[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-806-gd8c54fd
Steven Danneman
sdanneman at samba.org
Thu Feb 12 03:39:30 GMT 2009
The branch, master has been updated
via d8c54fddda2dba3cbc5fc13e93431b152813892e (commit)
via 3b8a57e064250c6e46458e69ba156aa5d8c22059 (commit)
via aed8e9aa0a887e31562ac9da38ee4a878a4dd4ba (commit)
via 4e69f23857289bd58f4adad85602c8afc3bed03a (commit)
via 989944f8e9a27515c80ade8f1670c80d80b472a4 (commit)
from ce6125e9ec2196b7658e4e87eae3b0ae963b6ab5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d8c54fddda2dba3cbc5fc13e93431b152813892e
Author: Dan Sledz <dsledz at isilon.com>
Date: Tue Feb 10 15:50:39 2009 -0800
s3: Change behavior when seeing an unknown domain.
After a lot of testing against various Windows servers (W2K, W2K3, W2K8),
within an AD domain it seems that unknown domains will only be translated
to the local account domain, not the netbios name of the member server's
domain. This makes samba act more like Windows.
commit 3b8a57e064250c6e46458e69ba156aa5d8c22059
Author: Dan Sledz <dsledz at isilon.com>
Date: Tue Feb 10 13:59:10 2009 -0800
s3: Implement wbcGetSidAliases
* Adds wbcGetSidAliases that calls the lookup_useraliases function.
* Updates wbinfo and winbind_util.c to call the new function.
* Also added winbind_get_groups helper function.
commit aed8e9aa0a887e31562ac9da38ee4a878a4dd4ba
Author: Dan Sledz <dsledz at isilon.com>
Date: Tue Feb 10 11:06:44 2009 -0800
s3: Implement wbcGetpwsid
* Adds the plumbing required to lookup users by sid into winbind, wbinfo
and smbd helper lib (winbind_util.c).
* Removes some double declarations of winbind_util.c functions.
* Bumps the winbind protocol version to 21 and the minor version of
wbclient to 3.
commit 4e69f23857289bd58f4adad85602c8afc3bed03a
Author: Dan Sledz <dsledz at isilon.com>
Date: Sun Feb 8 11:40:26 2009 -0800
Fix double free caused by incorrect talloc_steal usage.
commit 989944f8e9a27515c80ade8f1670c80d80b472a4
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Wed Feb 11 16:06:18 2009 -0800
Added nsswitch/ object files to make clean
* also removed duplicate paths to lib directories in make clean
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_pwd.c | 39 ++++++++++
nsswitch/libwbclient/wbc_sid.c | 139 ++++++++++++++++++++++++++++++++++++
nsswitch/libwbclient/wbclient.h | 24 ++++++-
nsswitch/wbinfo.c | 101 ++++++++++++++++++++++++++
nsswitch/winbind_struct_protocol.h | 12 +++-
source3/Makefile.in | 9 +--
source3/auth/auth_util.c | 61 ++++++++++------
source3/include/proto.h | 30 ++++-----
source3/lib/winbind_util.c | 131 +++++++++++++++++++++++++++++++++
source3/passdb/passdb.c | 19 -----
source3/winbindd/winbindd.c | 3 +
source3/winbindd/winbindd_async.c | 90 +-----------------------
source3/winbindd/winbindd_domain.c | 4 +
source3/winbindd/winbindd_group.c | 115 +++++++++++++++++++++++++++++
source3/winbindd/winbindd_proto.h | 4 +
source3/winbindd/winbindd_user.c | 28 ++++++-
16 files changed, 648 insertions(+), 161 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c
index cd94599..dacd949 100644
--- a/nsswitch/libwbclient/wbc_pwd.c
+++ b/nsswitch/libwbclient/wbc_pwd.c
@@ -190,6 +190,45 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd)
return wbc_status;
}
+/* Fill in a struct passwd* for a domain user based on sid */
+wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ char * sid_string = NULL;
+
+ if (!pwd) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = wbcSidToString(sid, &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ /* Initialize request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.sid, sid_string, sizeof(request.data.sid));
+
+ wbc_status = wbcRequestResponse(WINBINDD_GETPWSID,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ *pwd = copy_passwd_entry(&response.data.pw);
+ BAIL_ON_PTR_ERROR(*pwd, wbc_status);
+
+ done:
+ if (sid_string) {
+ wbcFreeMemory(sid_string);
+ }
+
+ return wbc_status;
+}
+
/* Fill in a struct passwd* for a domain user based on username */
wbcErr wbcGetgrnam(const char *name, struct group **grp)
{
diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
index e2157b9..46c59a9 100644
--- a/nsswitch/libwbclient/wbc_sid.c
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -491,6 +491,145 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
return wbc_status;
}
+static inline
+wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
+{
+ if (sid->num_auths < 1) {
+ return WBC_ERR_INVALID_RESPONSE;
+ }
+ *rid = sid->sub_auths[sid->num_auths - 1];
+
+ return WBC_ERR_SUCCESS;
+}
+
+/* Get alias membership for sids */
+wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
+ struct wbcDomainSid *sids,
+ uint32_t num_sids,
+ uint32_t **alias_rids,
+ uint32_t *num_alias_rids)
+{
+ uint32_t i;
+ const char *s;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ char *sid_string = NULL;
+ ssize_t sid_len;
+ ssize_t extra_data_len = 0;
+ char * extra_data = NULL;
+ ssize_t buflen = 0;
+ struct wbcDomainSid sid;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ uint32_t * rids = NULL;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (!dom_sid) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = wbcSidToString(dom_sid, &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
+ wbcFreeMemory(sid_string);
+ sid_string = NULL;
+
+ /* Lets assume each sid is around 54 characters
+ * S-1-5-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
+ buflen = 54 * num_sids;
+ extra_data = talloc_array(NULL, char, buflen);
+ if (!extra_data) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Build the sid list */
+ for (i=0; i<num_sids; i++) {
+ if (sid_string) {
+ wbcFreeMemory(sid_string);
+ sid_string = NULL;
+ }
+ wbc_status = wbcSidToString(&sids[i], &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ sid_len = strlen(sid_string);
+
+ if (buflen < extra_data_len + sid_len + 2) {
+ buflen *= 2;
+ extra_data = talloc_realloc(NULL, extra_data,
+ char, buflen);
+ if (!extra_data) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ }
+
+ strncpy(&extra_data[extra_data_len], sid_string,
+ buflen - extra_data_len);
+ extra_data_len += sid_len;
+ extra_data[extra_data_len++] = '\n';
+ extra_data[extra_data_len] = '\0';
+ }
+
+ request.extra_data.data = extra_data;
+ request.extra_len = extra_data_len;
+
+ wbc_status = wbcRequestResponse(WINBINDD_GETSIDALIASES,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ if (response.data.num_entries &&
+ !response.extra_data.data) {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ rids = talloc_array(NULL, uint32_t,
+ response.data.num_entries);
+ BAIL_ON_PTR_ERROR(sids, wbc_status);
+
+ s = (const char *)response.extra_data.data;
+ for (i = 0; i < response.data.num_entries; i++) {
+ char *n = strchr(s, '\n');
+ if (n) {
+ *n = '\0';
+ }
+ wbc_status = wbcStringToSid(s, &sid);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ wbc_status = _sid_to_rid(&sid, &rids[i]);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ s += strlen(s) + 1;
+ }
+
+ *num_alias_rids = response.data.num_entries;
+ *alias_rids = rids;
+ rids = NULL;
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (sid_string) {
+ wbcFreeMemory(sid_string);
+ }
+ if (extra_data) {
+ talloc_free(extra_data);
+ }
+ if (response.extra_data.data) {
+ free(response.extra_data.data);
+ }
+ if (rids) {
+ talloc_free(rids);
+ }
+
+ return wbc_status;
+}
+
+
/* Lists Users */
wbcErr wbcListUsers(const char *domain_name,
uint32_t *_num_users,
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 990cc52..9d29951 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -60,9 +60,11 @@ const char *wbcErrorString(wbcErr error);
* 0.1: Initial version
* 0.2: Added wbcRemoveUidMapping()
* Added wbcRemoveGidMapping()
+ * 0.3: Added wbcGetpwsid()
+ * Added wbcGetSidAliases()
**/
#define WBCLIENT_MAJOR_VERSION 0
-#define WBCLIENT_MINOR_VERSION 2
+#define WBCLIENT_MINOR_VERSION 3
#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
struct wbcLibraryDetails {
uint16_t major_version;
@@ -615,6 +617,15 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
uint32_t *num_sids,
struct wbcDomainSid **sids);
+/*
+ * @brief Get alias membership for sids
+ **/
+wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
+ struct wbcDomainSid *sids,
+ uint32_t num_sids,
+ uint32_t **alias_rids,
+ uint32_t *num_alias_rids);
+
/**
* @brief Lists Users
**/
@@ -838,6 +849,17 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
/**
* @brief Fill in a struct passwd* for a domain user based
+ * on sid
+ *
+ * @param sid Sid to lookup
+ * @param **pwd Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
* on username
*
* @param *name Username to lookup
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index ce53cad..4d935f5 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -202,6 +202,31 @@ static bool wbinfo_get_uidinfo(int uid)
return true;
}
+static bool wbinfo_get_user_sidinfo(const char *sid_str)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct passwd *pwd = NULL;
+ struct wbcDomainSid sid;
+
+ wbc_status = wbcStringToSid(sid_str, &sid);
+ wbc_status = wbcGetpwsid(&sid, &pwd);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
+ }
+
+ d_printf("%s:%s:%d:%d:%s:%s:%s\n",
+ pwd->pw_name,
+ pwd->pw_passwd,
+ pwd->pw_uid,
+ pwd->pw_gid,
+ pwd->pw_gecos,
+ pwd->pw_dir,
+ pwd->pw_shell);
+
+ return true;
+}
+
+
/* pull grent for a given group */
static bool wbinfo_get_groupinfo(const char *group)
{
@@ -341,6 +366,64 @@ static bool wbinfo_get_userdomgroups(const char *user_sid_str)
return true;
}
+static bool wbinfo_get_sidaliases(const char *domain,
+ const char *user_sid_str)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcDomainInfo *dinfo = NULL;
+ uint32_t i;
+ struct wbcDomainSid user_sid;
+ uint32_t *alias_rids = NULL;
+ uint32_t num_alias_rids;
+ char *domain_sid_str = NULL;
+
+ /* Send request */
+ if ((domain == NULL) || (strequal(domain, ".")) ||
+ (domain[0] == '\0')) {
+ domain = get_winbind_domain();
+ }
+
+ /* Send request */
+
+ wbc_status = wbcDomainInfo(domain, &dinfo);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
+ wbcErrorString(wbc_status));
+ goto done;
+ }
+ wbc_status = wbcStringToSid(user_sid_str, &user_sid);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
+ wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
+ &alias_rids, &num_alias_rids);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
+ wbc_status = wbcSidToString(&dinfo->sid, &domain_sid_str);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
+ for (i = 0; i < num_alias_rids; i++) {
+ d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
+ }
+
+ wbcFreeMemory(alias_rids);
+
+done:
+ if (domain_sid_str) {
+ wbcFreeMemory(domain_sid_str);
+ }
+ if (dinfo) {
+ wbcFreeMemory(dinfo);
+ }
+ return (WBC_ERR_SUCCESS == wbc_status);
+}
+
+
/* Convert NetBIOS name to IP */
static bool wbinfo_wins_byname(const char *name)
@@ -1553,6 +1636,7 @@ enum {
OPT_GETDCNAME,
OPT_DSGETDCNAME,
OPT_USERDOMGROUPS,
+ OPT_SIDALIASES,
OPT_USERSIDS,
OPT_ALLOCATE_UID,
OPT_ALLOCATE_GID,
@@ -1564,6 +1648,7 @@ enum {
OPT_LIST_ALL_DOMAINS,
OPT_LIST_OWN_DOMAIN,
OPT_UID_INFO,
+ OPT_USER_SIDINFO,
OPT_GROUP_INFO,
OPT_GID_INFO,
OPT_VERBOSE,
@@ -1622,10 +1707,12 @@ int main(int argc, char **argv, char **envp)
{ "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
{ "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
{ "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
+ { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
{ "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
{ "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
+ { "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
@@ -1860,6 +1947,13 @@ int main(int argc, char **argv, char **envp)
goto done;
}
break;
+ case OPT_USER_SIDINFO:
+ if ( !wbinfo_get_user_sidinfo(string_arg)) {
+ d_fprintf(stderr, "Could not get info for user sid %s\n",
+ string_arg);
+ goto done;
+ }
+ break;
case OPT_UID_INFO:
if ( !wbinfo_get_uidinfo(int_arg)) {
d_fprintf(stderr, "Could not get info for uid "
@@ -1902,6 +1996,13 @@ int main(int argc, char **argv, char **envp)
goto done;
}
break;
+ case OPT_SIDALIASES:
+ if (!wbinfo_get_sidaliases(opt_domain_name, string_arg)) {
+ d_fprintf(stderr, "Could not get sid aliases "
+ "for user SID %s\n", string_arg);
+ goto done;
+ }
+ break;
case 'a': {
bool got_error = false;
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 0b3e744..11b2069 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -39,9 +39,11 @@
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
-/* Update this when you change the interface. */
-
-#define WINBIND_INTERFACE_VERSION 20
+/* Update this when you change the interface.
+ * 21: added WINBINDD_GETPWSID
+ * added WINBINDD_GETSIDALIASES
+ */
+#define WINBIND_INTERFACE_VERSION 21
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -60,6 +62,7 @@ enum winbindd_cmd {
WINBINDD_GETPWNAM,
WINBINDD_GETPWUID,
+ WINBINDD_GETPWSID,
WINBINDD_GETGRNAM,
WINBINDD_GETGRGID,
WINBINDD_GETGROUPS,
@@ -140,6 +143,9 @@ enum winbindd_cmd {
/* Various group queries */
WINBINDD_GETUSERDOMGROUPS,
+ /* lookup local groups */
+ WINBINDD_GETSIDALIASES,
+
/* Initialize connection in a child */
WINBINDD_INIT_CONNECTION,
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2d2d9a0..9484032 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -2813,7 +2813,8 @@ TOPFILES=dynconfig.o localedir.o
cleanlibs::
-rm -f ../lib/*/*.o ../lib/*/*/*.o \
- ../libcli/*.o ../libcli/*/*.o
+ ../libcli/*.o ../libcli/*/*.o \
+ ../librpc/*/*.o
clean:: cleanlibs
-rm -f include/build_env.h
@@ -2822,15 +2823,13 @@ clean:: cleanlibs
-rm -f core */*~ *~ \
*/*.o */*/*.o */*/*/*.o \
../testsuite/*/*.o \
+ ../nsswitch/*.o ../nsswitch/*/*.o ../nsswitch/*. at SHLIBEXT@ \
*/*. at SHLIBEXT@ */*/*. at SHLIBEXT@ */*/*/*. at SHLIBEXT@ \
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) \
$(MODULES) $(TORTURE_PROGS) \
$(EVERYTHING_PROGS) \
bin/timelimit \
- .headers.stamp */src/*.o \
- ../lib/*/*.o \
- ../libcli/*.o ../libcli/*/*.o \
- ../librpc/*/*.o
+ .headers.stamp */src/*.o
-rm -rf t_dir
include/build_env.h: script/build_env.sh
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e3677c4..f942b2e 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -186,13 +186,15 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- const char *wksta_name,
- DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd,
- DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
- DATA_BLOB *plaintext,
+NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ const char *wksta_name,
+ DATA_BLOB *lm_pwd,
+ DATA_BLOB *nt_pwd,
+ DATA_BLOB *lm_interactive_pwd,
--
Samba Shared Repository
More information about the samba-cvs
mailing list