[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Mon Jan 9 17:16:03 UTC 2017
The branch, master has been updated
via b9e76cc passdb: Remove pdb_wbc_sam
via ccadd26 auth: Remove auth_wbc
via e3c3ef3 selftest: Don't test auth_wbc anymore
from 0127bdd replace: Include sysmacros.h
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b9e76cc8e1690e2a5b9608e9ead8aa45a5349485
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 07:04:59 2017 +0000
passdb: Remove pdb_wbc_sam
It seems that this was only used in OneFS. The filesystem parts were
removed in 2012 with 70be41c772d.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 9 18:15:20 CET 2017 on sn-devel-144
commit ccadd26ac7fa62520db5975278381b801824f8da
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 07:04:59 2017 +0000
auth: Remove auth_wbc
It seems that this was only used in OneFS. The filesystem parts were
removed in 2012 with 70be41c772d.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e3c3ef331aabe63a9b22876b6f6720553f6dff6b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 10:36:04 2017 +0000
selftest: Don't test auth_wbc anymore
It will go in the next commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_wbc.c | 199 -------------------
source3/auth/wscript_build | 8 -
source3/passdb/pdb_wbc_sam.c | 452 -------------------------------------------
source3/passdb/pdb_wbc_sam.h | 33 ----
source3/passdb/wscript_build | 8 -
source3/wscript | 4 +-
source4/selftest/tests.py | 1 -
7 files changed, 2 insertions(+), 703 deletions(-)
delete mode 100644 source3/auth/auth_wbc.c
delete mode 100644 source3/passdb/pdb_wbc_sam.c
delete mode 100644 source3/passdb/pdb_wbc_sam.h
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
deleted file mode 100644
index 1b70042..0000000
--- a/source3/auth/auth_wbc.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind client authentication mechanism designed to defer all
- authentication to the winbind daemon.
-
- Copyright (C) Tim Potter 2000
- Copyright (C) Andrew Bartlett 2001 - 2002
- Copyright (C) Dan Sledz 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/* This auth module is very similar to auth_winbind with 3 distinct
- * differences.
- *
- * 1) Does not fallback to another auth module if winbindd is unavailable
- * 2) Does not validate the domain of the user
- * 3) Handles unencrypted passwords
- *
- * The purpose of this module is to defer all authentication decisions (ie:
- * local user vs NIS vs LDAP vs AD; encrypted vs plaintext) to the wbc
- * compatible daemon. This centeralizes all authentication decisions to a
- * single provider.
- *
- * This auth backend is most useful when used in conjunction with pdb_wbc_sam.
- */
-
-#include "includes.h"
-#include "auth.h"
-#include "nsswitch/libwbclient/wbclient.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
-/* Authenticate a user with a challenge/response */
-
-static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
-{
- NTSTATUS nt_status;
- wbcErr wbc_status;
- struct wbcAuthUserParams params;
- struct wbcAuthUserInfo *info = NULL;
- struct wbcAuthErrorInfo *err = NULL;
-
- if (!user_info || !auth_context || !server_info) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- ZERO_STRUCT(params);
-
- /* Send off request */
-
- DEBUG(10, ("Check auth for: [%s]", user_info->mapped.account_name));
-
- params.account_name = user_info->client.account_name;
- params.domain_name = user_info->mapped.domain_name;
- params.workstation_name = user_info->workstation_name;
-
- params.flags = 0;
- params.parameter_control= user_info->logon_parameters;
-
- /* Handle plaintext */
- switch (user_info->password_state) {
- case AUTH_PASSWORD_PLAIN:
- {
- DEBUG(3,("Checking plaintext password for %s.\n",
- user_info->mapped.account_name));
- params.level = WBC_AUTH_USER_LEVEL_PLAIN;
-
- params.password.plaintext = user_info->password.plaintext;
- break;
- }
- case AUTH_PASSWORD_RESPONSE:
- case AUTH_PASSWORD_HASH:
- {
- DEBUG(3,("Checking encrypted password for %s.\n",
- user_info->mapped.account_name));
- params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
-
- memcpy(params.password.response.challenge,
- auth_context->challenge.data,
- sizeof(params.password.response.challenge));
-
- if (user_info->password.response.nt.length != 0) {
- params.password.response.nt_length =
- user_info->password.response.nt.length;
- params.password.response.nt_data =
- user_info->password.response.nt.data;
- }
- if (user_info->password.response.lanman.length != 0) {
- params.password.response.lm_length =
- user_info->password.response.lanman.length;
- params.password.response.lm_data =
- user_info->password.response.lanman.data;
- }
- break;
- }
- default:
- DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state));
- return NT_STATUS_INTERNAL_ERROR;
-#if 0 /* If ever implemented in libwbclient */
- case AUTH_PASSWORD_HASH:
- {
- DEBUG(3,("Checking logon (hash) password for %s.\n",
- user_info->mapped.account_name));
- params.level = WBC_AUTH_USER_LEVEL_HASH;
-
- if (user_info->password.hash.nt) {
- memcpy(params.password.hash.nt_hash, user_info->password.hash.nt, sizeof(* user_info->password.hash.nt));
- } else {
- memset(params.password.hash.nt_hash, '\0', sizeof(params.password.hash.nt_hash));
- }
-
- if (user_info->password.hash.lanman) {
- memcpy(params.password.hash.lm_hash, user_info->password.hash.lanman, sizeof(* user_info->password.hash.lanman));
- } else {
- memset(params.password.hash.lm_hash, '\0', sizeof(params.password.hash.lm_hash));
- }
-
- }
-#endif
- }
-
- /* we are contacting the privileged pipe */
- become_root();
- wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
- unbecome_root();
-
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- DEBUG(10,("wbcAuthenticateUserEx failed (%d): %s\n",
- wbc_status, wbcErrorString(wbc_status)));
- }
-
- if (wbc_status == WBC_ERR_NO_MEMORY) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if (wbc_status == WBC_ERR_AUTH_ERROR) {
- nt_status = NT_STATUS(err->nt_status);
- wbcFreeMemory(err);
- return nt_status;
- }
-
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- return NT_STATUS_LOGON_FAILURE;
- }
-
- DEBUG(10,("wbcAuthenticateUserEx succeeded\n"));
-
- nt_status = make_server_info_wbcAuthUserInfo(mem_ctx,
- user_info->client.account_name,
- user_info->mapped.domain_name,
- info, server_info);
- wbcFreeMemory(info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- (*server_info)->nss_token |= user_info->was_mapped;
-
- return nt_status;
-}
-
-/* module initialisation */
-static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
-{
- struct auth_methods *result;
-
- result = talloc_zero(auth_context, struct auth_methods);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- result->name = "wbc";
- result->auth = check_wbc_security;
-
- *auth_method = result;
- return NT_STATUS_OK;
-}
-
-NTSTATUS auth_wbc_init(void)
-{
- return smb_register_auth(AUTH_INTERFACE_VERSION, "wbc", auth_init_wbc);
-}
diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build
index e7a6051..b95fb98 100644
--- a/source3/auth/wscript_build
+++ b/source3/auth/wscript_build
@@ -46,14 +46,6 @@ bld.SAMBA3_MODULE('auth_winbind',
init_function='',
internal_module=True)
-bld.SAMBA3_MODULE('auth_wbc',
- subsystem='auth',
- source='auth_wbc.c',
- deps='samba-util',
- init_function='',
- internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_wbc'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_wbc'))
-
bld.SAMBA3_MODULE('auth_domain',
subsystem='auth',
source='auth_domain.c',
diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
deleted file mode 100644
index b73fcc4..0000000
--- a/source3/passdb/pdb_wbc_sam.c
+++ /dev/null
@@ -1,452 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Password and authentication handling by wbclient
-
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Simo Sorce 2003
- Copyright (C) Volker Lendecke 2006
- Copyright (C) Dan Sledz 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/* This passdb module retrieves full passdb information for local users and
- * groups from a wbclient compatible daemon.
- *
- * The purpose of this module is to defer all SAM authorization information
- * storage and retrieval to a wbc compatible daemon.
- *
- * This passdb backend is most useful when used in conjunction with auth_wbc.
- *
- * A few current limitations of this module are:
- * - read only interface
- * - no privileges
- */
-
-#include "includes.h"
-#include "passdb.h"
-#include "lib/winbind_util.h"
-#include "passdb/pdb_wbc_sam.h"
-#include "idmap.h"
-
-/***************************************************************************
- Default implementations of some functions.
- ****************************************************************************/
-static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
- struct samu *user,
- const struct passwd *pwd)
-{
- NTSTATUS result = NT_STATUS_OK;
-
- if (pwd == NULL)
- return NT_STATUS_NO_SUCH_USER;
-
- ZERO_STRUCTP(user);
-
- /* Can we really get away with this little of information */
- user->methods = methods;
- result = samu_set_unix(user, pwd);
-
- return result;
-}
-
-static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
-{
- return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname));
-}
-
-static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const struct dom_sid *sid)
-{
- return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
-}
-
-static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
- struct dom_sid *sid)
-{
- switch (id->type) {
- case ID_TYPE_UID:
- return winbind_uid_to_sid(sid, id->id);
-
- case ID_TYPE_GID:
- return winbind_gid_to_sid(sid, id->id);
-
- default:
- return false;
- }
-}
-
-static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *group,
- uint32_t **pp_member_rids,
- size_t *p_num_members)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- struct samu *user,
- struct dom_sid **pp_sids,
- gid_t **pp_gids,
- uint32_t *p_num_groups)
-{
- size_t i;
- const char *username = pdb_get_username(user);
- uint32_t num_groups;
-
- if (!winbind_get_groups(mem_ctx, username, &num_groups, pp_gids)) {
- return NT_STATUS_NO_SUCH_USER;
- }
- *p_num_groups = num_groups;
-
- if (*p_num_groups == 0) {
- smb_panic("primary group missing");
- }
-
- *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
-
- if (*pp_sids == NULL) {
- TALLOC_FREE(*pp_gids);
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < *p_num_groups; i++) {
- gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods,
- const struct dom_sid *domain_sid,
- int num_rids,
- uint32_t *rids,
- const char **names,
- enum lsa_SidType *attrs)
-{
- NTSTATUS result = NT_STATUS_OK;
- const char *p = NULL;
- const char **pp = NULL;
- char *domain = NULL;
- char **account_names = NULL;
- enum lsa_SidType *attr_list = NULL;
- int i;
-
- if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids,
- &p, &pp, &attr_list))
- {
- result = NT_STATUS_NONE_MAPPED;
- goto done;
- }
- domain = discard_const_p(char, p);
- account_names = discard_const_p(char *, pp);
-
- memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType));
-
- for (i=0; i<num_rids; i++) {
- if (attrs[i] == SID_NAME_UNKNOWN) {
- names[i] = NULL;
- } else {
- names[i] = talloc_strdup(names, account_names[i]);
- if (names[i] == NULL) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- }
- }
-
-done:
- TALLOC_FREE(account_names);
- TALLOC_FREE(domain);
- TALLOC_FREE(attr_list);
- return result;
-}
-
-static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
-{
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
-{
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-static bool pdb_wbc_sam_search_groups(struct pdb_methods *methods,
- struct pdb_search *search)
-{
- return false;
-}
-
-static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods,
- struct pdb_search *search,
- const struct dom_sid *sid)
-{
-
- return false;
-}
-
-static bool pdb_wbc_sam_get_trusteddom_pw(struct pdb_methods *methods,
- const char *domain,
- char **pwd,
- struct dom_sid *sid,
- time_t *pass_last_set_time)
-{
- return false;
-
-}
-
-static bool pdb_wbc_sam_set_trusteddom_pw(struct pdb_methods *methods,
- const char *domain,
- const char *pwd,
- const struct dom_sid *sid)
-{
- return false;
-}
-
-static bool pdb_wbc_sam_del_trusteddom_pw(struct pdb_methods *methods,
- const char *domain)
-{
- return false;
-}
-
-static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- uint32_t *num_domains,
- struct trustdom_info ***domains)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
-{
- map->nt_name = talloc_asprintf(map, "%s%c%s",
- domain, *lp_winbind_separator(), name);
- if (!map->nt_name) {
- return false;
- }
- map->sid_name_use = name_type;
- map->sid = *sid;
- map->gid = gid;
- return true;
-}
-
-static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- struct dom_sid sid)
-{
- NTSTATUS result = NT_STATUS_OK;
- const char *p1 = NULL, *p2 = NULL;
- char *name = NULL;
- char *domain = NULL;
- enum lsa_SidType name_type;
- gid_t gid;
-
- if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) {
- result = NT_STATUS_NO_SUCH_GROUP;
- goto done;
- }
- domain = discard_const_p(char, p1);
- name = discard_const_p(char, p2);
-
- if ((name_type != SID_NAME_DOM_GRP) &&
- (name_type != SID_NAME_DOMAIN) &&
- (name_type != SID_NAME_ALIAS) &&
- (name_type != SID_NAME_WKN_GRP)) {
- result = NT_STATUS_NO_SUCH_GROUP;
--
Samba Shared Repository
More information about the samba-cvs
mailing list