[PATCH] winbind use default domain
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Wed Dec 19 08:51:07 GMT 2001
Following patch adds support for default domain in Winbindd.
That is, with 'winbind use default domain = true' winbind starts to
accept both users with and without domain specified as same if omitted
domain is default domain (one specified in 'workgroup = <DOMAIN>' option).
By default this functionality is disabled (winbind use default domain = false)
Below is sample session log (long lines wrapped with \):
1. With 'winbind use default domain = true'
$ getent passwd test
test:x:10302:10103:test:/home/AID/test:/bin/bash
$ getent passwd AID+test
AID+test:x:10302:10103:test:/home/AID/test:/bin/bash
$ getent group 'Domain Users'
Domain Users:x:10103:Administrator,Guest,TsInternetUser,NetShowServices,\
IUSR_KERBER,IWAM_KERBER,krbtgt,test
$ getent group 'AID+Domain Users'
AID+Domain Users:x:10103:Administrator,Guest,TsInternetUser,NetShowServices,\
IUSR_KERBER,IWAM_KERBER,krbtgt,test
2. With 'winbind use default domain = false'
$ getent passwd test
<EMPTY>
$ getent passwd AID+test
AID+test:x:10302:10103:test:/home/AID/test:/bin/bash
$ getent group 'Domain Users'
<EMPTY>
$ getent group 'AID+Domain Users'
AID+Domain Users:x:10103:AID+Administrator,AID+Guest,AID+TsInternetUser,\
AID+NetShowServices,AID+IUSR_KERBER,AID+IWAM_KERBER,AID+krbtgt,AID+test
Patch is against latest CVS HEAD.
--
/ Alexander Bokovoy
$ cat /proc/identity >~/.signature
`Senior software developer and analyst for SaM-Solutions Ltd.`
---
Nov 21 20:58:58 alconost kernel: VFS: Busy inodes after unmount.
Self-destruct in 5 seconds. Have a nice day...
-------------- next part --------------
diff -uk.orig samba-3.0/source/param/loadparm.c.orig samba-3.0/source/param/loadparm.c
--- samba-3.0/source/param/loadparm.c.orig Mon Dec 17 10:44:17 2001
+++ samba-3.0/source/param/loadparm.c Wed Dec 19 18:12:38 2001
@@ -155,6 +155,7 @@
char *szWinbindSeparator;
BOOL bWinbindEnumUsers;
BOOL bWinbindEnumGroups;
+ BOOL bWinbindUseDefaultDomain;
char *szAddShareCommand;
char *szChangeShareCommand;
char *szDeleteShareCommand;
@@ -1042,6 +1043,7 @@
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, 0},
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, 0},
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, 0},
+ {"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@@ -1367,6 +1369,7 @@
Globals.winbind_cache_time = 15;
Globals.bWinbindEnumUsers = True;
Globals.bWinbindEnumGroups = True;
+ Globals.bWinbindUseDefaultDomain = False;
Globals.bUseSpnego = True;
@@ -1510,6 +1513,7 @@
FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
+FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
#ifdef WITH_LDAP_SAM
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
diff -uk.orig samba-3.0/source/nsswitch/winbindd_group.c.orig samba-3.0/source/nsswitch/winbindd_group.c
--- samba-3.0/source/nsswitch/winbindd_group.c.orig Tue Dec 18 11:31:38 2001
+++ samba-3.0/source/nsswitch/winbindd_group.c Wed Dec 19 18:12:39 2001
@@ -24,6 +24,7 @@
#include "winbindd.h"
+extern fstring global_myworkgroup;
/***************************************************************
Empty static struct for negative caching.
****************************************************************/
@@ -38,13 +39,34 @@
gr->gr_gid = unix_gid;
/* Group name and password */
-
safe_strcpy(gr->gr_name, gr_name, sizeof(gr->gr_name) - 1);
safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
return True;
}
+/*
+ Strip domain name if it is same as default domain name and
+ winbind use default domain = true
+
+ it assumes that name is actually fstring so that memory management
+ isn't needed.
+*/
+static void strip_domain_name_if_needed(fstring *name)
+{
+ if(lp_winbind_use_default_domain()) {
+ char *sep = lp_winbind_separator();
+ char *new_name = strchr(*name, *sep);
+ if(new_name) {
+ *new_name = 0;
+ if (!strcmp(global_myworkgroup, *name)) {
+ new_name++;
+ safe_strcpy(*name, new_name, sizeof(fstring));
+ }
+ }
+ }
+}
+
/* Fill in the group membership field of a NT group given by group_rid */
static BOOL fill_grent_mem(struct winbindd_domain *domain,
@@ -134,6 +156,7 @@
snprintf(name, sizeof(name), "%s%s%s", domain->name,
lp_winbind_separator(), the_name);
+ strip_domain_name_if_needed(&name);
len = strlen(name);
@@ -306,6 +329,7 @@
if (strcmp(lp_winbind_separator(),"\\"))
string_sub(group_name, "\\", lp_winbind_separator(),
sizeof(fstring));
+ strip_domain_name_if_needed(&group_name);
if (!((name_type == SID_NAME_ALIAS) ||
(name_type == SID_NAME_DOM_GRP))) {
@@ -563,6 +587,8 @@
"%s%s%s", ent->domain->name, lp_winbind_separator(),
name_list[ent->sam_entry_index].acct_name);
+ strip_domain_name_if_needed(&domain_group_name);
+
result = fill_grent(&group_list[group_list_ndx],
domain_group_name, group_gid);
@@ -727,13 +753,20 @@
groups.sam_entries)[i].acct_name;
fstring name;
- snprintf(name, sizeof(name), "%s%s%s", domain->name,
- lp_winbind_separator(), group_name);
-
- /* Append to extra data */
- memcpy(&extra_data[extra_data_len], name,
- strlen(name));
- extra_data_len += strlen(name);
+ if(!lp_winbind_use_default_domain()) {
+ snprintf(name, sizeof(name), "%s%s%s", domain->name,
+ lp_winbind_separator(), group_name);
+
+ /* Append to extra data */
+ memcpy(&extra_data[extra_data_len], name,
+ strlen(name));
+ extra_data_len += strlen(name);
+ } else {
+ /* Append to extra data */
+ memcpy(&extra_data[extra_data_len], group_name,
+ strlen(group_name));
+ extra_data_len += strlen(name);
+ }
extra_data[extra_data_len++] = ',';
}
diff -uk.orig samba-3.0/source/nsswitch/winbindd_user.c.orig samba-3.0/source/nsswitch/winbindd_user.c
--- samba-3.0/source/nsswitch/winbindd_user.c.orig Tue Dec 11 18:51:41 2001
+++ samba-3.0/source/nsswitch/winbindd_user.c Wed Dec 19 18:12:54 2001
@@ -24,6 +24,8 @@
#include "winbindd.h"
+extern fstring global_myworkgroup;
+
/* Fill a pwent structure with information we have obtained */
static BOOL winbindd_fill_pwent(char *domain_name, char *name,
@@ -91,6 +93,28 @@
return True;
}
+/*
+ Strip domain name if it is same as default domain name and
+ winbind use default domain = true
+
+ it assumes that name is actually fstring so that memory management
+ isn't needed.
+*/
+static void strip_domain_name_if_needed(fstring *name)
+{
+ if(lp_winbind_use_default_domain()) {
+ char *sep = lp_winbind_separator();
+ char *new_name = strchr(*name, *sep);
+ if(new_name) {
+ *new_name = 0;
+ if (!strcmp(global_myworkgroup, *name)) {
+ new_name++;
+ safe_strcpy(*name, new_name, sizeof(fstring));
+ }
+ }
+ }
+}
+
/* Return a password structure from a username. */
enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state *state)
@@ -165,6 +189,7 @@
return WINBINDD_OK;
}
+
/* Return a password structure given a uid number */
enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state *state)
@@ -213,6 +238,7 @@
if (strcmp("\\", lp_winbind_separator()))
string_sub(user_name, "\\", lp_winbind_separator(),
sizeof(fstring));
+ strip_domain_name_if_needed(&user_name);
/* Get some user info */
@@ -487,6 +513,8 @@
slprintf(domain_user_name, sizeof(domain_user_name) - 1,
"%s%s%s", ent->domain->name, sep,
name_list[ent->sam_entry_index].name);
+
+ strip_domain_name_if_needed(&domain_user_name);
result = winbindd_fill_pwent(
ent->domain->name,
@@ -583,14 +611,21 @@
fstrcpy(acct_name, info[i].acct_name);
}
- slprintf(name, sizeof(name) - 1, "%s%s%s",
- domain->name, lp_winbind_separator(),
- acct_name);
+ if(!lp_winbind_use_default_domain()) {
+ slprintf(name, sizeof(name) - 1, "%s%s%s",
+ domain->name, lp_winbind_separator(),
+ acct_name);
/* Append to extra data */
- memcpy(&extra_data[extra_data_len], name,
- strlen(name));
- extra_data_len += strlen(name);
+ memcpy(&extra_data[extra_data_len], name,
+ strlen(name));
+ extra_data_len += strlen(name);
+ } else {
+ /* Append to extra data */
+ memcpy(&extra_data[extra_data_len], acct_name,
+ strlen(acct_name));
+ extra_data_len += strlen(acct_name);
+ }
extra_data[extra_data_len++] = ',';
}
}
diff -uk.orig samba-3.0/source/nsswitch/winbindd_util.c.orig samba-3.0/source/nsswitch/winbindd_util.c
--- samba-3.0/source/nsswitch/winbindd_util.c.orig Wed Dec 19 15:33:44 2001
+++ samba-3.0/source/nsswitch/winbindd_util.c Wed Dec 19 18:11:46 2001
@@ -308,17 +308,23 @@
}
/* Parse a string of the form DOMAIN/user into a domain and a user */
+extern fstring global_myworkgroup;
BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
{
char *p = strchr(domuser,*lp_winbind_separator());
- if (!p)
+ if (!(p || lp_winbind_use_default_domain()))
return False;
- fstrcpy(user, p+1);
- fstrcpy(domain, domuser);
- domain[PTR_DIFF(p, domuser)] = 0;
+ if(!p && lp_winbind_use_default_domain()) {
+ fstrcpy(user, domuser);
+ fstrcpy(domain, global_myworkgroup);
+ } else {
+ fstrcpy(user, p+1);
+ fstrcpy(domain, domuser);
+ domain[PTR_DIFF(p, domuser)] = 0;
+ }
strupper(domain);
return True;
}
More information about the samba-technical
mailing list