passdb/pdb_wbc_sam.c and auth/auth_wbc.c used anywhere?
Michael Adam
obnox at samba.org
Thu Jan 5 19:54:33 UTC 2017
On 2017-01-04 at 16:38 +0100, Volker Lendecke wrote:
> On Tue, Jan 03, 2017 at 08:23:35AM +0100, Volker Lendecke wrote:
> > On Tue, Jan 03, 2017 at 01:10:15PM +1300, Andrew Bartlett wrote:
> > > On Fri, 2016-12-30 at 12:42 +0100, Volker Lendecke wrote:
> > > > Hi!
> > > >
> > > > Are those two used at all? If so, what is the exact use case?
> > > >
> > > > Thanks,
> > >
> > > auth_wbc diverged from auth_winbind via this commit:
> > >
> > > commit c383022f89a34b83039502cc58178498cc06370e
> > > Author: Dan Sledz <dan.sledz at isilon.com>
> > > Date: Fri Feb 13 12:24:22 2009 -0800
> > >
> > > Introduce a new authentication backend auth_onefs_wb
> > >
> > > This new backend is custom tailored to onefs' unique requirements:
> > > 1) No fallback logic
> > > 2) Does not validate the domain of the user
> > > 3) Handles unencrypted passwords
> > >
> > > I don't thin OneFS ever made it to Samba 4.x, this links says they are
> > > on Likewise: https://community.emc.com/message/745769#745769
> >
> > Attached.
> >
> > Review?
>
> There was a test for auth methods = wbc. The attached patchset
> survived a private autobuild for me.
Reviewed by me. (The additional patch).
Cheers - Michael
> From 79b34cbd473482124ceaf60315b064d7bdc3b80e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 4 Jan 2017 10:36:04 +0000
> Subject: [PATCH 1/3] selftest: Don't test auth_wbc anymore
>
> It will go in the next commit
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source4/selftest/tests.py | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index ec071065bf6..98974dcc42f 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -233,7 +233,6 @@ for env in ["ad_dc_ntvfs", "nt4_dc"]:
> name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
> plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
> plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
> - plantestsuite("samba.blackbox.pdbtest.winbind(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest2", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=wbc'"])
>
> plantestsuite("samba.blackbox.pdbtest.s4winbind(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest3", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind'"])
> plantestsuite("samba.blackbox.pdbtest.s4winbind_wbclient(ad_dc_ntvfs)", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest4", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind_wbclient'"])
> --
> 2.11.0
>
>
> From 66f8bb268cd83850d0d5ccee04654109bc0c4d07 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 3 Jan 2017 07:04:59 +0000
> Subject: [PATCH 2/3] auth: Remove auth_wbc
>
> It seems that this was only used in OneFS. The filesystem parts were
> removed in 2012 with 70be41c772d.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/auth/auth_wbc.c | 199 ---------------------------------------------
> source3/auth/wscript_build | 8 --
> source3/wscript | 2 +-
> 3 files changed, 1 insertion(+), 208 deletions(-)
> delete mode 100644 source3/auth/auth_wbc.c
>
> diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
> deleted file mode 100644
> index 1b70042d909..00000000000
> --- a/source3/auth/auth_wbc.c
> +++ /dev/null
> @@ -1,199 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> -
> - Winbind client authentication mechanism designed to defer all
> - authentication to the winbind daemon.
> -
> - Copyright (C) Tim Potter 2000
> - Copyright (C) Andrew Bartlett 2001 - 2002
> - Copyright (C) Dan Sledz 2009
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -/* This auth module is very similar to auth_winbind with 3 distinct
> - * differences.
> - *
> - * 1) Does not fallback to another auth module if winbindd is unavailable
> - * 2) Does not validate the domain of the user
> - * 3) Handles unencrypted passwords
> - *
> - * The purpose of this module is to defer all authentication decisions (ie:
> - * local user vs NIS vs LDAP vs AD; encrypted vs plaintext) to the wbc
> - * compatible daemon. This centeralizes all authentication decisions to a
> - * single provider.
> - *
> - * This auth backend is most useful when used in conjunction with pdb_wbc_sam.
> - */
> -
> -#include "includes.h"
> -#include "auth.h"
> -#include "nsswitch/libwbclient/wbclient.h"
> -
> -#undef DBGC_CLASS
> -#define DBGC_CLASS DBGC_AUTH
> -
> -/* Authenticate a user with a challenge/response */
> -
> -static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
> - void *my_private_data,
> - TALLOC_CTX *mem_ctx,
> - const struct auth_usersupplied_info *user_info,
> - struct auth_serversupplied_info **server_info)
> -{
> - NTSTATUS nt_status;
> - wbcErr wbc_status;
> - struct wbcAuthUserParams params;
> - struct wbcAuthUserInfo *info = NULL;
> - struct wbcAuthErrorInfo *err = NULL;
> -
> - if (!user_info || !auth_context || !server_info) {
> - return NT_STATUS_INVALID_PARAMETER;
> - }
> -
> - ZERO_STRUCT(params);
> -
> - /* Send off request */
> -
> - DEBUG(10, ("Check auth for: [%s]", user_info->mapped.account_name));
> -
> - params.account_name = user_info->client.account_name;
> - params.domain_name = user_info->mapped.domain_name;
> - params.workstation_name = user_info->workstation_name;
> -
> - params.flags = 0;
> - params.parameter_control= user_info->logon_parameters;
> -
> - /* Handle plaintext */
> - switch (user_info->password_state) {
> - case AUTH_PASSWORD_PLAIN:
> - {
> - DEBUG(3,("Checking plaintext password for %s.\n",
> - user_info->mapped.account_name));
> - params.level = WBC_AUTH_USER_LEVEL_PLAIN;
> -
> - params.password.plaintext = user_info->password.plaintext;
> - break;
> - }
> - case AUTH_PASSWORD_RESPONSE:
> - case AUTH_PASSWORD_HASH:
> - {
> - DEBUG(3,("Checking encrypted password for %s.\n",
> - user_info->mapped.account_name));
> - params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
> -
> - memcpy(params.password.response.challenge,
> - auth_context->challenge.data,
> - sizeof(params.password.response.challenge));
> -
> - if (user_info->password.response.nt.length != 0) {
> - params.password.response.nt_length =
> - user_info->password.response.nt.length;
> - params.password.response.nt_data =
> - user_info->password.response.nt.data;
> - }
> - if (user_info->password.response.lanman.length != 0) {
> - params.password.response.lm_length =
> - user_info->password.response.lanman.length;
> - params.password.response.lm_data =
> - user_info->password.response.lanman.data;
> - }
> - break;
> - }
> - default:
> - DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state));
> - return NT_STATUS_INTERNAL_ERROR;
> -#if 0 /* If ever implemented in libwbclient */
> - case AUTH_PASSWORD_HASH:
> - {
> - DEBUG(3,("Checking logon (hash) password for %s.\n",
> - user_info->mapped.account_name));
> - params.level = WBC_AUTH_USER_LEVEL_HASH;
> -
> - if (user_info->password.hash.nt) {
> - memcpy(params.password.hash.nt_hash, user_info->password.hash.nt, sizeof(* user_info->password.hash.nt));
> - } else {
> - memset(params.password.hash.nt_hash, '\0', sizeof(params.password.hash.nt_hash));
> - }
> -
> - if (user_info->password.hash.lanman) {
> - memcpy(params.password.hash.lm_hash, user_info->password.hash.lanman, sizeof(* user_info->password.hash.lanman));
> - } else {
> - memset(params.password.hash.lm_hash, '\0', sizeof(params.password.hash.lm_hash));
> - }
> -
> - }
> -#endif
> - }
> -
> - /* we are contacting the privileged pipe */
> - become_root();
> - wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
> - unbecome_root();
> -
> - if (!WBC_ERROR_IS_OK(wbc_status)) {
> - DEBUG(10,("wbcAuthenticateUserEx failed (%d): %s\n",
> - wbc_status, wbcErrorString(wbc_status)));
> - }
> -
> - if (wbc_status == WBC_ERR_NO_MEMORY) {
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - if (wbc_status == WBC_ERR_AUTH_ERROR) {
> - nt_status = NT_STATUS(err->nt_status);
> - wbcFreeMemory(err);
> - return nt_status;
> - }
> -
> - if (!WBC_ERROR_IS_OK(wbc_status)) {
> - return NT_STATUS_LOGON_FAILURE;
> - }
> -
> - DEBUG(10,("wbcAuthenticateUserEx succeeded\n"));
> -
> - nt_status = make_server_info_wbcAuthUserInfo(mem_ctx,
> - user_info->client.account_name,
> - user_info->mapped.domain_name,
> - info, server_info);
> - wbcFreeMemory(info);
> - if (!NT_STATUS_IS_OK(nt_status)) {
> - return nt_status;
> - }
> -
> - (*server_info)->nss_token |= user_info->was_mapped;
> -
> - return nt_status;
> -}
> -
> -/* module initialisation */
> -static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
> -{
> - struct auth_methods *result;
> -
> - result = talloc_zero(auth_context, struct auth_methods);
> - if (result == NULL) {
> - return NT_STATUS_NO_MEMORY;
> - }
> - result->name = "wbc";
> - result->auth = check_wbc_security;
> -
> - *auth_method = result;
> - return NT_STATUS_OK;
> -}
> -
> -NTSTATUS auth_wbc_init(void)
> -{
> - return smb_register_auth(AUTH_INTERFACE_VERSION, "wbc", auth_init_wbc);
> -}
> diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build
> index e7a605177e7..b95fb9831f9 100644
> --- a/source3/auth/wscript_build
> +++ b/source3/auth/wscript_build
> @@ -46,14 +46,6 @@ bld.SAMBA3_MODULE('auth_winbind',
> init_function='',
> internal_module=True)
>
> -bld.SAMBA3_MODULE('auth_wbc',
> - subsystem='auth',
> - source='auth_wbc.c',
> - deps='samba-util',
> - init_function='',
> - internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_wbc'),
> - enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_wbc'))
> -
> bld.SAMBA3_MODULE('auth_domain',
> subsystem='auth',
> source='auth_domain.c',
> diff --git a/source3/wscript b/source3/wscript
> index c6b2421c45b..9784993f536 100644
> --- a/source3/wscript
> +++ b/source3/wscript
> @@ -1663,7 +1663,7 @@ main() {
>
> forced_static_modules.extend(TO_LIST('auth_domain auth_builtin auth_sam auth_winbind'))
> default_static_modules.extend(TO_LIST('''pdb_smbpasswd pdb_tdbsam pdb_wbc_sam
> - auth_unix auth_wbc
> + auth_unix
> nss_info_template idmap_tdb idmap_passdb
> idmap_nss'''))
>
> --
> 2.11.0
>
>
> From 399adfd36466312b1fe16a4bcbd97670966eb6eb Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 3 Jan 2017 07:04:59 +0000
> Subject: [PATCH 3/3] passdb: Remove pdb_wbc_sam
>
> It seems that this was only used in OneFS. The filesystem parts were
> removed in 2012 with 70be41c772d.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/passdb/pdb_wbc_sam.c | 452 -------------------------------------------
> source3/passdb/pdb_wbc_sam.h | 33 ----
> source3/passdb/wscript_build | 8 -
> source3/wscript | 2 +-
> 4 files changed, 1 insertion(+), 494 deletions(-)
> delete mode 100644 source3/passdb/pdb_wbc_sam.c
> delete mode 100644 source3/passdb/pdb_wbc_sam.h
>
> diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
> deleted file mode 100644
> index b73fcc4a46e..00000000000
> --- a/source3/passdb/pdb_wbc_sam.c
> +++ /dev/null
> @@ -1,452 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> -
> - Password and authentication handling by wbclient
> -
> - Copyright (C) Andrew Bartlett 2002
> - Copyright (C) Jelmer Vernooij 2002
> - Copyright (C) Simo Sorce 2003
> - Copyright (C) Volker Lendecke 2006
> - Copyright (C) Dan Sledz 2009
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -/* This passdb module retrieves full passdb information for local users and
> - * groups from a wbclient compatible daemon.
> - *
> - * The purpose of this module is to defer all SAM authorization information
> - * storage and retrieval to a wbc compatible daemon.
> - *
> - * This passdb backend is most useful when used in conjunction with auth_wbc.
> - *
> - * A few current limitations of this module are:
> - * - read only interface
> - * - no privileges
> - */
> -
> -#include "includes.h"
> -#include "passdb.h"
> -#include "lib/winbind_util.h"
> -#include "passdb/pdb_wbc_sam.h"
> -#include "idmap.h"
> -
> -/***************************************************************************
> - Default implementations of some functions.
> - ****************************************************************************/
> -static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
> - struct samu *user,
> - const struct passwd *pwd)
> -{
> - NTSTATUS result = NT_STATUS_OK;
> -
> - if (pwd == NULL)
> - return NT_STATUS_NO_SUCH_USER;
> -
> - ZERO_STRUCTP(user);
> -
> - /* Can we really get away with this little of information */
> - user->methods = methods;
> - result = samu_set_unix(user, pwd);
> -
> - return result;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
> -{
> - return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname));
> -}
> -
> -static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const struct dom_sid *sid)
> -{
> - return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
> -}
> -
> -static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
> - struct dom_sid *sid)
> -{
> - switch (id->type) {
> - case ID_TYPE_UID:
> - return winbind_uid_to_sid(sid, id->id);
> -
> - case ID_TYPE_GID:
> - return winbind_gid_to_sid(sid, id->id);
> -
> - default:
> - return false;
> - }
> -}
> -
> -static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
> - TALLOC_CTX *mem_ctx,
> - const struct dom_sid *group,
> - uint32_t **pp_member_rids,
> - size_t *p_num_members)
> -{
> - return NT_STATUS_NOT_IMPLEMENTED;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods,
> - TALLOC_CTX *mem_ctx,
> - struct samu *user,
> - struct dom_sid **pp_sids,
> - gid_t **pp_gids,
> - uint32_t *p_num_groups)
> -{
> - size_t i;
> - const char *username = pdb_get_username(user);
> - uint32_t num_groups;
> -
> - if (!winbind_get_groups(mem_ctx, username, &num_groups, pp_gids)) {
> - return NT_STATUS_NO_SUCH_USER;
> - }
> - *p_num_groups = num_groups;
> -
> - if (*p_num_groups == 0) {
> - smb_panic("primary group missing");
> - }
> -
> - *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups);
> -
> - if (*pp_sids == NULL) {
> - TALLOC_FREE(*pp_gids);
> - return NT_STATUS_NO_MEMORY;
> - }
> -
> - for (i=0; i < *p_num_groups; i++) {
> - gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]);
> - }
> -
> - return NT_STATUS_OK;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods,
> - const struct dom_sid *domain_sid,
> - int num_rids,
> - uint32_t *rids,
> - const char **names,
> - enum lsa_SidType *attrs)
> -{
> - NTSTATUS result = NT_STATUS_OK;
> - const char *p = NULL;
> - const char **pp = NULL;
> - char *domain = NULL;
> - char **account_names = NULL;
> - enum lsa_SidType *attr_list = NULL;
> - int i;
> -
> - if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids,
> - &p, &pp, &attr_list))
> - {
> - result = NT_STATUS_NONE_MAPPED;
> - goto done;
> - }
> - domain = discard_const_p(char, p);
> - account_names = discard_const_p(char *, pp);
> -
> - memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType));
> -
> - for (i=0; i<num_rids; i++) {
> - if (attrs[i] == SID_NAME_UNKNOWN) {
> - names[i] = NULL;
> - } else {
> - names[i] = talloc_strdup(names, account_names[i]);
> - if (names[i] == NULL) {
> - result = NT_STATUS_NO_MEMORY;
> - goto done;
> - }
> -
> - }
> - }
> -
> -done:
> - TALLOC_FREE(account_names);
> - TALLOC_FREE(domain);
> - TALLOC_FREE(attr_list);
> - return result;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
> -{
> - return NT_STATUS_UNSUCCESSFUL;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
> -{
> - return NT_STATUS_UNSUCCESSFUL;
> -}
> -
> -static bool pdb_wbc_sam_search_groups(struct pdb_methods *methods,
> - struct pdb_search *search)
> -{
> - return false;
> -}
> -
> -static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods,
> - struct pdb_search *search,
> - const struct dom_sid *sid)
> -{
> -
> - return false;
> -}
> -
> -static bool pdb_wbc_sam_get_trusteddom_pw(struct pdb_methods *methods,
> - const char *domain,
> - char **pwd,
> - struct dom_sid *sid,
> - time_t *pass_last_set_time)
> -{
> - return false;
> -
> -}
> -
> -static bool pdb_wbc_sam_set_trusteddom_pw(struct pdb_methods *methods,
> - const char *domain,
> - const char *pwd,
> - const struct dom_sid *sid)
> -{
> - return false;
> -}
> -
> -static bool pdb_wbc_sam_del_trusteddom_pw(struct pdb_methods *methods,
> - const char *domain)
> -{
> - return false;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
> - TALLOC_CTX *mem_ctx,
> - uint32_t *num_domains,
> - struct trustdom_info ***domains)
> -{
> - return NT_STATUS_NOT_IMPLEMENTED;
> -}
> -
> -static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
> -{
> - map->nt_name = talloc_asprintf(map, "%s%c%s",
> - domain, *lp_winbind_separator(), name);
> - if (!map->nt_name) {
> - return false;
> - }
> - map->sid_name_use = name_type;
> - map->sid = *sid;
> - map->gid = gid;
> - return true;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
> - struct dom_sid sid)
> -{
> - NTSTATUS result = NT_STATUS_OK;
> - const char *p1 = NULL, *p2 = NULL;
> - char *name = NULL;
> - char *domain = NULL;
> - enum lsa_SidType name_type;
> - gid_t gid;
> -
> - if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> - domain = discard_const_p(char, p1);
> - name = discard_const_p(char, p2);
> -
> - if ((name_type != SID_NAME_DOM_GRP) &&
> - (name_type != SID_NAME_DOMAIN) &&
> - (name_type != SID_NAME_ALIAS) &&
> - (name_type != SID_NAME_WKN_GRP)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!winbind_sid_to_gid(&gid, &sid)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> -done:
> - TALLOC_FREE(name);
> - TALLOC_FREE(domain);
> - return result;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
> - gid_t gid)
> -{
> - NTSTATUS result = NT_STATUS_OK;
> - const char *p1 = NULL, *p2 = NULL;
> - char *name = NULL;
> - char *domain = NULL;
> - struct dom_sid sid;
> - enum lsa_SidType name_type;
> -
> - if (!winbind_gid_to_sid(&sid, gid)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> - domain = discard_const_p(char, p1);
> - name = discard_const_p(char, p2);
> -
> - if ((name_type != SID_NAME_DOM_GRP) &&
> - (name_type != SID_NAME_DOMAIN) &&
> - (name_type != SID_NAME_ALIAS) &&
> - (name_type != SID_NAME_WKN_GRP)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> -done:
> - TALLOC_FREE(name);
> - TALLOC_FREE(domain);
> -
> - return result;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
> - const char *name)
> -{
> - NTSTATUS result = NT_STATUS_OK;
> - const char *domain = "";
> - struct dom_sid sid;
> - gid_t gid;
> - enum lsa_SidType name_type;
> -
> - if (!winbind_lookup_name(domain, name, &sid, &name_type)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if ((name_type != SID_NAME_DOM_GRP) &&
> - (name_type != SID_NAME_DOMAIN) &&
> - (name_type != SID_NAME_ALIAS) &&
> - (name_type != SID_NAME_WKN_GRP)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!winbind_sid_to_gid(&gid, &sid)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> - if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
> - result = NT_STATUS_NO_SUCH_GROUP;
> - goto done;
> - }
> -
> -done:
> -
> - return result;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
> - const struct dom_sid *sid, enum lsa_SidType sid_name_use,
> - GROUP_MAP ***pp_rmap, size_t *p_num_entries,
> - bool unix_only)
> -{
> - return NT_STATUS_NOT_IMPLEMENTED;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods,
> - const struct dom_sid *sid,
> - struct acct_info *info)
> -{
> - return NT_STATUS_NOT_IMPLEMENTED;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods,
> - const struct dom_sid *alias,
> - TALLOC_CTX *mem_ctx,
> - struct dom_sid **pp_members,
> - size_t *p_num_members)
> -{
> - return NT_STATUS_NOT_IMPLEMENTED;
> -}
> -
> -static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods,
> - TALLOC_CTX *mem_ctx,
> - const struct dom_sid *domain_sid,
> - const struct dom_sid *members,
> - size_t num_members,
> - uint32_t **pp_alias_rids,
> - size_t *p_num_alias_rids)
> -{
> - if (!winbind_get_sid_aliases(mem_ctx, domain_sid,
> - members, num_members, pp_alias_rids, p_num_alias_rids))
> - return NT_STATUS_UNSUCCESSFUL;
> -
> - return NT_STATUS_OK;
> -}
> -
> -static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *location)
> -{
> - NTSTATUS result;
> -
> - if (!NT_STATUS_IS_OK(result = make_pdb_method( pdb_method))) {
> - return result;
> - }
> -
> - (*pdb_method)->name = "wbc_sam";
> -
> - (*pdb_method)->getsampwnam = pdb_wbc_sam_getsampwnam;
> - (*pdb_method)->getsampwsid = pdb_wbc_sam_getsampwsid;
> -
> - (*pdb_method)->getgrsid = pdb_wbc_sam_getgrsid;
> - (*pdb_method)->getgrgid = pdb_wbc_sam_getgrgid;
> - (*pdb_method)->getgrnam = pdb_wbc_sam_getgrnam;
> - (*pdb_method)->enum_group_mapping = pdb_wbc_sam_enum_group_mapping;
> - (*pdb_method)->enum_group_members = pdb_wbc_sam_enum_group_members;
> - (*pdb_method)->enum_group_memberships = pdb_wbc_sam_enum_group_memberships;
> - (*pdb_method)->get_aliasinfo = pdb_wbc_sam_get_aliasinfo;
> - (*pdb_method)->enum_aliasmem = pdb_wbc_sam_enum_aliasmem;
> - (*pdb_method)->enum_alias_memberships = pdb_wbc_sam_alias_memberships;
> - (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
> - (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
> - (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
> - (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid;
> -
> - (*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
> - (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
> -
> - (*pdb_method)->get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw;
> - (*pdb_method)->set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw;
> - (*pdb_method)->del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw;
> - (*pdb_method)->enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms;
> -
> - (*pdb_method)->private_data = NULL;
> - (*pdb_method)->free_private_data = NULL;
> -
> - return NT_STATUS_OK;
> -}
> -
> -NTSTATUS pdb_wbc_sam_init(void)
> -{
> - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "wbc_sam", pdb_init_wbc_sam);
> -}
> diff --git a/source3/passdb/pdb_wbc_sam.h b/source3/passdb/pdb_wbc_sam.h
> deleted file mode 100644
> index 02473c9b6e9..00000000000
> --- a/source3/passdb/pdb_wbc_sam.h
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -/*
> - Unix SMB/CIFS implementation.
> -
> - Password and authentication handling by wbclient
> -
> - Copyright (C) Andrew Bartlett 2002
> - Copyright (C) Jelmer Vernooij 2002
> - Copyright (C) Simo Sorce 2003
> - Copyright (C) Volker Lendecke 2006
> - Copyright (C) Dan Sledz 2009
> -
> - This program is free software; you can redistribute it and/or modify
> - it under the terms of the GNU General Public License as published by
> - the Free Software Foundation; either version 3 of the License, or
> - (at your option) any later version.
> -
> - This program is distributed in the hope that it will be useful,
> - but WITHOUT ANY WARRANTY; without even the implied warranty of
> - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - GNU General Public License for more details.
> -
> - You should have received a copy of the GNU General Public License
> - along with this program. If not, see <http://www.gnu.org/licenses/>.
> -*/
> -
> -#ifndef _PASSDB_PDB_WBC_SAM_H_
> -#define _PASSDB_PDB_WBC_SAM_H_
> -
> -/* The following definitions come from passdb/pdb_wbc_sam.c */
> -
> -NTSTATUS pdb_wbc_sam_init(void);
> -
> -#endif /* _PASSDB_PDB_WBC_SAM_H_ */
> diff --git a/source3/passdb/wscript_build b/source3/passdb/wscript_build
> index 105777a2b94..f943597004a 100644
> --- a/source3/passdb/wscript_build
> +++ b/source3/passdb/wscript_build
> @@ -24,14 +24,6 @@ bld.SAMBA3_MODULE('pdb_smbpasswd',
> internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_smbpasswd'),
> enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_smbpasswd'))
>
> -bld.SAMBA3_MODULE('pdb_wbc_sam',
> - subsystem='pdb',
> - source='pdb_wbc_sam.c',
> - deps='samba-util wbclient',
> - init_function='',
> - internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_wbc_sam'),
> - enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_wbc_sam'))
> -
> bld.SAMBA3_MODULE('pdb_samba_dsdb',
> subsystem='pdb',
> source='pdb_samba_dsdb.c',
> diff --git a/source3/wscript b/source3/wscript
> index 9784993f536..b09e3727efc 100644
> --- a/source3/wscript
> +++ b/source3/wscript
> @@ -1662,7 +1662,7 @@ main() {
> default_static_modules.extend(TO_LIST('rpc_mdssvc_module'))
>
> forced_static_modules.extend(TO_LIST('auth_domain auth_builtin auth_sam auth_winbind'))
> - default_static_modules.extend(TO_LIST('''pdb_smbpasswd pdb_tdbsam pdb_wbc_sam
> + default_static_modules.extend(TO_LIST('''pdb_smbpasswd pdb_tdbsam
> auth_unix
> nss_info_template idmap_tdb idmap_passdb
> idmap_nss'''))
> --
> 2.11.0
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170105/4c9e1d72/signature.sig>
More information about the samba-technical
mailing list