sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-24 10:50:22 +03:00
Code

nsswitch: Move nsswitch files from source4 to top level nsswitch dir

Browse Source
This commit is contained in:
Kai Blin 2008-12-16 10:06:04 +01:00
parent 6821d898d7
commit 5ee0392a55
24 changed files with 105 additions and 3078 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source4/nsswitch/config.m4 → nsswitch/config.m4
View File

@ -3,10 +3,9 @@ AC_CHECK_HEADERS(nss.h nss_common.h ns_api.h )
case "$host_os" in
*linux*)
SMB_LIBRARY(nss_winbind,
[nsswitch/winbind_nss_linux.o],
[../nsswitch/winbind_nss_linux.o],
[LIBWINBIND-CLIENT])
;;
*)
;;
esac

2
source4/nsswitch/config.mk → nsswitch/config.mk
View File

@ -31,4 +31,4 @@ PRIVATE_DEPENDENCIES = \
#################################
wbinfo_OBJ_FILES = \
$(nsswitchsrcdir)/wbinfo.o
$(nsswitchsrcdir)/wbinfo4.o

46
source4/nsswitch/nsstest.c → nsswitch/nsstest.c
View File

@ -1,18 +1,18 @@
/*
/*
Unix SMB/CIFS implementation.
nss tester for winbindd
Copyright (C) Andrew Tridgell 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -54,13 +54,13 @@ static void report_nss_error(const char *who, NSS_STATUS status)
{
last_error = status;
total_errors++;
printf("ERROR %s: NSS_STATUS=%d %d (nss_errno=%d)\n",
printf("ERROR %s: NSS_STATUS=%d %d (nss_errno=%d)\n",
who, status, NSS_STATUS_SUCCESS, nss_errno);
}
static struct passwd *nss_getpwent(void)
{
NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
size_t , int *) = find_fn("getpwent_r");
static struct passwd pwd;
static char buf[1000];
@ -79,12 +79,12 @@ static struct passwd *nss_getpwent(void)
static struct passwd *nss_getpwnam(const char *name)
{
NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *,
NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *,
size_t , int *) = find_fn("getpwnam_r");
static struct passwd pwd;
static char buf[1000];
NSS_STATUS status;
status = _nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &nss_errno);
if (status == NSS_STATUS_NOTFOUND) {
return NULL;
@ -98,12 +98,12 @@ static struct passwd *nss_getpwnam(const char *name)
static struct passwd *nss_getpwuid(uid_t uid)
{
NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *,
NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *,
size_t , int *) = find_fn("getpwuid_r");
static struct passwd pwd;
static char buf[1000];
NSS_STATUS status;
status = _nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &nss_errno);
if (status == NSS_STATUS_NOTFOUND) {
return NULL;
@ -138,7 +138,7 @@ static void nss_endpwent(void)
static struct group *nss_getgrent(void)
{
NSS_STATUS (*_nss_getgrent_r)(struct group *, char *,
NSS_STATUS (*_nss_getgrent_r)(struct group *, char *,
size_t , int *) = find_fn("getgrent_r");
static struct group grp;
static char *buf;
@ -147,7 +147,7 @@ static struct group *nss_getgrent(void)
if (!buf) buf = malloc_array_p(char, buflen);
again:
again:
status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
@ -166,7 +166,7 @@ again:
static struct group *nss_getgrnam(const char *name)
{
NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *,
NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *,
size_t , int *) = find_fn("getgrnam_r");
static struct group grp;
static char *buf;
@ -174,7 +174,7 @@ static struct group *nss_getgrnam(const char *name)
NSS_STATUS status;
if (!buf) buf = malloc_array_p(char, buflen);
again:
again:
status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
@ -193,15 +193,15 @@ again:
static struct group *nss_getgrgid(gid_t gid)
{
NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *,
NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *,
size_t , int *) = find_fn("getgrgid_r");
static struct group grp;
static char *buf;
static int buflen = 1000;
NSS_STATUS status;
if (!buf) buf = malloc_array_p(char, buflen);
again:
again:
status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
@ -241,7 +241,7 @@ static void nss_endgrent(void)
static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *start, long int *size)
{
NSS_STATUS (*_nss_initgroups)(char *, gid_t , long int *,
long int *, gid_t **, long int , int *) =
long int *, gid_t **, long int , int *) =
find_fn("initgroups_dyn");
NSS_STATUS status;
@ -256,7 +256,7 @@ static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *sta
static void print_passwd(struct passwd *pwd)
{
printf("%s:%s:%d:%d:%s:%s:%s\n",
printf("%s:%s:%d:%d:%s:%s:%s\n",
pwd->pw_name,
pwd->pw_passwd,
pwd->pw_uid,
@ -269,16 +269,16 @@ static void print_passwd(struct passwd *pwd)
static void print_group(struct group *grp)
{
int i;
printf("%s:%s:%d: ",
printf("%s:%s:%d: ",
grp->gr_name,
grp->gr_passwd,
grp->gr_gid);
if (!grp->gr_mem[0]) {
printf("\n");
return;
}
for (i=0; grp->gr_mem[i+1]; i++) {
printf("%s, ", grp->gr_mem[i]);
}
@ -397,7 +397,7 @@ static void nss_test_errors(void)
}
int main(int argc, char *argv[])
{
{
if (argc > 1) so_path = argv[1];
if (argc > 2) nss_name = argv[2];

10
source4/nsswitch/nsstest.h → nsswitch/nsstest.h
View File

@ -1,18 +1,18 @@
/*
/*
Unix SMB/CIFS implementation.
nss includes for the nss tester
Copyright (C) Kai Blin 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -25,7 +25,7 @@
#ifdef HAVE_NSS_COMMON_H
/*
/*
* Sun Solaris
*/

3
source4/nsswitch/nsstest.m4 → nsswitch/nsstest.m4
View File

@ -1,9 +1,8 @@
case "$host_os" in
*linux*)
*linux*)
SMB_ENABLE(nsstest,YES)
;;
*)
SMB_ENABLE(nsstest,NO)
;;
esac

1
source4/nsswitch/tests/test_wbinfo.sh → nsswitch/tests/test_wbinfo.sh
View File

@ -184,4 +184,3 @@ testit "wbinfo -K against $TARGET with domain creds" $wbinfo -K "$DOMAIN/$USERNA
testit "wbinfo --separator against $TARGET" $wbinfo --separator || failed=`expr $failed + 1`
exit $failed

122
source4/nsswitch/wbinfo.c → nsswitch/wbinfo4.c
View File

@ -1,21 +1,21 @@
/*
/*
Unix SMB/CIFS implementation.
Winbind status program.
Copyright (C) Tim Potter 2000-2003
Copyright (C) Andrew Bartlett 2002-2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@ -29,6 +29,10 @@
#include "dynconfig/dynconfig.h"
#include "param/param.h"
#ifndef fstrcpy
#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
#endif
extern int winbindd_fd;
static char winbind_separator_int(bool strict)
@ -65,7 +69,7 @@ static char winbind_separator_int(bool strict)
/* HACK: (this module should not call lp_ funtions) */
sep = *lp_winbind_separator(cmdline_lp_ctx);
}
return sep;
}
@ -86,7 +90,7 @@ static const char *get_winbind_domain(void)
if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
NSS_STATUS_SUCCESS) {
d_fprintf(stderr, "could not obtain winbind domain name!\n");
/* HACK: (this module should not call lp_ funtions) */
return lp_workgroup(cmdline_lp_ctx);
}
@ -100,7 +104,7 @@ static const char *get_winbind_domain(void)
/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
form DOMAIN/user into a domain and a user */
static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
fstring user)
{
@ -111,7 +115,7 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
fstrcpy(domain, get_winbind_domain());
return true;
}
fstrcpy(user, p+1);
fstrcpy(domain, domuser);
domain[PTR_DIFF(p, domuser)] = 0;
@ -127,19 +131,19 @@ static bool wbinfo_get_userinfo(char *user)
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
/* Send request */
fstrcpy(request.data.username, user);
result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
if (result != NSS_STATUS_SUCCESS)
return false;
d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
response.data.pw.pw_name,
response.data.pw.pw_passwd,
@ -148,7 +152,7 @@ static bool wbinfo_get_userinfo(char *user)
response.data.pw.pw_gecos,
response.data.pw.pw_dir,
response.data.pw.pw_shell );
return true;
}
@ -201,11 +205,11 @@ static bool wbinfo_get_groupinfo(char *group)
if ( result != NSS_STATUS_SUCCESS)
return false;
d_printf( "%s:%s:%d\n",
d_printf( "%s:%s:%d\n",
response.data.gr.gr_name,
response.data.gr.gr_passwd,
response.data.gr.gr_gid );
return true;
}
@ -217,7 +221,7 @@ static bool wbinfo_get_usergroups(char *user)
struct winbindd_response response;
NSS_STATUS result;
int i;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
@ -290,7 +294,7 @@ static bool wbinfo_get_userdomgroups(const char *user_sid)
if (response.data.num_entries != 0)
printf("%s", (char *)response.extra_data.data);
SAFE_FREE(response.extra_data.data);
return true;
@ -503,16 +507,16 @@ static bool wbinfo_check_secret(void)
ZERO_STRUCT(response);
result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
d_printf("checking the trust secret via RPC calls %s\n",
d_printf("checking the trust secret via RPC calls %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (result != NSS_STATUS_SUCCESS)
d_fprintf(stderr, "error code was %s (0x%x)\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status);
return result == NSS_STATUS_SUCCESS;
if (result != NSS_STATUS_SUCCESS)
d_fprintf(stderr, "error code was %s (0x%x)\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status);
return result == NSS_STATUS_SUCCESS;
}
/* Convert uid to sid */
@ -669,7 +673,7 @@ static bool wbinfo_lookupname(char *name)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
parse_wbinfo_domain_user(name, request.data.name.dom_name,
parse_wbinfo_domain_user(name, request.data.name.dom_name,
request.data.name.name);
if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
@ -717,12 +721,12 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
/* Display response */
d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
@ -772,12 +776,12 @@ static bool wbinfo_auth(char *username)
/* Display response */
d_printf("plaintext password authentication %s\n",
d_printf("plaintext password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
@ -807,21 +811,21 @@ static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
*p = 0;
fstrcpy(pass, p + 1);
}
parse_wbinfo_domain_user(username, name_domain, name_user);
request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
fstrcpy(request.data.auth_crap.user, name_user);
fstrcpy(request.data.auth_crap.domain,
fstrcpy(request.data.auth_crap.domain,
name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8);
if (lp_client_ntlmv2_auth(lp_ctx)) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
DATA_BLOB names_blob;
DATA_BLOB lm_response;
DATA_BLOB nt_response;
@ -833,12 +837,12 @@ static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
return false;
}
server_chal = data_blob(request.data.auth_crap.chal, 8);
server_chal = data_blob(request.data.auth_crap.chal, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
&names_blob,
&lm_response, &nt_response, NULL, NULL)) {
data_blob_free(&names_blob);
@ -848,22 +852,22 @@ static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
data_blob_free(&names_blob);
data_blob_free(&server_chal);
memcpy(request.data.auth_crap.nt_resp, nt_response.data,
MIN(nt_response.length,
memcpy(request.data.auth_crap.nt_resp, nt_response.data,
MIN(nt_response.length,
sizeof(request.data.auth_crap.nt_resp)));
request.data.auth_crap.nt_resp_len = nt_response.length;
memcpy(request.data.auth_crap.lm_resp, lm_response.data,
MIN(lm_response.length,
memcpy(request.data.auth_crap.lm_resp, lm_response.data,
MIN(lm_response.length,
sizeof(request.data.auth_crap.lm_resp)));
request.data.auth_crap.lm_resp_len = lm_response.length;
data_blob_free(&nt_response);
data_blob_free(&lm_response);
} else {
if (lp_client_lanman_auth(lp_ctx)
&& SMBencrypt(pass, request.data.auth_crap.chal,
if (lp_client_lanman_auth(lp_ctx)
&& SMBencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.lm_resp)) {
request.data.auth_crap.lm_resp_len = 24;
} else {
@ -879,12 +883,12 @@ static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
/* Display response */
d_printf("challenge/response password authentication %s\n",
d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
@ -904,7 +908,7 @@ static bool print_domain_users(const char *domain)
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (domain) {
/* '.' is the special sign for our own domain */
if ( strequal(domain, ".") )
@ -926,7 +930,7 @@ static bool print_domain_users(const char *domain)
while(next_token(&extra_data, name, ",", sizeof(fstring)))
d_printf("%s\n", name);
SAFE_FREE(response.extra_data.data);
return true;
@ -966,7 +970,7 @@ static bool print_domain_groups(const char *domain)
d_printf("%s\n", name);
SAFE_FREE(response.extra_data.data);
return true;
}
@ -978,7 +982,7 @@ static bool wbinfo_ping(void)
/* Display response */
d_printf("Ping to winbindd %s on fd %d\n",
d_printf("Ping to winbindd %s on fd %d\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
return result == NSS_STATUS_SUCCESS;
@ -1016,7 +1020,7 @@ int main(int argc, char **argv, char **envp)
struct poptOption long_options[] = {
POPT_AUTOHELP
/* longName, shortName, argInfo, argPtr, value, descrip,
/* longName, shortName, argInfo, argPtr, value, descrip,
argDesc */
{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
@ -1042,7 +1046,7 @@ int main(int argc, char **argv, char **envp)
{ "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
"Get a DC name for a foreign domain", "domainname" },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
@ -1075,7 +1079,7 @@ int main(int argc, char **argv, char **envp)
poptFreeContext(pc);
pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
while((opt = poptGetNextOpt(pc)) != -1) {
@ -1190,14 +1194,14 @@ int main(int argc, char **argv, char **envp)
break;
case 'r':
if (!wbinfo_get_usergroups(string_arg)) {
d_fprintf(stderr, "Could not get groups for user %s\n",
d_fprintf(stderr, "Could not get groups for user %s\n",
string_arg);
goto done;
}
break;
case OPT_USERSIDS:
if (!wbinfo_get_usersids(string_arg)) {
d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
string_arg);
goto done;
}

4
source3/samba4.m4
View File

@ -35,7 +35,7 @@ m4_include(../lib/util/time.m4)
m4_include(../lib/popt/samba.m4)
m4_include(../lib/util/charset/config.m4)
m4_include(lib/socket/config.m4)
m4_include(nsswitch/nsstest.m4)
m4_include(../nsswitch/nsstest.m4)
m4_include(../pidl/config.m4)
AC_ZLIB([
SMB_EXT_LIB(ZLIB, [${ZLIB_LIBS}])
@ -119,7 +119,7 @@ m4_include(ntvfs/unixuid/config.m4)
m4_include(auth/config.m4)
m4_include(kdc/config.m4)
m4_include(ntvfs/sysdep/config.m4)
m4_include(nsswitch/config.m4)
m4_include(../nsswitch/config.m4)
dnl Samba 4 files
AC_SUBST(LD)

4
source3/samba4.mk
View File

@ -70,7 +70,7 @@ smbdsrcdir := $(samba4srcdir)/smbd
clustersrcdir := $(samba4srcdir)/cluster
libnetsrcdir := $(samba4srcdir)/libnet
authsrcdir := $(samba4srcdir)/auth
nsswitchsrcdir := $(samba4srcdir)/nsswitch
nsswitchsrcdir := $(samba4srcdir)/../nsswitch
libsrcdir := $(samba4srcdir)/lib
libsocketsrcdir := $(samba4srcdir)/lib/socket
libcharsetsrcdir := $(samba4srcdir)/../lib/util/charset
@ -161,7 +161,7 @@ modules:: $(PLUGINS)
pythonmods:: $(PYTHON_PYS) $(PYTHON_SO)
all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 pythonmods setup
all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 bin/wbinfo4 pythonmods setup
torture:: bin/smbtorture4
everything:: $(patsubst %,%4,$(BINARIES))
setup:

2
source4/Makefile
View File

@ -56,7 +56,7 @@ smbdsrcdir := smbd
clustersrcdir := cluster
libnetsrcdir := libnet
authsrcdir := auth
nsswitchsrcdir := nsswitch
nsswitchsrcdir := ../nsswitch
libsrcdir := lib
libsocketsrcdir := lib/socket
libcharsetsrcdir := ../lib/util/charset

4
source4/configure.ac
View File

@ -30,7 +30,7 @@ SMB_EXT_LIB(ZLIB, [${ZLIB_LIBS}])
],[
SMB_INCLUDE_MK(lib/zlib.mk)
])
m4_include(nsswitch/nsstest.m4)
m4_include(../nsswitch/nsstest.m4)
m4_include(../pidl/config.m4)
AC_CONFIG_FILES(lib/registry/registry.pc)
@ -108,7 +108,7 @@ m4_include(../lib/nss_wrapper/config.m4)
m4_include(auth/config.m4)
m4_include(kdc/config.m4)
m4_include(ntvfs/sysdep/config.m4)
m4_include(nsswitch/config.m4)
m4_include(../nsswitch/config.m4)
#################################################
# add *_CFLAGS only for the real build

2
source4/main.mk
View File

@ -6,7 +6,7 @@ mkinclude cluster/config.mk
mkinclude smbd/process_model.mk
mkinclude libnet/config.mk
mkinclude auth/config.mk
mkinclude nsswitch/config.mk
mkinclude ../nsswitch/config.mk
mkinclude lib/samba3/config.mk
mkinclude lib/socket/config.mk
mkinclude ../lib/util/charset/config.mk

698
source4/nsswitch/wb_common.c
View File

@ -1,698 +0,0 @@
/*
Unix SMB/CIFS implementation.
winbind client common code
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Tridgell 2000
Copyright (C) Andrew Bartlett 2002
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "winbind_client.h"
/* Global variables. These are effectively the client state information */
int winbindd_fd = -1; /* fd for winbindd socket */
static int is_privileged = 0;
/* Free a response structure */
void winbindd_free_response(struct winbindd_response *response)
{
/* Free any allocated extra_data */
if (response)
SAFE_FREE(response->extra_data.data);
}
/* Initialise a request structure */
void winbindd_init_request(struct winbindd_request *request, int request_type)
{
request->length = sizeof(struct winbindd_request);
request->cmd = (enum winbindd_cmd)request_type;
request->pid = getpid();
}
/* Initialise a response structure */
static void init_response(struct winbindd_response *response)
{
/* Initialise return value */
response->result = WINBINDD_ERROR;
}
/* Close established socket */
void winbind_close_sock(void)
{
if (winbindd_fd != -1) {
close(winbindd_fd);
winbindd_fd = -1;
}
}
#define CONNECT_TIMEOUT 30
/* Make sure socket handle isn't stdin, stdout or stderr */
#define RECURSION_LIMIT 3
static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
{
int new_fd;
if (fd >= 0 && fd <= 2) {
#ifdef F_DUPFD
if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
return -1;
}
/* Paranoia */
if (new_fd < 3) {
close(new_fd);
return -1;
}
close(fd);
return new_fd;
#else
if (limit <= 0)
return -1;
new_fd = dup(fd);
if (new_fd == -1)
return -1;
/* use the program stack to hold our list of FDs to close */
new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
close(fd);
return new_fd;
#endif
}
return fd;
}
/****************************************************************************
Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
else
if SYSV use O_NDELAY
if BSD use FNDELAY
Set close on exec also.
****************************************************************************/
static int make_safe_fd(int fd)
{
int result, flags;
int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
if (new_fd == -1) {
close(fd);
return -1;
}
/* Socket should be nonblocking. */
#ifdef O_NONBLOCK
#define FLAG_TO_SET O_NONBLOCK
#else
#ifdef SYSV
#define FLAG_TO_SET O_NDELAY
#else /* BSD */
#define FLAG_TO_SET FNDELAY
#endif
#endif
if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
close(new_fd);
return -1;
}
flags |= FLAG_TO_SET;
if (fcntl(new_fd, F_SETFL, flags) == -1) {
close(new_fd);
return -1;
}
#undef FLAG_TO_SET
/* Socket should be closed on exec() */
#ifdef FD_CLOEXEC
result = flags = fcntl(new_fd, F_GETFD, 0);
if (flags >= 0) {
flags |= FD_CLOEXEC;
result = fcntl( new_fd, F_SETFD, flags );
}
if (result < 0) {
close(new_fd);
return -1;
}
#endif
return new_fd;
}
/* Connect to winbindd socket */
static int winbind_named_pipe_sock(const char *dir)
{
struct sockaddr_un sunaddr;
struct stat st;
char *path;
int fd;
int wait_time;
int slept;
/* Check permissions on unix socket directory */
if (lstat(dir, &st) == -1) {
return -1;
}
if (!S_ISDIR(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
return -1;
}
/* Connect to socket */
asprintf(&path, "%s/%s", dir, WINBINDD_SOCKET_NAME);
ZERO_STRUCT(sunaddr);
sunaddr.sun_family = AF_UNIX;
strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
SAFE_FREE(path);
/* If socket file doesn't exist, don't bother trying to connect
with retry. This is an attempt to make the system usable when
the winbindd daemon is not running. */
if (lstat(sunaddr.sun_path, &st) == -1) {
return -1;
}
/* Check permissions on unix socket file */
if (!S_ISSOCK(st.st_mode) ||
(st.st_uid != 0 && st.st_uid != geteuid())) {
return -1;
}
/* Connect to socket */
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
return -1;
}
/* Set socket non-blocking and close on exec. */
if ((fd = make_safe_fd( fd)) == -1) {
return fd;
}
for (wait_time = 0; connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1;
wait_time += slept) {
struct timeval tv;
fd_set w_fds;
int ret;
int connect_errno = 0;
socklen_t errnosize;
if (wait_time >= CONNECT_TIMEOUT)
goto error_out;
switch (errno) {
case EINPROGRESS:
FD_ZERO(&w_fds);
FD_SET(fd, &w_fds);
tv.tv_sec = CONNECT_TIMEOUT - wait_time;
tv.tv_usec = 0;
ret = select(fd + 1, NULL, &w_fds, NULL, &tv);
if (ret > 0) {
errnosize = sizeof(connect_errno);
ret = getsockopt(fd, SOL_SOCKET,
SO_ERROR, &connect_errno, &errnosize);
if (ret >= 0 && connect_errno == 0) {
/* Connect succeed */
goto out;
}
}
slept = CONNECT_TIMEOUT;
break;
case EAGAIN:
slept = rand() % 3 + 1;
sleep(slept);
break;
default:
goto error_out;
}
}
out:
return fd;
error_out:
close(fd);
return -1;
}
static const char *winbindd_socket_dir(void)
{
#ifdef SOCKET_WRAPPER
const char *env_dir;
env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
if (env_dir) {
return env_dir;
}
#endif
return WINBINDD_SOCKET_DIR;
}
/* Connect to winbindd socket */
static int winbind_open_pipe_sock(int recursing, int need_priv)
{
#ifdef HAVE_UNIXSOCKET
static pid_t our_pid;
struct winbindd_request request;
struct winbindd_response response;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (our_pid != getpid()) {
winbind_close_sock();
our_pid = getpid();
}
if ((need_priv != 0) && (is_privileged == 0)) {
winbind_close_sock();
}
if (winbindd_fd != -1) {
return winbindd_fd;
}
if (recursing) {
return -1;
}
if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
return -1;
}
is_privileged = 0;
/* version-check the socket */
request.wb_flags = WBFLAG_RECURSE;
if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
winbind_close_sock();
return -1;
}
/* try and get priv pipe */
request.wb_flags = WBFLAG_RECURSE;
if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
int fd;
if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
close(winbindd_fd);
winbindd_fd = fd;
is_privileged = 1;
}
}
if ((need_priv != 0) && (is_privileged == 0)) {
return -1;
}
SAFE_FREE(response.extra_data.data);
return winbindd_fd;
#else
return -1;
#endif /* HAVE_UNIXSOCKET */
}
/* Write data to winbindd socket */
int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
{
int result, nwritten;
/* Open connection to winbind daemon */
restart:
if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
return -1;
}
/* Write data to socket */
nwritten = 0;
while(nwritten < count) {
struct timeval tv;
fd_set r_fds;
/* Catch pipe close on other end by checking if a read()
call would not block by calling select(). */
FD_ZERO(&r_fds);
FD_SET(winbindd_fd, &r_fds);
ZERO_STRUCT(tv);
if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
winbind_close_sock();
return -1; /* Select error */
}
/* Write should be OK if fd not available for reading */
if (!FD_ISSET(winbindd_fd, &r_fds)) {
/* Do the write */
result = write(winbindd_fd,
(char *)buffer + nwritten,
count - nwritten);
if ((result == -1) || (result == 0)) {
/* Write failed */
winbind_close_sock();
return -1;
}
nwritten += result;
} else {
/* Pipe has closed on remote end */
winbind_close_sock();
goto restart;
}
}
return nwritten;
}
/* Read data from winbindd socket */
int winbind_read_sock(void *buffer, int count)
{
int nread = 0;
int total_time = 0, selret;
if (winbindd_fd == -1) {
return -1;
}
/* Read data from socket */
while(nread < count) {
struct timeval tv;
fd_set r_fds;
/* Catch pipe close on other end by checking if a read()
call would not block by calling select(). */
FD_ZERO(&r_fds);
FD_SET(winbindd_fd, &r_fds);
ZERO_STRUCT(tv);
/* Wait for 5 seconds for a reply. May need to parameterise this... */
tv.tv_sec = 5;
if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
winbind_close_sock();
return -1; /* Select error */
}
if (selret == 0) {
/* Not ready for read yet... */
if (total_time >= 30) {
/* Timeout */
winbind_close_sock();
return -1;
}
total_time += 5;
continue;
}
if (FD_ISSET(winbindd_fd, &r_fds)) {
/* Do the Read */
int result = read(winbindd_fd, (char *)buffer + nread,
count - nread);
if ((result == -1) || (result == 0)) {
/* Read failed. I think the only useful thing we
can do here is just return -1 and fail since the
transaction has failed half way through. */
winbind_close_sock();
return -1;
}
nread += result;
}
}
return nread;
}
/* Read reply */
int winbindd_read_reply(struct winbindd_response *response)
{
int result1, result2 = 0;
if (!response) {
return -1;
}
/* Read fixed length response */
result1 = winbind_read_sock(response,
sizeof(struct winbindd_response));
if (result1 == -1) {
return -1;
}
/* We actually send the pointer value of the extra_data field from
the server. This has no meaning in the client's address space
so we clear it out. */
response->extra_data.data = NULL;
/* Read variable length response */
if (response->length > sizeof(struct winbindd_response)) {
int extra_data_len = response->length -
sizeof(struct winbindd_response);
/* Mallocate memory for extra data */
if (!(response->extra_data.data = malloc(extra_data_len))) {
return -1;
}
result2 = winbind_read_sock(response->extra_data.data,
extra_data_len);
if (result2 == -1) {
winbindd_free_response(response);
return -1;
}
}
/* Return total amount of data read */
return result1 + result2;
}
bool winbind_env_set(void)
{
char *env;
if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
if(strcmp(env, "1") == 0) {
return true;
}
}
return false;
}
/*
* send simple types of requests
*/
NSS_STATUS winbindd_send_request(int req_type, int need_priv,
struct winbindd_request *request)
{
struct winbindd_request lrequest;
/* Check for our tricky environment variable */
if (winbind_env_set()) {
return NSS_STATUS_NOTFOUND;
}
if (!request) {
ZERO_STRUCT(lrequest);
request = &lrequest;
}
/* Fill in request and send down pipe */
winbindd_init_request(request, req_type);
if (winbind_write_sock(request, sizeof(*request),
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1) {
return NSS_STATUS_UNAVAIL;
}
if ((request->extra_len != 0) &&
(winbind_write_sock(request->extra_data.data,
request->extra_len,
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1)) {
return NSS_STATUS_UNAVAIL;
}
return NSS_STATUS_SUCCESS;
}
/*
* Get results from winbindd request
*/
NSS_STATUS winbindd_get_response(struct winbindd_response *response)
{
struct winbindd_response lresponse;
if (!response) {
ZERO_STRUCT(lresponse);
response = &lresponse;
}
init_response(response);
/* Wait for reply */
if (winbindd_read_reply(response) == -1) {
return NSS_STATUS_UNAVAIL;
}
/* Throw away extra data if client didn't request it */
if (response == &lresponse) {
winbindd_free_response(response);
}
/* Copy reply data from socket */
if (response->result != WINBINDD_OK) {
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
/* Handle simple types of requests */
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response)
{
NSS_STATUS status = NSS_STATUS_UNAVAIL;
int count = 0;
while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
status = winbindd_send_request(req_type, 0, request);
if (status != NSS_STATUS_SUCCESS)
return(status);
status = winbindd_get_response(response);
count += 1;
}
return status;
}
NSS_STATUS winbindd_priv_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response)
{
NSS_STATUS status = NSS_STATUS_UNAVAIL;
int count = 0;
while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
status = winbindd_send_request(req_type, 1, request);
if (status != NSS_STATUS_SUCCESS)
return(status);
status = winbindd_get_response(response);
count += 1;
}
return status;
}
/*************************************************************************
A couple of simple functions to disable winbindd lookups and re-
enable them
************************************************************************/
bool winbind_off(void)
{
return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
}
bool winbind_on(void)
{
return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
}
/*************************************************************************
************************************************************************/
const char *nss_err_str(NSS_STATUS ret)
{
switch (ret) {
case NSS_STATUS_TRYAGAIN:
return "NSS_STATUS_TRYAGAIN";
case NSS_STATUS_SUCCESS:
return "NSS_STATUS_SUCCESS";
case NSS_STATUS_NOTFOUND:
return "NSS_STATUS_NOTFOUND";
case NSS_STATUS_UNAVAIL:
return "NSS_STATUS_UNAVAIL";
#ifdef NSS_STATUS_RETURN
case NSS_STATUS_RETURN:
return "NSS_STATUS_RETURN";
#endif
default:
return "UNKNOWN RETURN CODE!!!!!!!";
}
}

25
source4/nsswitch/winbind_client.h
View File

@ -1,25 +0,0 @@
#include "winbind_nss_config.h"
#include "winbind_struct_protocol.h"
void winbindd_init_request(struct winbindd_request *req,int rq_type);
void winbindd_free_response(struct winbindd_response *response);
NSS_STATUS winbindd_send_request(int req_type, int need_priv,
struct winbindd_request *request);
NSS_STATUS winbindd_get_response(struct winbindd_response *response);
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
NSS_STATUS winbindd_priv_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
int winbindd_read_reply(struct winbindd_response *response);
bool winbind_env_set(void);
bool winbind_off(void);
bool winbind_on(void);
int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
int winbind_read_sock(void *buffer, int count);
void winbind_close_sock(void);
const char *nss_err_str(NSS_STATUS ret);

76
source4/nsswitch/winbind_nss.h
View File

@ -1,76 +0,0 @@
/*
Unix SMB/CIFS implementation.
A common place to work out how to define NSS_STATUS on various
platforms.
Copyright (C) Tim Potter 2000
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _NSSWITCH_NSS_H
#define _NSSWITCH_NSS_H
#ifdef HAVE_NSS_COMMON_H
/*
* Sun Solaris
*/
#include "nsswitch/winbind_nss_solaris.h"
#elif HAVE_NSS_H
/*
* Linux (glibc)
*/
#include "nsswitch/winbind_nss_linux.h"
#elif HAVE_NS_API_H
/*
* SGI IRIX
*/
#include "nsswitch/winbind_nss_irix.h"
#elif defined(HPUX) && defined(HAVE_NSSWITCH_H)
/* HP-UX 11 */
#include "nsswitch/winbind_nss_hpux.h"
#elif defined(__NetBSD__) && defined(HAVE_GETPWENT_R)
/*
* NetBSD 3 and newer
*/
#include "nsswitch/winbind_nss_netbsd.h"
#else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */
typedef enum
{
NSS_STATUS_SUCCESS=0,
NSS_STATUS_NOTFOUND=1,
NSS_STATUS_UNAVAIL=2,
NSS_STATUS_TRYAGAIN=3
} NSS_STATUS;
#endif
#endif /* _NSSWITCH_NSS_H */

53
source4/nsswitch/winbind_nss_config.h
View File

@ -1,53 +0,0 @@
/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_CONFIG_H
#define _WINBIND_NSS_CONFIG_H
/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */
#ifdef SIZEOF_LONG
#undef SIZEOF_LONG
#endif
/* Include header files from data in config.h file */
#ifndef NO_CONFIG_H
#include "../replace/replace.h"
#endif
#include "system/passwd.h"
#include "system/filesys.h"
#include "system/network.h"
#include "nsswitch/winbind_nss.h"
/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
#ifndef S_IFSOCK
#define S_IFSOCK S_IFIFO
#endif
#ifndef S_ISSOCK
#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK)
#endif
#endif

137
source4/nsswitch/winbind_nss_hpux.h
View File

@ -1,137 +0,0 @@
/*
Unix SMB/CIFS implementation.
Donated by HP to enable Winbindd to build on HPUX 11.x.
Copyright (C) Jeremy Allison 2002.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_HPUX_H
#define _WINBIND_NSS_HPUX_H
#include <nsswitch.h>
#define NSS_STATUS_SUCCESS NSS_SUCCESS
#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
#ifdef HAVE_SYNCH_H
#include <synch.h>
#endif
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
typedef enum {
NSS_SUCCESS,
NSS_NOTFOUND,
NSS_UNAVAIL,
NSS_TRYAGAIN
} nss_status_t;
typedef nss_status_t NSS_STATUS;
struct nss_backend;
typedef nss_status_t (*nss_backend_op_t)(struct nss_backend *, void *args);
struct nss_backend {
nss_backend_op_t *ops;
int n_ops;
};
typedef struct nss_backend nss_backend_t;
typedef int nss_dbop_t;
#include <errno.h>
#include <netdb.h>
#include <limits.h>
#ifndef NSS_INCLUDE_UNSAFE
#define NSS_INCLUDE_UNSAFE 1 /* Build old, MT-unsafe interfaces, */
#endif /* NSS_INCLUDE_UNSAFE */
enum nss_netgr_argn {
NSS_NETGR_MACHINE,
NSS_NETGR_USER,
NSS_NETGR_DOMAIN,
NSS_NETGR_N
};
enum nss_netgr_status {
NSS_NETGR_FOUND,
NSS_NETGR_NO,
NSS_NETGR_NOMEM
};
typedef unsigned nss_innetgr_argc;
typedef char **nss_innetgr_argv;
struct nss_innetgr_1arg {
nss_innetgr_argc argc;
nss_innetgr_argv argv;
};
typedef struct {
void *result; /* "result" parameter to getXbyY_r() */
char *buffer; /* "buffer" " " */
int buflen; /* "buflen" " " */
} nss_XbyY_buf_t;
extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
union nss_XbyY_key {
uid_t uid;
gid_t gid;
const char *name;
int number;
struct {
long net;
int type;
} netaddr;
struct {
const char *addr;
int len;
int type;
} hostaddr;
struct {
union {
const char *name;
int port;
} serv;
const char *proto;
} serv;
void *ether;
};
typedef struct nss_XbyY_args {
nss_XbyY_buf_t buf;
int stayopen;
/*
* Support for setXXXent(stayopen)
* Used only in hosts, protocols,
* networks, rpc, and services.
*/
int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen);
union nss_XbyY_key key;
void *returnval;
int erange;
int h_errno;
nss_status_t status;
} nss_XbyY_args_t;
#endif /* _WINBIND_NSS_HPUX_H */

42
source4/nsswitch/winbind_nss_irix.h
View File

@ -1,42 +0,0 @@
/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_IRIX_H
#define _WINBIND_NSS_IRIX_H
/* following required to prevent warnings of double definition
* of datum from ns_api.h
*/
#ifdef DATUM
#define _DATUM_DEFINED
#endif
#include <ns_api.h>
typedef enum
{
NSS_STATUS_SUCCESS=NS_SUCCESS,
NSS_STATUS_NOTFOUND=NS_NOTFOUND,
NSS_STATUS_UNAVAIL=NS_UNAVAIL,
NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
} NSS_STATUS;
#endif /* _WINBIND_NSS_IRIX_H */

1281
source4/nsswitch/winbind_nss_linux.c
View File

File diff suppressed because it is too large Load Diff

29
source4/nsswitch/winbind_nss_linux.h
View File

@ -1,29 +0,0 @@
/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_LINUX_H
#define _WINBIND_NSS_LINUX_H
#include <nss.h>
typedef enum nss_status NSS_STATUS;
#endif /* _WINBIND_NSS_LINUX_H */

40
source4/nsswitch/winbind_nss_netbsd.h
View File

@ -1,40 +0,0 @@
/*
Unix SMB/CIFS implementation.
NetBSD loadable authentication module, providing identification
routines against Samba winbind/Windows NT Domain
Copyright (C) Luke Mewburn 2004-2005
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_NETBSD_H
#define _WINBIND_NSS_NETBSD_H
#include <nsswitch.h>
/* dynamic nsswitch with "new" getpw* nsdispatch API available */
#if defined(NSS_MODULE_INTERFACE_VERSION) && defined(HAVE_GETPWENT_R)
typedef int NSS_STATUS;
#define NSS_STATUS_SUCCESS NS_SUCCESS
#define NSS_STATUS_NOTFOUND NS_NOTFOUND
#define NSS_STATUS_UNAVAIL NS_UNAVAIL
#define NSS_STATUS_TRYAGAIN NS_TRYAGAIN
#endif /* NSS_MODULE_INTERFACE_VERSION && HAVE_GETPWENT_R */
#endif /* _WINBIND_NSS_NETBSD_H */

89
source4/nsswitch/winbind_nss_solaris.h
View File

@ -1,89 +0,0 @@
/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBIND_NSS_SOLARIS_H
#define _WINBIND_NSS_SOLARIS_H
/* Solaris has a broken nss_common header file containing C++ reserved names. */
#ifndef __cplusplus
#undef class
#undef private
#undef public
#undef protected
#undef template
#undef this
#undef new
#undef delete
#undef friend
#endif
#include <nss_common.h>
/*
TODO: we need to cleanup samba4's headers..
#ifndef __cplusplus
#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
#endif
*/
#include <nss_dbdefs.h>
#include <nsswitch.h>
typedef nss_status_t NSS_STATUS;
#define NSS_STATUS_SUCCESS NSS_SUCCESS
#define NSS_STATUS_NOTFOUND NSS_NOTFOUND
#define NSS_STATUS_UNAVAIL NSS_UNAVAIL
#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
/* The solaris winbind is implemented as a wrapper around the linux
version. */
NSS_STATUS _nss_winbind_setpwent(void);
NSS_STATUS _nss_winbind_endpwent(void);
NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer,
size_t buflen, int* errnop);
NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer,
size_t buflen, int* errnop);
NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result,
char* buffer, size_t buflen, int* errnop);
NSS_STATUS _nss_winbind_setgrent(void);
NSS_STATUS _nss_winbind_endgrent(void);
NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer,
size_t buflen, int* errnop);
NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
struct group *result, char *buffer,
size_t buflen, int *errnop);
NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
struct group *result, char *buffer,
size_t buflen, int *errnop);
#endif /* _WINBIND_NSS_SOLARIS_H */

507
source4/nsswitch/winbind_struct_protocol.h
View File

@ -1,507 +0,0 @@
/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
Copyright (C) Gerald Carter 2006
You are free to use this interface definition in any way you see
fit, including without restriction, using this header in your own
products. You do not need to give any attribution.
*/
#ifndef SAFE_FREE
#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
#endif
#ifndef _WINBINDD_NTDOM_H
#define _WINBINDD_NTDOM_H
#define _PSTRING
#define FSTRING_LEN 256
typedef char fstring[FSTRING_LEN];
#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
/* Let the build environment override the public winbindd socket location. This
* is needed for launchd support -- jpeach.
*/
#ifndef WINBINDD_SOCKET_DIR
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
#endif
/*
* when compiled with socket_wrapper support
* the location of the WINBINDD_SOCKET_DIR
* can be overwritten via an environment variable
*/
#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
/* Update this when you change the interface. */
#define WINBIND_INTERFACE_VERSION 19
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
The easiest way to do this is to always use 8byte values for time_t. */
#define SMB_TIME_T int64_t
/* Socket commands */
enum winbindd_cmd {
WINBINDD_INTERFACE_VERSION, /* Always a well known value */
/* Get users and groups */
WINBINDD_GETPWNAM,
WINBINDD_GETPWUID,
WINBINDD_GETGRNAM,
WINBINDD_GETGRGID,
WINBINDD_GETGROUPS,
/* Enumerate users and groups */
WINBINDD_SETPWENT,
WINBINDD_ENDPWENT,
WINBINDD_GETPWENT,
WINBINDD_SETGRENT,
WINBINDD_ENDGRENT,
WINBINDD_GETGRENT,
/* PAM authenticate and password change */
WINBINDD_PAM_AUTH,
WINBINDD_PAM_AUTH_CRAP,
WINBINDD_PAM_CHAUTHTOK,
WINBINDD_PAM_LOGOFF,
WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
/* List various things */
WINBINDD_LIST_USERS, /* List w/o rid->id mapping */
WINBINDD_LIST_GROUPS, /* Ditto */
WINBINDD_LIST_TRUSTDOM,
/* SID conversion */
WINBINDD_LOOKUPSID,
WINBINDD_LOOKUPNAME,
WINBINDD_LOOKUPRIDS,
/* Lookup functions */
WINBINDD_SID_TO_UID,
WINBINDD_SID_TO_GID,
WINBINDD_SIDS_TO_XIDS,
WINBINDD_UID_TO_SID,
WINBINDD_GID_TO_SID,
WINBINDD_ALLOCATE_UID,
WINBINDD_ALLOCATE_GID,
WINBINDD_SET_MAPPING,
WINBINDD_SET_HWM,
/* Miscellaneous other stuff */
WINBINDD_DUMP_MAPS,
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
WINBINDD_PING, /* Just tell me winbind is running */
WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
WINBINDD_DOMAIN_INFO, /* Most of what we know from
struct winbindd_domain */
WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
/* WINS commands */
WINBINDD_WINS_BYIP,
WINBINDD_WINS_BYNAME,
/* this is like GETGRENT but gives an empty group list */
WINBINDD_GETGRLST,
WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
/* find the location of our privileged pipe */
WINBINDD_PRIV_PIPE_DIR,
/* return a list of group sids for a user sid */
WINBINDD_GETUSERSIDS,
/* Various group queries */
WINBINDD_GETUSERDOMGROUPS,
/* Initialize connection in a child */
WINBINDD_INIT_CONNECTION,
/* Blocking calls that are not allowed on the main winbind pipe, only
* between parent and children */
WINBINDD_DUAL_SID2UID,
WINBINDD_DUAL_SID2GID,
WINBINDD_DUAL_SIDS2XIDS,
WINBINDD_DUAL_UID2SID,
WINBINDD_DUAL_GID2SID,
WINBINDD_DUAL_SET_MAPPING,
WINBINDD_DUAL_SET_HWM,
WINBINDD_DUAL_DUMP_MAPS,
/* Wrapper around possibly blocking unix nss calls */
WINBINDD_DUAL_UID2NAME,
WINBINDD_DUAL_NAME2UID,
WINBINDD_DUAL_GID2NAME,
WINBINDD_DUAL_NAME2GID,
WINBINDD_DUAL_USERINFO,
WINBINDD_DUAL_GETSIDALIASES,
/* Complete the challenge phase of the NTLM authentication
protocol using cached password. */
WINBINDD_CCACHE_NTLMAUTH,
WINBINDD_NUM_CMDS
};
typedef struct winbindd_pw {
fstring pw_name;
fstring pw_passwd;
uid_t pw_uid;
gid_t pw_gid;
fstring pw_gecos;
fstring pw_dir;
fstring pw_shell;
} WINBINDD_PW;
typedef struct winbindd_gr {
fstring gr_name;
fstring gr_passwd;
gid_t gr_gid;
uint32_t num_gr_mem;
uint32_t gr_mem_ofs; /* offset to group membership */
} WINBINDD_GR;
/* PAM specific request flags */
#define WBFLAG_PAM_INFO3_NDR 0x00000001
#define WBFLAG_PAM_INFO3_TEXT 0x00000002
#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
#define WBFLAG_PAM_LMKEY 0x00000008
#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
#define WBFLAG_PAM_UNIX_NAME 0x00000080
#define WBFLAG_PAM_AFS_TOKEN 0x00000100
#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
#define WBFLAG_PAM_KRB5 0x00001000
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 /* not used */
/* generic request flags */
#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
/* Flag to say this is a winbindd internal send - don't recurse. */
#define WBFLAG_RECURSE 0x00000800
#define WINBINDD_MAX_EXTRA_DATA (128*1024)
/* Winbind request structure */
/*******************************************************************************
* This structure MUST be the same size in the 32bit and 64bit builds
* for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
*
* DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
* A 64BIT WINBINDD --jerry
******************************************************************************/
struct winbindd_request {
uint32_t length;
enum winbindd_cmd cmd; /* Winbindd command to execute */
enum winbindd_cmd original_cmd; /* Original Winbindd command
issued to parent process */
pid_t pid; /* pid of calling process */
uint32_t wb_flags; /* generic flags */
uint32_t flags; /* flags relevant *only* to a given request */
fstring domain_name; /* name of domain for which the request applies */
union {
fstring winsreq; /* WINS request */
fstring username; /* getpwnam */
fstring groupname; /* getgrnam */
uid_t uid; /* getpwuid, uid_to_sid */
gid_t gid; /* getgrgid, gid_to_sid */
struct {
/* We deliberatedly don't split into domain/user to
avoid having the client know what the separator
character is. */
fstring user;
fstring pass;
char require_membership_of_sid[1024];
fstring krb5_cc_type;
uid_t uid;
} auth; /* pam_winbind auth module */
struct {
uint8_t chal[8];
uint32_t logon_parameters;
fstring user;
fstring domain;
fstring lm_resp;
uint32_t lm_resp_len;
fstring nt_resp;
uint32_t nt_resp_len;
fstring workstation;
fstring require_membership_of_sid;
} auth_crap;
struct {
fstring user;
fstring oldpass;
fstring newpass;
} chauthtok; /* pam_winbind passwd module */
struct {
fstring user;
fstring domain;
uint8_t new_nt_pswd[516];
uint16_t new_nt_pswd_len;
uint8_t old_nt_hash_enc[16];
uint16_t old_nt_hash_enc_len;
uint8_t new_lm_pswd[516];
uint16_t new_lm_pswd_len;
uint8_t old_lm_hash_enc[16];
uint16_t old_lm_hash_enc_len;
} chng_pswd_auth_crap;/* pam_winbind passwd module */
struct {
fstring user;
fstring krb5ccname;
uid_t uid;
} logoff; /* pam_winbind session module */
fstring sid; /* lookupsid, sid_to_[ug]id */
struct {
fstring dom_name; /* lookupname */
fstring name;
} name;
uint32_t num_entries; /* getpwent, getgrent */
struct {
fstring username;
fstring groupname;
} acct_mgt;
struct {
bool is_primary;
fstring dcname;
} init_conn;
struct {
fstring sid;
fstring name;
} dual_sid2id;
struct {
fstring sid;
uint32_t type;
uint32_t id;
} dual_idmapset;
bool list_all_domains;
struct {
uid_t uid;
fstring user;
/* the effective uid of the client, must be the uid for 'user'.
This is checked by the main daemon, trusted by children. */
/* if the blobs are length zero, then this doesn't
produce an actual challenge response. It merely
succeeds if there are cached credentials available
that could be used. */
uint32_t initial_blob_len; /* blobs in extra_data */
uint32_t challenge_blob_len;
} ccache_ntlm_auth;
/* padding -- needed to fix alignment between 32bit and 64bit libs.
The size is the sizeof the union without the padding aligned on
an 8 byte boundary. --jerry */
char padding[1800];
} data;
union {
SMB_TIME_T padding;
char *data;
} extra_data;
uint32_t extra_len;
char null_term;
};
/* Response values */
enum winbindd_result {
WINBINDD_ERROR,
WINBINDD_PENDING,
WINBINDD_OK
};
/* Winbind response structure */
/*******************************************************************************
* This structure MUST be the same size in the 32bit and 64bit builds
* for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
*
* DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
* A 64BIT WINBINDD --jerry
******************************************************************************/
struct winbindd_response {
/* Header information */
uint32_t length; /* Length of response */
enum winbindd_result result; /* Result code */
/* Fixed length return data */
union {
int interface_version; /* Try to ensure this is always in the same spot... */
fstring winsresp; /* WINS response */
/* getpwnam, getpwuid */
struct winbindd_pw pw;
/* getgrnam, getgrgid */
struct winbindd_gr gr;
uint32_t num_entries; /* getpwent, getgrent */
struct winbindd_sid {
fstring sid; /* lookupname, [ug]id_to_sid */
int type;
} sid;
struct winbindd_name {
fstring dom_name; /* lookupsid */
fstring name;
int type;
} name;
uid_t uid; /* sid_to_uid */
gid_t gid; /* sid_to_gid */
struct winbindd_info {
char winbind_separator;
fstring samba_version;
} info;
fstring domain_name;
fstring netbios_name;
fstring dc_name;
struct auth_reply {
uint32_t nt_status;
fstring nt_status_string;
fstring error_string;
int pam_error;
char user_session_key[16];
char first_8_lm_hash[8];
fstring krb5ccname;
uint32_t reject_reason;
uint32_t padding;
struct policy_settings {
uint32_t min_length_password;
uint32_t password_history;
uint32_t password_properties;
uint32_t padding;
SMB_TIME_T expire;
SMB_TIME_T min_passwordage;
} policy;
struct info3_text {
SMB_TIME_T logon_time;
SMB_TIME_T logoff_time;
SMB_TIME_T kickoff_time;
SMB_TIME_T pass_last_set_time;
SMB_TIME_T pass_can_change_time;
SMB_TIME_T pass_must_change_time;
uint32_t logon_count;
uint32_t bad_pw_count;
uint32_t user_rid;
uint32_t group_rid;
uint32_t num_groups;
uint32_t user_flgs;
uint32_t acct_flags;
uint32_t num_other_sids;
fstring dom_sid;
fstring user_name;
fstring full_name;
fstring logon_script;
fstring profile_path;
fstring home_dir;
fstring dir_drive;
fstring logon_srv;
fstring logon_dom;
} info3;
} auth;
struct {
fstring name;
fstring alt_name;
fstring sid;
bool native_mode;
bool active_directory;
bool primary;
} domain_info;
uint32_t sequence_number;
struct {
fstring acct_name;
fstring full_name;
fstring homedir;
fstring shell;
uint32_t primary_gid;
uint32_t group_rid;
} user_info;
struct {
uint32_t auth_blob_len; /* blob in extra_data */
} ccache_ntlm_auth;
} data;
/* Variable length return data */
union {
SMB_TIME_T padding;
void *data;
} extra_data;
};
struct WINBINDD_MEMORY_CREDS {
struct WINBINDD_MEMORY_CREDS *next, *prev;
const char *username; /* lookup key. */
uid_t uid;
int ref_count;
size_t len;
uint8_t *nt_hash; /* Base pointer for the following 2 */
uint8_t *lm_hash;
char *pass;
};
struct WINBINDD_CCACHE_ENTRY {
struct WINBINDD_CCACHE_ENTRY *next, *prev;
const char *principal_name;
const char *ccname;
const char *service;
const char *username;
const char *realm;
struct WINBINDD_MEMORY_CREDS *cred_ptr;
int ref_count;
uid_t uid;
time_t create_time;
time_t renew_until;
time_t refresh_time;
struct timed_event *event;
};
#endif

3
source4/winbind/wb_samba3_protocol.c
View File

@ -183,15 +183,18 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call)
case WINBINDD_ALLOCATE_UID:
case WINBINDD_ALLOCATE_GID:
case WINBINDD_SET_MAPPING:
case WINBINDD_REMOVE_MAPPING:
case WINBINDD_SET_HWM:
case WINBINDD_DOMAIN_INFO:
case WINBINDD_SHOW_SEQUENCE:
case WINBINDD_WINS_BYIP:
case WINBINDD_WINS_BYNAME:
case WINBINDD_GETGRLST:
case WINBINDD_DSGETDCNAME:
case WINBINDD_INIT_CONNECTION:
case WINBINDD_DUAL_SIDS2XIDS:
case WINBINDD_DUAL_SET_MAPPING:
case WINBINDD_DUAL_REMOVE_MAPPING:
case WINBINDD_DUAL_SET_HWM:
case WINBINDD_DUAL_USERINFO:
case WINBINDD_DUAL_GETSIDALIASES: