sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
5338699d0c
samba-mirror/source/winbind/wb_samba3_cmd.c

664 lines
18 KiB
C
Raw Normal View History

r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
/*
Unix SMB/CIFS implementation.
Main winbindd samba3 server routines
Copyright (C) Stefan Metzmacher 2005
Copyright (C) Volker Lendecke 2005
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "nsswitch/winbindd_nss.h"
#include "winbind/wb_server.h"
r10491: First step towards wbinfo -t: This issues a name request for the primary domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker
2005-09-26 01:01:56 +04:00
#include "winbind/wb_async_helpers.h"
#include "libcli/composite/composite.h"
r13658: More moving around of files: - Collect the generic utility functions into a lib/util/ (a la GLib is for the GNOME folks) - Remove even more files from include/
2006-02-23 18:52:24 +03:00
#include "version.h"
r14464: Don't include ndr_BASENAME.h files unless strictly required, instead try to include just the BASENAME.h files (containing only structs)
2006-03-16 03:23:11 +03:00
#include "librpc/gen_ndr/netlogon.h"
r14860: create libcli/security/security.h metze
2006-04-02 16:02:01 +04:00
#include "libcli/security/security.h"
r13938: Around round of splitups
2006-03-07 16:36:26 +03:00
#include "auth/pam_errors.h"
r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors.
*/
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
struct wbsrv_samba3_call *s3call)
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
{
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
struct winbindd_response *resp = &s3call->response;
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
if (!NT_STATUS_IS_OK(status)) {
resp->result = WINBINDD_ERROR;
WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
nt_errstr(status));
WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
get_friendly_nt_error_msg(status));
} else {
resp->result = WINBINDD_OK;
}
resp->data.auth.pam_error = nt_status_to_pam(status);
resp->data.auth.nt_status = NT_STATUS_V(status);
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
wbsrv_samba3_send_reply(s3call);
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Send of a generic reply to a Samba3 query
*/
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
static void wbsrv_samba3_async_epilogue(NTSTATUS status,
struct wbsrv_samba3_call *s3call)
{
struct winbindd_response *resp = &s3call->response;
if (NT_STATUS_IS_OK(status)) {
resp->result = WINBINDD_OK;
} else {
resp->result = WINBINDD_ERROR;
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
}
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
wbsrv_samba3_send_reply(s3call);
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Boilerplate commands, simple queries without network traffic
*/
r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
s3call->response.data.interface_version = WINBIND_INTERFACE_VERSION;
return NT_STATUS_OK;
}
r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and WINBINDD_INFO is there a way to test this calls? vl: please review this metze
2005-09-26 17:42:42 +04:00
NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
s3call->response.data.info.winbind_separator = *lp_winbind_separator();
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version,
SAMBA_VERSION_STRING);
r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and WINBINDD_INFO is there a way to test this calls? vl: please review this metze
2005-09-26 17:42:42 +04:00
return NT_STATUS_OK;
}
NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name,
lp_workgroup());
r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and WINBINDD_INFO is there a way to test this calls? vl: please review this metze
2005-09-26 17:42:42 +04:00
return NT_STATUS_OK;
}
NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name,
lp_netbios_name());
r10508: - implement WINBINDD_NETBIOS_NAME, WINBINDD_DOMAIN_NAME and WINBINDD_INFO is there a way to test this calls? vl: please review this metze
2005-09-26 17:42:42 +04:00
return NT_STATUS_OK;
}
r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
s3call->response.extra_data =
smbd_tmp_path(s3call, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
r10426: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze
2005-09-22 22:35:08 +04:00
NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data);
return NT_STATUS_OK;
}
NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
return NT_STATUS_OK;
}
r10491: First step towards wbinfo -t: This issues a name request for the primary domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker
2005-09-26 01:01:56 +04:00
r11528: Separate finding dcs from initializing a domain. Makes it easier to possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker
2005-11-06 02:46:57 +03:00
#if 0
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Validate that we have a working pipe to the domain controller.
Return any NT error found in the process
*/
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
static void checkmachacc_recv_creds(struct composite_context *ctx);
r10683: Samba3's wbinfo -t should give the correct answer now. Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker
2005-10-03 17:46:11 +04:00
NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
r10491: First step towards wbinfo -t: This issues a name request for the primary domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker
2005-09-26 01:01:56 +04:00
{
r10675: Connect to the DC's IPC$ Volker
2005-10-01 20:36:04 +04:00
struct composite_context *ctx;
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
r10675: Connect to the DC's IPC$ Volker
2005-10-01 20:36:04 +04:00
r10852: Continuation-based programming can become a bit spaghetti... Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker
2005-10-10 00:32:24 +04:00
ctx = wb_cmd_checkmachacc_send(s3call->call);
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
r10675: Connect to the DC's IPC$ Volker
2005-10-01 20:36:04 +04:00
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
ctx->async.fn = checkmachacc_recv_creds;
r10675: Connect to the DC's IPC$ Volker
2005-10-01 20:36:04 +04:00
ctx->async.private_data = s3call;
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
r10491: First step towards wbinfo -t: This issues a name request for the primary domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker
2005-09-26 01:01:56 +04:00
}
r10683: Samba3's wbinfo -t should give the correct answer now. Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker
2005-10-03 17:46:11 +04:00
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
static void checkmachacc_recv_creds(struct composite_context *ctx)
r10683: Samba3's wbinfo -t should give the correct answer now. Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker
2005-10-03 17:46:11 +04:00
{
struct wbsrv_samba3_call *s3call =
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
talloc_get_type(ctx->async.private_data,
r10683: Samba3's wbinfo -t should give the correct answer now. Tridge, if you have time, you might want to look at the segfault I was still seeing. Now I store the handle to the netlogon pipe in the global winbind state and free it on the next entry into check_machacc. The problem seems to be that talloc_free()ing a pipe struct from within a callback function on that pipe is not possible. I think I can live with that, but it has been not really obvious. To reproduce the segfault you might want to look at putting a talloc_free(state->getcreds->out.netlogon) into wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc callback function. In particular if the check failed it would be nice if I could delete the pipe directly and not post a different event to some winbind queue. I tried to delete the pipe from a timed event triggered immediately, but this also fails because the inner loop seems to hit the same event again, calling it twice. Volker
2005-10-03 17:46:11 +04:00
struct wbsrv_samba3_call);
NTSTATUS status;
r10852: Continuation-based programming can become a bit spaghetti... Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker
2005-10-10 00:32:24 +04:00
status = wb_cmd_checkmachacc_recv(ctx);
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
wbsrv_samba3_async_auth_epilogue(status, s3call);
r10491: First step towards wbinfo -t: This issues a name request for the primary domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker
2005-09-26 01:01:56 +04:00
}
r11528: Separate finding dcs from initializing a domain. Makes it easier to possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker
2005-11-06 02:46:57 +03:00
#endif
r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does a queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker
2005-10-03 21:36:49 +04:00
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Find the name of a suitable domain controller, by query on the
netlogon pipe to the DC.
*/
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
static void getdcname_recv_dc(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_getdcname(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
DEBUG(5, ("wbsrv_samba3_getdcname called\n"));
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
ctx = wb_cmd_getdcname_send(s3call, service,
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
s3call->request.domain_name);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = getdcname_recv_dc;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
return NT_STATUS_OK;
}
static void getdcname_recv_dc(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
const char *dcname;
NTSTATUS status;
status = wb_cmd_getdcname_recv(ctx, s3call, &dcname);
if (!NT_STATUS_IS_OK(status)) goto done;
s3call->response.result = WINBINDD_OK;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.dc_name, dcname);
r11095: Implement wb_getuserdomgroups. Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker
2005-10-16 16:43:09 +04:00
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r11095: Implement wb_getuserdomgroups. Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker
2005-10-16 16:43:09 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Lookup a user's domain groups
*/
r11095: Implement wb_getuserdomgroups. Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker
2005-10-16 16:43:09 +04:00
static void userdomgroups_recv_groups(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_userdomgroups(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
struct dom_sid *sid;
DEBUG(5, ("wbsrv_samba3_userdomgroups called\n"));
sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
if (sid == NULL) {
DEBUG(5, ("Could not parse sid %s\n",
s3call->request.data.sid));
return NT_STATUS_NO_MEMORY;
}
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
ctx = wb_cmd_userdomgroups_send(
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call, s3call->wbconn->listen_socket->service, sid);
r11095: Implement wb_getuserdomgroups. Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker
2005-10-16 16:43:09 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = userdomgroups_recv_groups;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11095: Implement wb_getuserdomgroups. Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker
2005-10-16 16:43:09 +04:00
return NT_STATUS_OK;
}
static void userdomgroups_recv_groups(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_sids;
struct dom_sid **sids;
char *sids_string;
NTSTATUS status;
status = wb_cmd_userdomgroups_recv(ctx, s3call, &num_sids, &sids);
if (!NT_STATUS_IS_OK(status)) goto done;
sids_string = talloc_strdup(s3call, "");
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_sids; i++) {
sids_string = talloc_asprintf_append(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
}
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
s3call->response.result = WINBINDD_OK;
s3call->response.extra_data = sids_string;
s3call->response.length += strlen(sids_string)+1;
s3call->response.data.num_entries = num_sids;
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r11094: Connect to SAM, implement getdcname
2005-10-16 02:01:15 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Lookup the list of SIDs for a user
*/
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
static void usersids_recv_sids(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_usersids(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
struct dom_sid *sid;
DEBUG(5, ("wbsrv_samba3_usersids called\n"));
sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
if (sid == NULL) {
DEBUG(5, ("Could not parse sid %s\n",
s3call->request.data.sid));
return NT_STATUS_NO_MEMORY;
}
ctx = wb_cmd_usersids_send(
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call, s3call->wbconn->listen_socket->service, sid);
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = usersids_recv_sids;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
return NT_STATUS_OK;
}
static void usersids_recv_sids(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_sids;
struct dom_sid **sids;
char *sids_string;
NTSTATUS status;
status = wb_cmd_usersids_recv(ctx, s3call, &num_sids, &sids);
if (!NT_STATUS_IS_OK(status)) goto done;
sids_string = talloc_strdup(s3call, "");
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_sids; i++) {
sids_string = talloc_asprintf_append(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
}
s3call->response.result = WINBINDD_OK;
s3call->response.extra_data = sids_string;
s3call->response.length += strlen(sids_string);
s3call->response.data.num_entries = num_sids;
/* Hmmmm. Nasty protocol -- who invented the zeros between the
* SIDs? Hmmm. Could have been me -- vl */
while (*sids_string != '\0') {
if ((*sids_string) == '\n') {
*sids_string = '\0';
}
sids_string += 1;
}
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Lookup a DOMAIN\\user style name, and return a SID
*/
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
static void lookupname_recv_sid(struct composite_context *ctx);
r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does a queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker
2005-10-03 21:36:49 +04:00
NTSTATUS wbsrv_samba3_lookupname(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does a queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker
2005-10-03 21:36:49 +04:00
DEBUG(5, ("wbsrv_samba3_lookupname called\n"));
r11423: Add some TALLOC_CTX
2005-10-31 23:28:08 +03:00
ctx = wb_cmd_lookupname_send(s3call, service,
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
s3call->request.data.name.dom_name,
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
s3call->request.data.name.name);
r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does a queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker
2005-10-03 21:36:49 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
/* setup the callbacks */
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
ctx->async.fn = lookupname_recv_sid;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r10691: This gets half-way to wbinfo -n. It acquires an lsa pipe, and does a queryinfopolicy. Idea is to get a consistency check between that and our notion of the domain name and sid, and take the lsa pipe as the holder of the central smbcli_tree that netlogon and samr use as well. Volker
2005-10-03 21:36:49 +04:00
return NT_STATUS_OK;
}
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
static void lookupname_recv_sid(struct composite_context *ctx)
{
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
struct wbsrv_samba3_call *s3call =
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
talloc_get_type(ctx->async.private_data,
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
struct wbsrv_samba3_call);
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
struct wb_sid_object *sid;
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
NTSTATUS status;
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
status = wb_cmd_lookupname_recv(ctx, s3call, &sid);
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
if (!NT_STATUS_IS_OK(status)) goto done;
r10834: Work in progress on winbind. With some helper routines the composite functions start to look sane. Question: What about providing all winbind commands as irpc interfaces that are called from the samba3 compatibility layer? This way it would be easy for other samba components to access its functionality. Does that make sense? Volker
2005-10-08 20:25:00 +04:00
s3call->response.result = WINBINDD_OK;
s3call->response.data.sid.type = sid->type;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.sid.sid,
dom_sid_string(s3call, sid->sid));
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r10825: Complete wbinfo -n
2005-10-07 23:08:51 +04:00
}
r10844: Add challenge-response authentication to Samba4's winbindd for VL. Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett
2005-10-09 16:13:05 +04:00
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Lookup a SID, and return a DOMAIN\\user style name
*/
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
static void lookupsid_recv_name(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_lookupsid(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
struct dom_sid *sid;
DEBUG(5, ("wbsrv_samba3_lookupsid called\n"));
sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
if (sid == NULL) {
DEBUG(5, ("Could not parse sid %s\n",
s3call->request.data.sid));
return NT_STATUS_NO_MEMORY;
}
r11423: Add some TALLOC_CTX
2005-10-31 23:28:08 +03:00
ctx = wb_cmd_lookupsid_send(s3call, service, sid);
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
/* setup the callbacks */
ctx->async.fn = lookupsid_recv_name;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
return NT_STATUS_OK;
}
static void lookupsid_recv_name(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
struct wb_sid_object *sid;
NTSTATUS status;
status = wb_cmd_lookupsid_recv(ctx, s3call, &sid);
if (!NT_STATUS_IS_OK(status)) goto done;
s3call->response.result = WINBINDD_OK;
s3call->response.data.name.type = sid->type;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.name.dom_name,
sid->domain);
WBSRV_SAMBA3_SET_STRING(s3call->response.data.name.name, sid->name);
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker
2005-10-19 17:45:44 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
Challenge-response authentication. This interface is used by
ntlm_auth and the smbd auth subsystem to pass NTLM authentication
requests along a common pipe to the domain controller.
The return value (in the async reply) may include the 'info3'
(effectivly most things you would want to know about the user), or
the NT and LM session keys seperated.
*/
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
static void pam_auth_crap_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker
2005-10-13 00:22:45 +04:00
DATA_BLOB chal, nt_resp, lm_resp;
DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
chal.data = s3call->request.data.auth_crap.chal;
chal.length = sizeof(s3call->request.data.auth_crap.chal);
nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker
2005-10-13 00:22:45 +04:00
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
ctx = wb_cmd_pam_auth_crap_send(
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
s3call, service,
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
s3call->request.data.auth_crap.logon_parameters,
r11070: Fix a cut&paste error, now wbinfo can properly separate domain and user... Volker
2005-10-15 01:41:08 +04:00
s3call->request.data.auth_crap.domain,
s3call->request.data.auth_crap.user,
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
s3call->request.data.auth_crap.workstation,
chal, nt_resp, lm_resp);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = pam_auth_crap_recv;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
return NT_STATUS_OK;
}
static void pam_auth_crap_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
DATA_BLOB info3;
struct netr_UserSessionKey user_session_key;
struct netr_LMSessionKey lm_key;
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
char *unix_username;
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
status = wb_cmd_pam_auth_crap_recv(ctx, s3call, &info3,
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
&user_session_key, &lm_key, &unix_username);
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
if (!NT_STATUS_IS_OK(status)) goto done;
if (s3call->request.flags & WBFLAG_PAM_USER_SESSION_KEY) {
memcpy(s3call->response.data.auth.user_session_key,
&user_session_key.key,
sizeof(s3call->response.data.auth.user_session_key));
}
if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) {
s3call->response.extra_data = info3.data;
s3call->response.length += info3.length;
}
if (s3call->request.flags & WBFLAG_PAM_LMKEY) {
memcpy(s3call->response.data.auth.first_8_lm_hash,
lm_key.key,
sizeof(s3call->response.data.auth.first_8_lm_hash));
}
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
if (s3call->request.flags & WBFLAG_PAM_UNIX_NAME) {
s3call->response.extra_data = unix_username;
s3call->response.length += strlen(unix_username)+1;
}
done:
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
wbsrv_samba3_async_auth_epilogue(status, s3call);
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/* Helper function: Split a domain\\user string into it's parts,
* because the client supplies it as one string */
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
char **domain, char **user)
{
char *p = strchr(domuser, *lp_winbind_separator());
if (p == NULL) {
*domain = talloc_strdup(mem_ctx, lp_workgroup());
} else {
*domain = talloc_strndup(mem_ctx, domuser,
PTR_DIFF(p, domuser));
domuser = p+1;
}
*user = talloc_strdup(mem_ctx, domuser);
return ((*domain != NULL) && (*user != NULL));
}
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/* Plaintext authentication
This interface is used by ntlm_auth in it's 'basic' authentication
mode, as well as by pam_winbind to authenticate users where we are
given a plaintext password.
*/
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
static void pam_auth_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
char *user, *domain;
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
if (!samba3_parse_domuser(s3call,
s3call->request.data.auth.user,
&domain, &user)) {
return NT_STATUS_NO_SUCH_USER;
}
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
ctx = wb_cmd_pam_auth_send(s3call, service, domain, user,
s3call->request.data.auth.pass);
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = pam_auth_recv;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett
2005-10-28 17:42:00 +04:00
return NT_STATUS_OK;
}
static void pam_auth_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
status = wb_cmd_pam_auth_recv(ctx);
if (!NT_STATUS_IS_OK(status)) goto done;
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker
2005-10-15 01:05:45 +04:00
done:
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett
2005-10-31 07:17:51 +03:00
wbsrv_samba3_async_auth_epilogue(status, s3call);
r10844: Add challenge-response authentication to Samba4's winbindd for VL. Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett
2005-10-09 16:13:05 +04:00
}
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
r11412: These comments may not be much, but my eyes scan code with even minimal comments much better (much like volker scans code of less than 80 cols better ;-) Andrew Bartlett
2005-10-31 08:45:19 +03:00
/*
List trusted domains
*/
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
static void list_trustdom_recv_doms(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_list_trustdom(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
struct wbsrv_service *service =
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->wbconn->listen_socket->service;
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
DEBUG(5, ("wbsrv_samba3_list_trustdom called\n"));
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker
2005-11-05 12:34:07 +03:00
ctx = wb_cmd_list_trustdoms_send(s3call, service);
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = list_trustdom_recv_doms;
ctx->async.private_data = s3call;
r12866: This removes the abstraction layer in winbindd intended to deal with multiple protocols, replacing it with the packet handling subsystem. We don't have multiple protocols at present, and the abstraction layer only serves to confuse matters. Also, the new packet subsystem removes the need to handle partial reads. We can easily add new protocols from the socket up instead, becaue the difficult bits are done by the packet layer. Andrew Bartlett
2006-01-12 12:38:35 +03:00
s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
return NT_STATUS_OK;
}
static void list_trustdom_recv_doms(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_domains;
struct wb_dom_info **domains;
NTSTATUS status;
char *result;
status = wb_cmd_list_trustdoms_recv(ctx, s3call, &num_domains,
&domains);
if (!NT_STATUS_IS_OK(status)) goto done;
result = talloc_strdup(s3call, "");
if (result == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_domains; i++) {
result = talloc_asprintf_append(
result, "%s\\%s\\%s",
domains[i]->name, domains[i]->name,
dom_sid_string(s3call, domains[i]->sid));
}
if (result == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
s3call->response.result = WINBINDD_OK;
if (num_domains > 0) {
s3call->response.extra_data = result;
s3call->response.length += strlen(result)+1;
}
done:
r11263: Some cleanup
2005-10-23 15:21:15 +04:00
wbsrv_samba3_async_epilogue(status, s3call);
r11193: Implement wbinfo -m
2005-10-20 01:53:03 +04:00
}
Copy Permalink