[SCM] Samba Shared Repository - branch master updated -
ed2b94c1a29017013a8eb773755c051f4c2a2eb0
Günther Deschner
gd at samba.org
Fri Oct 10 13:40:31 GMT 2008
The branch, master has been updated
via ed2b94c1a29017013a8eb773755c051f4c2a2eb0 (commit)
via d397bafa0ac00df862d6c2b165df6b7cf9d2d4bd (commit)
via 377e4f929a4e0913fcc4b531437049db450659ea (commit)
from b1282d720cffeb4b89bc5276b827e60ccef3f110 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ed2b94c1a29017013a8eb773755c051f4c2a2eb0
Author: Günther Deschner <gd at samba.org>
Date: Thu Aug 14 23:33:12 2008 +0200
pam_winbind: use libwbclient for WINBINDD_LOOKUPNAME/LOOKUPSID.
Guenther
commit d397bafa0ac00df862d6c2b165df6b7cf9d2d4bd
Author: Günther Deschner <gd at samba.org>
Date: Thu Aug 14 18:17:00 2008 +0200
pam_winbind: use libwbclient for WINBINDD_INFO.
Guenther
commit 377e4f929a4e0913fcc4b531437049db450659ea
Author: Günther Deschner <gd at samba.org>
Date: Thu Aug 14 18:15:29 2008 +0200
pam_winbind: use libwbclient for WINBINDD_GETPWNAM.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/nsswitch/pam_winbind.c | 121 +++++++++++++++-------------------------
1 files changed, 46 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 41dacd7..9448890 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -715,23 +715,6 @@ static int pam_winbind_request(struct pwb_context *ctx,
return PAM_SUCCESS;
}
- /* no need to check for pam_error codes for getpwnam() */
- switch (req_type) {
-
- case WINBINDD_GETPWNAM:
- case WINBINDD_LOOKUPNAME:
- if (strlen(response->data.auth.nt_status_string) > 0) {
- _pam_log(ctx, LOG_ERR,
- "request failed, NT error was %s",
- response->data.auth.nt_status_string);
- } else {
- _pam_log(ctx, LOG_ERR, "request failed");
- }
- return PAM_USER_UNKNOWN;
- default:
- break;
- }
-
if (response->data.auth.pam_error != PAM_SUCCESS) {
_pam_log(ctx, LOG_ERR,
"request failed: %s, "
@@ -785,8 +768,6 @@ static int pam_winbind_request_log(struct pwb_context *ctx,
/* Otherwise, the authentication looked good */
#if 0
switch (req_type) {
- case WINBINDD_INFO:
- break;
case WINBINDD_PAM_AUTH:
_pam_log(ctx, LOG_NOTICE,
"user '%s' granted access", user);
@@ -1021,33 +1002,33 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
int sid_list_buffer_size)
{
const char* sid_string;
- struct winbindd_response sid_response;
/* lookup name? */
if (IS_SID_STRING(name)) {
sid_string = name;
} else {
- struct winbindd_request sid_request;
-
- ZERO_STRUCT(sid_request);
- ZERO_STRUCT(sid_response);
+ wbcErr wbc_status;
+ struct wbcDomainSid sid;
+ enum wbcSidType type;
+ char *sid_str;
_pam_log_debug(ctx, LOG_DEBUG,
"no sid given, looking up: %s\n", name);
- /* fortunatly winbindd can handle non-separated names */
- strncpy(sid_request.data.name.name, name,
- sizeof(sid_request.data.name.name) - 1);
-
- if (pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
- &sid_request, &sid_response,
- user)) {
+ wbc_status = wbcLookupName("", name, &sid, &type);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
_pam_log(ctx, LOG_INFO,
"could not lookup name: %s\n", name);
return false;
}
- sid_string = sid_response.data.sid.sid;
+ wbc_status = wbcSidToString(&sid, &sid_str);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
+ }
+
+ wbcFreeMemory(sid_str);
+ sid_string = sid_str;
}
if (!safe_append_string(sid_list_buffer, sid_string,
@@ -1723,29 +1704,26 @@ static int valid_user(struct pwb_context *ctx,
* sure it's really a winbind user, this is important when stacking PAM
* modules in the 'account' or 'password' facility. */
+ wbcErr wbc_status;
struct passwd *pwd = NULL;
- struct winbindd_request request;
- struct winbindd_response response;
- int ret;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ struct passwd *wb_pwd = NULL;
pwd = getpwnam(user);
if (pwd == NULL) {
return 1;
}
- strncpy(request.data.username, user,
- sizeof(request.data.username) - 1);
-
- ret = pam_winbind_request_log(ctx, WINBINDD_GETPWNAM,
- &request, &response, user);
+ wbc_status = wbcGetpwnam(user, &wb_pwd);
+ wbcFreeMemory(wb_pwd);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ _pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n",
+ wbcErrorString(wbc_status));
+ }
- switch (ret) {
- case PAM_USER_UNKNOWN:
+ switch (wbc_status) {
+ case WBC_ERR_UNKNOWN_USER:
return 1;
- case PAM_SUCCESS:
+ case WBC_ERR_SUCCESS:
return 0;
default:
break;
@@ -2057,20 +2035,25 @@ static int get_warn_pwd_expire_from_config(struct pwb_context *ctx)
static char winbind_get_separator(struct pwb_context *ctx)
{
- struct winbindd_request request;
- struct winbindd_response response;
+ wbcErr wbc_status;
+ static struct wbcInterfaceDetails *details = NULL;
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbc_status = wbcInterfaceDetails(&details);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ _pam_log(ctx, LOG_ERR,
+ "Could not retrieve winbind interface details: %s",
+ wbcErrorString(wbc_status));
+ return '\0';
+ }
- if (pam_winbind_request_log(ctx, WINBINDD_INFO,
- &request, &response, NULL)) {
+ if (!details) {
return '\0';
}
- return response.data.info.winbind_separator;
+ return details->winbind_separator;
}
+
/**
* Convert a upn to a name.
*
@@ -2083,10 +2066,12 @@ static char winbind_get_separator(struct pwb_context *ctx)
static char* winbind_upn_to_username(struct pwb_context *ctx,
const char *upn)
{
- struct winbindd_request req;
- struct winbindd_response resp;
- int retval;
char sep;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcDomainSid sid;
+ enum wbcSidType type;
+ char *domain;
+ char *name;
/* This cannot work when the winbind separator = @ */
@@ -2097,33 +2082,19 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
/* Convert the UPN to a SID */
- ZERO_STRUCT(req);
- ZERO_STRUCT(resp);
-
- strncpy(req.data.name.dom_name, "",
- sizeof(req.data.name.dom_name) - 1);
- strncpy(req.data.name.name, upn,
- sizeof(req.data.name.name) - 1);
- retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME,
- &req, &resp, upn);
- if (retval != PAM_SUCCESS) {
+ wbc_status = wbcLookupName("", upn, &sid, &type);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
return NULL;
}
/* Convert the the SID back to the sAMAccountName */
- ZERO_STRUCT(req);
- strncpy(req.data.sid, resp.data.sid.sid, sizeof(req.data.sid)-1);
- ZERO_STRUCT(resp);
- retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPSID,
- &req, &resp, upn);
- if (retval != PAM_SUCCESS) {
+ wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
return NULL;
}
- return talloc_asprintf(ctx, "%s\\%s",
- resp.data.name.dom_name,
- resp.data.name.name);
+ return talloc_asprintf(ctx, "%s\\%s", domain, name);
}
PAM_EXTERN
--
Samba Shared Repository
More information about the samba-cvs
mailing list