch (wbc_status) {
+		case WBC_ERR_UNKNOWN_USER:
 			return 1;
-		case PAM_SUCCESS:
+		case WBC_ERR_SUCCESS:
 			return 0;
 		default:
 			break;
@@ -2057,20 +2035,25 @@ static int get_warn_pwd_expire_from_config(struct pwb_context *ctx)
 
 static char winbind_get_separator(struct pwb_context *ctx)
 {
-	struct winbindd_request request;
-	struct winbindd_response response;
+	wbcErr wbc_status;
+	static struct wbcInterfaceDetails *details = NULL;
 
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
+	wbc_status = wbcInterfaceDetails(&details);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		_pam_log(ctx, LOG_ERR,
+			 "Could not retrieve winbind interface details: %s",
+			 wbcErrorString(wbc_status));
+		return '\0';
+	}
 
-	if (pam_winbind_request_log(ctx, WINBINDD_INFO,
-				    &request, &response, NULL)) {
+	if (!details) {
 		return '\0';
 	}
 
-	return response.data.info.winbind_separator;
+	return details->winbind_separator;
 }
 
+
 /**
  * Convert a upn to a name.
  *
@@ -2083,10 +2066,12 @@ static char winbind_get_separator(struct pwb_context *ctx)
 static char* winbind_upn_to_username(struct pwb_context *ctx,
 				     const char *upn)
 {
-	struct winbindd_request req;
-	struct winbindd_response resp;
-	int retval;
 	char sep;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcDomainSid sid;
+	enum wbcSidType type;
+	char *domain;
+	char *name;
 
 	/* This cannot work when the winbind separator = @ */
 
@@ -2097,33 +2082,19 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 
 	/* Convert the UPN to a SID */
 
-	ZERO_STRUCT(req);
-	ZERO_STRUCT(resp);
-
-	strncpy(req.data.name.dom_name, "",
-		sizeof(req.data.name.dom_name) - 1);
-	strncpy(req.data.name.name, upn,
-		sizeof(req.data.name.name) - 1);
-	retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
-					 &req, &resp, upn);
-	if (retval != PAM_SUCCESS) {
+	wbc_status = wbcLookupName("", upn, &sid, &type);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return NULL;
 	}
 
 	/* Convert the the SID back to the sAMAccountName */
 
-	ZERO_STRUCT(req);
-	strncpy(req.data.sid, resp.data.sid.sid, sizeof(req.data.sid)-1);
-	ZERO_STRUCT(resp);
-	retval =  pam_winbind_request_log(ctx, WINBINDD_LOOKUPSID,
-					  &req, &resp, upn);
-	if (retval != PAM_SUCCESS) {
+	wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return NULL;
 	}
 
-	return talloc_asprintf(ctx, "%s\\%s",
-			       resp.data.name.dom_name,
-			       resp.data.name.name);
+	return talloc_asprintf(ctx, "%s\\%s", domain, name);
 }
 
 PAM_EXTERN


-- 
Samba Shared Repository


More information about the samba-cvs mailing list