mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
More work on winbindd connection rewrite:
- implemented some of the sam related connection manager routines
- fill in group id and gecos fields for getpwnam/getpwuid routines
- convert querydispinfo to cm
- getent passwd now works
Now for the group related routines...
(This used to be commit 4f8ea87787
)
This commit is contained in:
parent
494bb7b980
commit
14fc7fd109
@ -230,12 +230,12 @@ static struct dispatch_table dispatch_table[] = {
|
||||
{ WINBINDD_GETPWNAM_FROM_USER, winbindd_getpwnam_from_user },
|
||||
{ WINBINDD_GETPWNAM_FROM_UID, winbindd_getpwnam_from_uid },
|
||||
|
||||
#if 0
|
||||
|
||||
{ WINBINDD_SETPWENT, winbindd_setpwent },
|
||||
{ WINBINDD_ENDPWENT, winbindd_endpwent },
|
||||
{ WINBINDD_GETPWENT, winbindd_getpwent },
|
||||
|
||||
#if 0
|
||||
|
||||
{ WINBINDD_GETGROUPS, winbindd_getgroups },
|
||||
|
||||
/* Group functions */
|
||||
@ -699,6 +699,12 @@ int main(int argc, char **argv)
|
||||
|
||||
secrets_init();
|
||||
|
||||
/* Get list of domains we look up requests for. This includes the
|
||||
domain which we are a member of as well as any trusted
|
||||
domains. */
|
||||
|
||||
get_domain_info();
|
||||
|
||||
ZERO_STRUCT(server_state);
|
||||
|
||||
/* Winbind daemon initialisation */
|
||||
|
@ -33,15 +33,13 @@
|
||||
- manage re-entrancy for when winbindd becomes able to handle
|
||||
multiple outstanding rpc requests
|
||||
|
||||
We can also throw away the CLI_POLICY_HND stuff as all this information
|
||||
will be stored within this module.
|
||||
|
||||
Why not have connection management as part of the rpc layer like tng?
|
||||
Good question. This code may morph into libsmb/rpc_cache.c or something
|
||||
like that but at the moment it's simply staying as part of winbind. I
|
||||
think the TNG architecture of forcing every user of the rpc layer to use
|
||||
the connection caching system is a bad idea. It should be an optional
|
||||
method of using the routines.
|
||||
method of using the routines. We actually cache policy handles - tng
|
||||
caches connections to pipes.
|
||||
|
||||
The TNG design is quite good but I disagree with some aspects of the
|
||||
implementation. -tpot
|
||||
@ -55,7 +53,13 @@
|
||||
moved down into another function.
|
||||
|
||||
- There needs to be a utility function in libsmb/namequery.c that does
|
||||
get_any_dc_name()
|
||||
cm_get_dc_name()
|
||||
|
||||
- When closing down sam handles we need to close down user, group and
|
||||
domain handles.
|
||||
|
||||
- Take care when destroying cli_structs as they can be shared between
|
||||
various sam handles.
|
||||
|
||||
*/
|
||||
|
||||
@ -63,13 +67,25 @@
|
||||
|
||||
/* We store lists of connections here */
|
||||
|
||||
enum sam_pipe_type {
|
||||
SAM_PIPE_BASIC, /* A basic handle */
|
||||
SAM_PIPE_DOM, /* A domain handle */
|
||||
SAM_PIPE_USER, /* A handle on a user */
|
||||
SAM_PIPE_GROUP /* A handle on a group */
|
||||
};
|
||||
|
||||
struct winbindd_cm_conn {
|
||||
struct winbindd_cm_conn *prev, *next;
|
||||
fstring domain;
|
||||
fstring controller;
|
||||
fstring pipe_name;
|
||||
struct cli_state cli;
|
||||
struct cli_state *cli;
|
||||
POLICY_HND pol;
|
||||
|
||||
/* Specific pipe stuff - move into a union? */
|
||||
|
||||
enum sam_pipe_type sam_pipe_type; /* Domain, user, group etc */
|
||||
uint32 user_rid;
|
||||
};
|
||||
|
||||
/* Global list of connections. Initially a DLIST but can become a hash
|
||||
@ -122,19 +138,17 @@ static BOOL cm_open_connection(char *domain, char *pipe_name,
|
||||
BOOL result = False;
|
||||
struct ntuser_creds creds;
|
||||
|
||||
ZERO_STRUCT(new_conn->cli);
|
||||
|
||||
fstrcpy(new_conn->domain, domain);
|
||||
fstrcpy(new_conn->pipe_name, pipe_name);
|
||||
|
||||
/* Look for a domain controller for this domain */
|
||||
|
||||
if (!cm_get_dc_name(lp_workgroup(), new_conn->controller))
|
||||
if (!cm_get_dc_name(domain, new_conn->controller))
|
||||
goto done;
|
||||
|
||||
/* Initialise SMB connection */
|
||||
|
||||
if (!cli_initialise(&new_conn->cli))
|
||||
if (!(new_conn->cli = cli_initialise(NULL)))
|
||||
goto done;
|
||||
|
||||
if (!resolve_srv_name(new_conn->controller, dest_host, &dest_ip))
|
||||
@ -147,21 +161,21 @@ static BOOL cm_open_connection(char *domain, char *pipe_name,
|
||||
ZERO_STRUCT(creds);
|
||||
creds.pwd.null_pwd = 1;
|
||||
|
||||
cli_init_creds(&new_conn->cli, &creds);
|
||||
cli_init_creds(new_conn->cli, &creds);
|
||||
|
||||
if (!cli_establish_connection(&new_conn->cli, new_conn->controller,
|
||||
if (!cli_establish_connection(new_conn->cli, new_conn->controller,
|
||||
&dest_ip, &calling, &called, "IPC$",
|
||||
"IPC", False, True))
|
||||
goto done;
|
||||
|
||||
if (!cli_nt_session_open (&new_conn->cli, pipe_name))
|
||||
if (!cli_nt_session_open (new_conn->cli, pipe_name))
|
||||
goto done;
|
||||
|
||||
result = True;
|
||||
|
||||
done:
|
||||
if (!result)
|
||||
cli_shutdown(&new_conn->cli);
|
||||
if (!result && new_conn->cli)
|
||||
cli_shutdown(new_conn->cli);
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -189,13 +203,15 @@ CLI_POLICY_HND *cm_get_lsa_handle(char *domain)
|
||||
malloc(sizeof(struct winbindd_cm_conn))))
|
||||
return NULL;
|
||||
|
||||
ZERO_STRUCTP(conn);
|
||||
|
||||
if (!cm_open_connection(domain, PIPE_LSARPC, conn)) {
|
||||
DEBUG(3, ("Could not connect to a dc for domain %s\n",
|
||||
domain));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
result = cli_lsa_open_policy(&conn->cli, conn->cli.mem_ctx, False,
|
||||
result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False,
|
||||
des_access, &conn->pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
@ -207,7 +223,7 @@ CLI_POLICY_HND *cm_get_lsa_handle(char *domain)
|
||||
|
||||
ok:
|
||||
hnd.pol = conn->pol;
|
||||
hnd.cli = &conn->cli;
|
||||
hnd.cli = conn->cli;
|
||||
|
||||
return &hnd;
|
||||
}
|
||||
@ -216,24 +232,184 @@ CLI_POLICY_HND *cm_get_lsa_handle(char *domain)
|
||||
|
||||
CLI_POLICY_HND *cm_get_sam_handle(char *domain)
|
||||
{
|
||||
DEBUG(0, ("get_sam_handle(): not implemented\n"));
|
||||
return NULL;
|
||||
struct winbindd_cm_conn *conn;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
NTSTATUS result;
|
||||
static CLI_POLICY_HND hnd;
|
||||
|
||||
/* Look for existing connections */
|
||||
|
||||
for (conn = cm_conns; conn; conn = conn->next) {
|
||||
if (strequal(conn->domain, domain) &&
|
||||
strequal(conn->pipe_name, PIPE_SAMR) &&
|
||||
conn->sam_pipe_type == SAM_PIPE_BASIC)
|
||||
goto ok;
|
||||
}
|
||||
|
||||
/* Create a new one */
|
||||
|
||||
if (!(conn = (struct winbindd_cm_conn *)
|
||||
malloc(sizeof(struct winbindd_cm_conn))))
|
||||
return NULL;
|
||||
|
||||
ZERO_STRUCTP(conn);
|
||||
|
||||
if (!cm_open_connection(domain, PIPE_SAMR, conn)) {
|
||||
DEBUG(3, ("Could not connect to a dc for domain %s\n",
|
||||
domain));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
result = cli_samr_connect(conn->cli, conn->cli->mem_ctx, des_access,
|
||||
&conn->pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return NULL;
|
||||
|
||||
/* Add to list */
|
||||
|
||||
DLIST_ADD(cm_conns, conn);
|
||||
|
||||
ok:
|
||||
hnd.pol = conn->pol;
|
||||
hnd.cli = conn->cli;
|
||||
|
||||
return &hnd;
|
||||
}
|
||||
|
||||
/* Return a SAM domain policy handle on a domain */
|
||||
|
||||
CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain)
|
||||
CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid)
|
||||
{
|
||||
DEBUG(0, ("get_sam_dom_handle(): not implemented\n"));
|
||||
return NULL;
|
||||
struct winbindd_cm_conn *conn, *basic_conn = NULL;
|
||||
static CLI_POLICY_HND hnd;
|
||||
NTSTATUS result;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
|
||||
/* Look for existing connections */
|
||||
|
||||
for (conn = cm_conns; conn; conn = conn->next) {
|
||||
if (strequal(conn->domain, domain) &&
|
||||
strequal(conn->pipe_name, PIPE_SAMR) &&
|
||||
conn->sam_pipe_type == SAM_PIPE_DOM)
|
||||
goto ok;
|
||||
}
|
||||
|
||||
/* Create a basic handle to open a domain handle from */
|
||||
|
||||
if (!cm_get_sam_handle(domain))
|
||||
return False;
|
||||
|
||||
for (conn = cm_conns; conn; conn = conn->next) {
|
||||
if (strequal(conn->domain, domain) &&
|
||||
strequal(conn->pipe_name, PIPE_SAMR) &&
|
||||
conn->sam_pipe_type == SAM_PIPE_BASIC)
|
||||
basic_conn = conn;
|
||||
}
|
||||
|
||||
if (!basic_conn) {
|
||||
DEBUG(0, ("No basic sam handle was created!\n"));
|
||||
return NULL;
|
||||
|
||||
}
|
||||
if (!(conn = (struct winbindd_cm_conn *)
|
||||
malloc(sizeof(struct winbindd_cm_conn))))
|
||||
return NULL;
|
||||
|
||||
ZERO_STRUCTP(conn);
|
||||
|
||||
fstrcpy(conn->domain, basic_conn->domain);
|
||||
fstrcpy(conn->controller, basic_conn->controller);
|
||||
fstrcpy(conn->pipe_name, basic_conn->pipe_name);
|
||||
|
||||
conn->sam_pipe_type = SAM_PIPE_DOM;
|
||||
conn->cli = basic_conn->cli;
|
||||
|
||||
result = cli_samr_open_domain(conn->cli, conn->cli->mem_ctx,
|
||||
&basic_conn->pol, des_access,
|
||||
domain_sid, &conn->pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return NULL;
|
||||
|
||||
/* Add to list */
|
||||
|
||||
DLIST_ADD(cm_conns, conn);
|
||||
|
||||
ok:
|
||||
hnd.pol = conn->pol;
|
||||
hnd.cli = conn->cli;
|
||||
|
||||
return &hnd;
|
||||
}
|
||||
|
||||
/* Return a SAM policy handle on a domain user */
|
||||
|
||||
CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, char *user)
|
||||
CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
|
||||
uint32 user_rid)
|
||||
{
|
||||
DEBUG(0, ("get_sam_user_handle(): not implemented\n"));
|
||||
return NULL;
|
||||
struct winbindd_cm_conn *conn, *basic_conn = NULL;
|
||||
static CLI_POLICY_HND hnd;
|
||||
NTSTATUS result;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
|
||||
/* Look for existing connections */
|
||||
|
||||
for (conn = cm_conns; conn; conn = conn->next) {
|
||||
if (strequal(conn->domain, domain) &&
|
||||
strequal(conn->pipe_name, PIPE_SAMR) &&
|
||||
conn->sam_pipe_type == SAM_PIPE_USER &&
|
||||
conn->user_rid == user_rid)
|
||||
goto ok;
|
||||
}
|
||||
|
||||
/* Create a domain handle to open a user handle from */
|
||||
|
||||
if (!cm_get_sam_dom_handle(domain, domain_sid))
|
||||
return NULL;
|
||||
|
||||
for (conn = cm_conns; conn; conn = conn->next) {
|
||||
if (strequal(conn->domain, domain) &&
|
||||
strequal(conn->pipe_name, PIPE_SAMR) &&
|
||||
conn->sam_pipe_type == SAM_PIPE_DOM)
|
||||
basic_conn = conn;
|
||||
}
|
||||
|
||||
if (!basic_conn) {
|
||||
DEBUG(0, ("No domain sam handle was created!\n"));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!(conn = (struct winbindd_cm_conn *)
|
||||
malloc(sizeof(struct winbindd_cm_conn))))
|
||||
return NULL;
|
||||
|
||||
ZERO_STRUCTP(conn);
|
||||
|
||||
fstrcpy(conn->domain, basic_conn->domain);
|
||||
fstrcpy(conn->controller, basic_conn->controller);
|
||||
fstrcpy(conn->pipe_name, basic_conn->pipe_name);
|
||||
|
||||
conn->sam_pipe_type = SAM_PIPE_USER;
|
||||
conn->cli = basic_conn->cli;
|
||||
conn->user_rid = user_rid;
|
||||
|
||||
result = cli_samr_open_user(conn->cli, conn->cli->mem_ctx,
|
||||
&basic_conn->pol, des_access, user_rid,
|
||||
&conn->pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return NULL;
|
||||
|
||||
/* Add to list */
|
||||
|
||||
DLIST_ADD(cm_conns, conn);
|
||||
|
||||
ok:
|
||||
hnd.pol = conn->pol;
|
||||
hnd.cli = conn->cli;
|
||||
|
||||
return &hnd;
|
||||
}
|
||||
|
||||
/* Return a SAM policy handle on a domain group */
|
||||
|
@ -50,8 +50,9 @@ void winbindd_cache_dump_status(void);
|
||||
BOOL cm_get_dc_name(char *domain, fstring srv_name);
|
||||
CLI_POLICY_HND *cm_get_lsa_handle(char *domain);
|
||||
CLI_POLICY_HND *cm_get_sam_handle(char *domain);
|
||||
CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain);
|
||||
CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, char *user);
|
||||
CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid);
|
||||
CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
|
||||
uint32 user_rid);
|
||||
CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, char *group);
|
||||
|
||||
/* The following definitions come from nsswitch/winbindd_group.c */
|
||||
@ -115,17 +116,17 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state);
|
||||
|
||||
/* The following definitions come from nsswitch/winbindd_util.c */
|
||||
|
||||
BOOL get_domain_info(void);
|
||||
BOOL domain_handles_open(struct winbindd_domain *domain);
|
||||
void winbindd_kill_all_connections(void);
|
||||
void establish_connections(BOOL force_reestablish) ;
|
||||
BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain);
|
||||
BOOL get_domain_info(struct winbindd_domain *domain);
|
||||
BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid,
|
||||
enum SID_NAME_USE *type);
|
||||
BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
|
||||
enum SID_NAME_USE *type);
|
||||
BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain,
|
||||
uint32 user_rid, SAM_USERINFO_CTR **user_info);
|
||||
BOOL winbindd_lookup_userinfo(char *domain, uint32 user_rid,
|
||||
SAM_USERINFO_CTR **user_info);
|
||||
BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
DOM_GID **user_groups);
|
||||
|
@ -145,9 +145,7 @@ enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state
|
||||
|
||||
/* The following costs 3 packets */
|
||||
|
||||
#if 0
|
||||
|
||||
if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
|
||||
if (!winbindd_lookup_userinfo(name_domain, user_rid, &user_info)) {
|
||||
DEBUG(1, ("pwnam_from_user(): error getting user info for "
|
||||
"user '%s'\n", name_user));
|
||||
return WINBINDD_ERROR;
|
||||
@ -157,11 +155,6 @@ enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state
|
||||
unistr2_to_ascii(gecos_name, &user_info->info.id21->uni_full_name,
|
||||
sizeof(gecos_name) - 1);
|
||||
|
||||
#endif
|
||||
|
||||
group_rid = DOMAIN_GROUP_RID_GUESTS;
|
||||
fstrcpy(gecos_name, "foo");
|
||||
|
||||
/* Now take all this information and fill in a passwd structure */
|
||||
|
||||
if (!winbindd_fill_pwent(name_domain, state->request.data.username,
|
||||
@ -236,9 +229,7 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
|
||||
|
||||
/* Get some user info */
|
||||
|
||||
#if 0
|
||||
|
||||
if (!winbindd_lookup_userinfo(domain, user_rid, &user_info)) {
|
||||
if (!winbindd_lookup_userinfo(domain->name, user_rid, &user_info)) {
|
||||
DEBUG(1, ("pwnam_from_uid(): error getting user info for "
|
||||
"user '%s'\n", user_name));
|
||||
return WINBINDD_ERROR;
|
||||
@ -247,10 +238,6 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
|
||||
group_rid = user_info->info.id21->group_rid;
|
||||
unistr2_to_ascii(gecos_name, &user_info->info.id21->uni_full_name,
|
||||
sizeof(gecos_name) - 1);
|
||||
#endif
|
||||
|
||||
group_rid = DOMAIN_GROUP_RID_GUESTS;
|
||||
fstrcpy(gecos_name, "foo");
|
||||
|
||||
/* Resolve gid number */
|
||||
|
||||
@ -272,8 +259,6 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
|
||||
return WINBINDD_OK;
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/*
|
||||
* set/get/endpwent functions
|
||||
*/
|
||||
@ -282,68 +267,61 @@ enum winbindd_result winbindd_getpwnam_from_uid(struct winbindd_cli_state
|
||||
|
||||
enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
|
||||
{
|
||||
struct winbindd_domain *tmp;
|
||||
struct winbindd_domain *tmp;
|
||||
|
||||
DEBUG(3, ("[%5d]: setpwent\n", state->pid));
|
||||
|
||||
/* Check user has enabled this */
|
||||
|
||||
if (!lp_winbind_enum_users())
|
||||
return WINBINDD_ERROR;
|
||||
|
||||
DEBUG(3, ("[%5d]: setpwent\n", state->pid));
|
||||
|
||||
if (state == NULL) return WINBINDD_ERROR;
|
||||
|
||||
/* Check user has enabled this */
|
||||
|
||||
if (!lp_winbind_enum_users()) {
|
||||
return WINBINDD_ERROR;
|
||||
}
|
||||
|
||||
/* Free old static data if it exists */
|
||||
|
||||
if (state->getpwent_state != NULL) {
|
||||
free_getent_state(state->getpwent_state);
|
||||
state->getpwent_state = NULL;
|
||||
}
|
||||
|
||||
/* Create sam pipes for each domain we know about */
|
||||
|
||||
for(tmp = domain_list; tmp != NULL; tmp = tmp->next) {
|
||||
struct getent_state *domain_state;
|
||||
|
||||
/* Skip domains other than WINBINDD_DOMAIN environment variable */
|
||||
|
||||
if ((strcmp(state->request.domain, "") != 0) &&
|
||||
!check_domain_env(state->request.domain, tmp->name)) {
|
||||
continue;
|
||||
/* Free old static data if it exists */
|
||||
|
||||
if (state->getpwent_state != NULL) {
|
||||
free_getent_state(state->getpwent_state);
|
||||
state->getpwent_state = NULL;
|
||||
}
|
||||
|
||||
/* Create sam pipes for each domain we know about */
|
||||
|
||||
for(tmp = domain_list; tmp != NULL; tmp = tmp->next) {
|
||||
struct getent_state *domain_state;
|
||||
|
||||
/* Skip domains other than WINBINDD_DOMAIN environment
|
||||
variable */
|
||||
|
||||
if ((strcmp(state->request.domain, "") != 0) &&
|
||||
!check_domain_env(state->request.domain, tmp->name))
|
||||
continue;
|
||||
|
||||
/* Create a state record for this domain */
|
||||
/* Create a state record for this domain */
|
||||
|
||||
if ((domain_state = (struct getent_state *)
|
||||
malloc(sizeof(struct getent_state))) == NULL)
|
||||
return WINBINDD_ERROR;
|
||||
|
||||
ZERO_STRUCTP(domain_state);
|
||||
domain_state->domain = tmp;
|
||||
|
||||
if ((domain_state = (struct getent_state *)
|
||||
malloc(sizeof(struct getent_state))) == NULL) {
|
||||
|
||||
return WINBINDD_ERROR;
|
||||
/* Add to list of open domains */
|
||||
|
||||
DLIST_ADD(state->getpwent_state, domain_state);
|
||||
}
|
||||
|
||||
ZERO_STRUCTP(domain_state);
|
||||
domain_state->domain = tmp;
|
||||
|
||||
/* Add to list of open domains */
|
||||
|
||||
DLIST_ADD(state->getpwent_state, domain_state)
|
||||
}
|
||||
|
||||
return WINBINDD_OK;
|
||||
|
||||
return WINBINDD_OK;
|
||||
}
|
||||
|
||||
/* Close file pointer to ntdom passwd database */
|
||||
|
||||
enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state)
|
||||
{
|
||||
DEBUG(3, ("[%5d]: endpwent\n", state->pid));
|
||||
DEBUG(3, ("[%5d]: endpwent\n", state->pid));
|
||||
|
||||
if (state == NULL) return WINBINDD_ERROR;
|
||||
|
||||
free_getent_state(state->getpwent_state);
|
||||
state->getpwent_state = NULL;
|
||||
|
||||
return WINBINDD_OK;
|
||||
free_getent_state(state->getpwent_state);
|
||||
state->getpwent_state = NULL;
|
||||
|
||||
return WINBINDD_OK;
|
||||
}
|
||||
|
||||
/* Get partial list of domain users for a domain. We fill in the sam_entries,
|
||||
@ -362,9 +340,8 @@ static BOOL get_sam_user_entries(struct getent_state *ent)
|
||||
struct getpwent_user *name_list = NULL;
|
||||
uint32 group_rid;
|
||||
|
||||
if (ent->got_all_sam_entries) {
|
||||
if (ent->got_all_sam_entries)
|
||||
return False;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(info1);
|
||||
ZERO_STRUCT(ctr);
|
||||
@ -390,10 +367,6 @@ static BOOL get_sam_user_entries(struct getent_state *ent)
|
||||
|
||||
group_rid = DOMAIN_GROUP_RID_USERS;
|
||||
|
||||
if (!domain_handles_open(ent->domain)) {
|
||||
return WINBINDD_ERROR;
|
||||
}
|
||||
|
||||
/* Free any existing user info */
|
||||
|
||||
SAFE_FREE(ent->sam_entries);
|
||||
@ -486,22 +459,18 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
|
||||
|
||||
DEBUG(3, ("[%5d]: getpwent\n", state->pid));
|
||||
|
||||
if (state == NULL) return WINBINDD_ERROR;
|
||||
|
||||
/* Check user has enabled this */
|
||||
|
||||
if (!lp_winbind_enum_users()) {
|
||||
if (!lp_winbind_enum_users())
|
||||
return WINBINDD_ERROR;
|
||||
}
|
||||
|
||||
/* Allocate space for returning a chunk of users */
|
||||
|
||||
num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
|
||||
|
||||
if ((state->response.extra_data =
|
||||
malloc(num_users * sizeof(struct winbindd_pw))) == NULL) {
|
||||
malloc(num_users * sizeof(struct winbindd_pw))) == NULL)
|
||||
return WINBINDD_ERROR;
|
||||
}
|
||||
|
||||
memset(state->response.extra_data, 0, num_users *
|
||||
sizeof(struct winbindd_pw));
|
||||
@ -509,9 +478,8 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
|
||||
user_list = (struct winbindd_pw *)state->response.extra_data;
|
||||
sep = lp_winbind_separator();
|
||||
|
||||
if (!(ent = state->getpwent_state)) {
|
||||
if (!(ent = state->getpwent_state))
|
||||
return WINBINDD_ERROR;
|
||||
}
|
||||
|
||||
/* Start sending back users */
|
||||
|
||||
@ -540,7 +508,8 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
|
||||
|
||||
/* No more domains */
|
||||
|
||||
if (!ent) break;
|
||||
if (!ent)
|
||||
break;
|
||||
}
|
||||
|
||||
name_list = ent->sam_entries;
|
||||
@ -579,11 +548,9 @@ enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
|
||||
state->response.length +=
|
||||
sizeof(struct winbindd_pw);
|
||||
|
||||
} else {
|
||||
} else
|
||||
DEBUG(1, ("could not lookup domain user %s\n",
|
||||
domain_user_name));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Out of domains */
|
||||
@ -620,10 +587,6 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!domain_handles_open(domain)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Query display info */
|
||||
|
||||
do {
|
||||
@ -692,5 +655,3 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
|
||||
|
||||
return WINBINDD_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -24,39 +24,33 @@
|
||||
#include "winbindd.h"
|
||||
#include "sids.h"
|
||||
|
||||
#if 0
|
||||
|
||||
static void winbindd_kill_connections(struct winbindd_domain *domain);
|
||||
|
||||
/* Add a trusted domain to our list of domains */
|
||||
|
||||
static struct winbindd_domain *add_trusted_domain(char *domain_name)
|
||||
static struct winbindd_domain *add_trusted_domain(char *domain_name,
|
||||
DOM_SID *domain_sid)
|
||||
{
|
||||
struct winbindd_domain *domain, *tmp;
|
||||
|
||||
for (tmp = domain_list; tmp != NULL; tmp = tmp->next) {
|
||||
if (strcmp(domain_name, tmp->name) == 0) {
|
||||
DEBUG(3, ("domain %s already in trusted list\n",
|
||||
DEBUG(3, ("domain %s already in domain list\n",
|
||||
domain_name));
|
||||
return tmp;
|
||||
}
|
||||
}
|
||||
|
||||
DEBUG(1, ("adding trusted domain %s\n", domain_name));
|
||||
DEBUG(1, ("adding domain %s\n", domain_name));
|
||||
|
||||
/* Create new domain entry */
|
||||
|
||||
if ((domain = (struct winbindd_domain *)malloc(sizeof(*domain))) == NULL) {
|
||||
if ((domain = (struct winbindd_domain *)malloc(sizeof(*domain))) == NULL)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Fill in fields */
|
||||
|
||||
ZERO_STRUCTP(domain);
|
||||
|
||||
if (domain_name) {
|
||||
fstrcpy(domain->name, domain_name);
|
||||
}
|
||||
fstrcpy(domain->name, domain_name);
|
||||
sid_copy(&domain->sid, domain_sid);
|
||||
|
||||
/* Link to domain list */
|
||||
|
||||
@ -67,42 +61,55 @@ static struct winbindd_domain *add_trusted_domain(char *domain_name)
|
||||
|
||||
/* Look up global info for the winbind daemon */
|
||||
|
||||
static BOOL get_trusted_domains(void)
|
||||
BOOL get_domain_info(void)
|
||||
{
|
||||
uint32 enum_ctx = 0;
|
||||
uint32 num_doms = 0;
|
||||
char **domains = NULL;
|
||||
DOM_SID *sids = NULL;
|
||||
BOOL result;
|
||||
DOM_SID *sids = NULL, domain_sid;
|
||||
NTSTATUS result;
|
||||
CLI_POLICY_HND *hnd;
|
||||
int i;
|
||||
fstring level5_dom;
|
||||
|
||||
DEBUG(1, ("getting trusted domain list\n"));
|
||||
|
||||
/* Add our workgroup - keep handle to look up trusted domains */
|
||||
if (!add_trusted_domain(lp_workgroup())) {
|
||||
DEBUG(0, ("could not add record for domain %s\n",
|
||||
lp_workgroup()));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
|
||||
return False;
|
||||
|
||||
result = cli_lsa_query_info_policy(hnd->cli, hnd->cli->mem_ctx,
|
||||
&hnd->pol, 0x05, level5_dom,
|
||||
&domain_sid);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return False;
|
||||
|
||||
add_trusted_domain(lp_workgroup(), &domain_sid);
|
||||
|
||||
/* Enumerate list of trusted domains */
|
||||
result = wb_lsa_enum_trust_dom(&server_state.lsa_handle, &enum_ctx,
|
||||
&num_doms, &domains, &sids);
|
||||
|
||||
if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
|
||||
return False;
|
||||
|
||||
result = cli_lsa_enum_trust_dom(hnd->cli, hnd->cli->mem_ctx,
|
||||
&hnd->pol, &enum_ctx, &num_doms,
|
||||
&domains, &sids);
|
||||
|
||||
if (!result || !domains) return False;
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return False;
|
||||
|
||||
/* Add each domain to the trusted domain list */
|
||||
for(i = 0; i < num_doms; i++) {
|
||||
if (!add_trusted_domain(domains[i])) {
|
||||
DEBUG(0, ("could not add record for domain %s\n",
|
||||
domains[i]));
|
||||
result = False;
|
||||
}
|
||||
}
|
||||
|
||||
for(i = 0; i < num_doms; i++)
|
||||
add_trusted_domain(domains[i], &sids[i]);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/* Open sam and sam domain handles */
|
||||
|
||||
static BOOL open_sam_handles(struct winbindd_domain *domain)
|
||||
@ -408,9 +415,11 @@ BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain)
|
||||
return NT_STATUS_IS_OK(result);
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/* Lookup domain controller and sid for a domain */
|
||||
|
||||
BOOL get_domain_info(struct winbindd_domain *domain)
|
||||
BOOL get_domain_info(struct winbindd_domain *domain)
|
||||
{
|
||||
fstring sid_str;
|
||||
|
||||
@ -433,6 +442,8 @@ BOOL get_domain_info(struct winbindd_domain *domain)
|
||||
return True;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* Lookup a sid in a domain from a name */
|
||||
|
||||
BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid,
|
||||
@ -518,17 +529,31 @@ BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
|
||||
return False;
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/* Lookup user information from a rid */
|
||||
|
||||
BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain,
|
||||
uint32 user_rid, SAM_USERINFO_CTR **user_info)
|
||||
BOOL winbindd_lookup_userinfo(char *domain_name, uint32 user_rid,
|
||||
SAM_USERINFO_CTR **user_info)
|
||||
{
|
||||
return wb_get_samr_query_userinfo(&domain->sam_dom_handle, 0x15,
|
||||
user_rid, user_info);
|
||||
CLI_POLICY_HND *hnd;
|
||||
uint16 info_level = 0x15;
|
||||
NTSTATUS result;
|
||||
struct winbindd_domain *domain;
|
||||
|
||||
if (!(domain = find_domain_from_name(domain_name)))
|
||||
return False;
|
||||
|
||||
if (!(hnd = cm_get_sam_user_handle(domain_name, &domain->sid,
|
||||
user_rid)))
|
||||
return False;
|
||||
|
||||
result = cli_samr_query_userinfo(hnd->cli, hnd->cli->mem_ctx,
|
||||
&hnd->pol, info_level, user_info);
|
||||
|
||||
return NT_STATUS_IS_OK(result);
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
|
||||
|
||||
BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain,
|
||||
@ -587,14 +612,8 @@ struct winbindd_domain *find_domain_from_name(char *domain_name)
|
||||
/* Search through list */
|
||||
|
||||
for (tmp = domain_list; tmp != NULL; tmp = tmp->next) {
|
||||
if (strcmp(domain_name, tmp->name) == 0) {
|
||||
|
||||
if (!tmp->got_domain_info) {
|
||||
get_domain_info(tmp);
|
||||
}
|
||||
|
||||
return tmp->got_domain_info ? tmp : NULL;
|
||||
}
|
||||
if (strcmp(domain_name, tmp->name) == 0)
|
||||
return tmp;
|
||||
}
|
||||
|
||||
/* Not found */
|
||||
@ -609,14 +628,17 @@ struct winbindd_domain *find_domain_from_sid(DOM_SID *sid)
|
||||
struct winbindd_domain *tmp;
|
||||
|
||||
/* Search through list */
|
||||
|
||||
for (tmp = domain_list; tmp != NULL; tmp = tmp->next) {
|
||||
if (sid_equal(sid, &tmp->sid)) {
|
||||
if (!tmp->got_domain_info) return NULL;
|
||||
if (!tmp->got_domain_info)
|
||||
return NULL;
|
||||
return tmp;
|
||||
}
|
||||
}
|
||||
|
||||
/* Not found */
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -704,8 +726,6 @@ BOOL winbindd_param_init(void)
|
||||
return True;
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
/* Query display info for a domain. This returns enough information plus a
|
||||
bit extra to give an overview of domain users for the User Manager
|
||||
application. */
|
||||
@ -714,8 +734,20 @@ NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain,
|
||||
uint32 *start_ndx, uint16 info_level,
|
||||
uint32 *num_entries, SAM_DISPINFO_CTR *ctr)
|
||||
{
|
||||
return wb_samr_query_dispinfo(&domain->sam_dom_handle, start_ndx,
|
||||
info_level, num_entries, ctr);
|
||||
CLI_POLICY_HND *hnd;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!(hnd = cm_get_sam_dom_handle(domain->name, &domain->sid)))
|
||||
return result;
|
||||
|
||||
result = cli_samr_query_dispinfo(hnd->cli, hnd->cli->mem_ctx,
|
||||
&hnd->pol, start_ndx, info_level,
|
||||
num_entries, 0xffff, ctr);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return result;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/* Check if a domain is present in a comma-separated list of domains */
|
||||
@ -734,8 +766,6 @@ BOOL check_domain_env(char *domain_env, char *domain)
|
||||
return False;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* Parse a string of the form DOMAIN/user into a domain and a user */
|
||||
|
||||
void parse_domain_user(char *domuser, fstring domain, fstring user)
|
||||
|
Loading…
Reference in New Issue
Block a user