Some more 'winbind default domain' support patches from Alexander Bokovoy

<a.bokovoy@sam-solutions.net>.

This patch is designed to remove the 'special cases' required for this support.

In particular this now kills off winbind_initgroups, as it appears no longer to
be required.

Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)

source3/lib/username.c

@@ -36,6 +36,33 @@ BOOL name_is_local(const char *name)
 	return !(strchr_m(name, *lp_winbind_separator()));
 }
 
+/*****************************************************************
+ Splits passed user or group name to domain and user/group name parts
+ Returns True if name was splitted and False otherwise.
+*****************************************************************/
+
+BOOL split_domain_and_name(const char *name, char *domain, char* username)
+{
+	char *p = strchr(name,*lp_winbind_separator());
+	
+	
+	/* Parse a string of the form DOMAIN/user into a domain and a user */
+	DEBUG(10,("split_domain_and_name: checking whether name |%s| local or not\n", name));
+	
+	if (p) {
+		fstrcpy(username, p+1);
+		fstrcpy(domain, name);
+		domain[PTR_DIFF(p, name)] = 0;
+	} else if (lp_winbind_use_default_domain()) {
+		fstrcpy(username, name);
+		fstrcpy(domain, lp_workgroup());
+	} else
+		return False;
+	
+	DEBUG(10,("split_domain_and_name: all is fine, domain is |%s| and name is |%s|\n", domain, username));
+	return True;
+}
+
 /****************************************************************************
  Get a users home directory.
 ****************************************************************************/

source3/lib/util_getent.c

@@ -273,6 +273,12 @@ struct sys_userlist *get_users_in_group(const char *gname)
 {
 	struct sys_userlist *list_head = NULL;
 	struct group *gptr;
+	fstring domain;
+	fstring groupname;
+	DOM_SID sid;
+	enum SID_NAME_USE name_type;
+
+	(void) split_domain_and_name(gname, domain, groupname);
 
 	/*
 	 * If we're doing this via winbindd, don't do the
@@ -280,7 +286,7 @@ struct sys_userlist *get_users_in_group(const char *gname)
 	 * pointless (and slow).
 	 */
 
-	if (strchr(gname,*lp_winbind_separator()) || lp_winbind_use_default_domain()) {
+	if (winbind_lookup_name(domain, groupname, &sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
 		if ((gptr = (struct group *)getgrnam(gname)) == NULL)
 			return NULL;
 		return add_members_to_userlist(list_head, gptr);

source3/nsswitch/wb_client.c

@@ -229,7 +229,7 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
 }
 
 /* Fetch the list of groups a user is a member of from winbindd.  This is
-   used by winbind_initgroups and winbind_getgroups. */
+   used by winbind_getgroups. */
 
 static int wb_getgroups(const char *user, gid_t **groups)
 {
@@ -257,86 +257,6 @@ static int wb_getgroups(const char *user, gid_t **groups)
 	return -1;
 }
 
-/* Call winbindd to initialise group membership.  This is necessary for
-   some systems (i.e RH5.2) that do not have an initgroups function as part
-   of the nss extension.  In RH5.2 this is implemented using getgrent()
-   which can be amazingly inefficient as well as having problems with
-   username case. */
-
-int winbind_initgroups(char *user, gid_t gid)
-{
-	gid_t *tgr, *groups = NULL;
-	int result;
-
-	/* Call normal initgroups if we are a local user */
-
-	if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain())) {
-		return initgroups(user, gid);
-	}
-
-	result = wb_getgroups(user, &groups);
-
-	DEBUG(10,("winbind_getgroups: %s: result = %s\n", user, 
-		  result == -1 ? "FAIL" : "SUCCESS"));
-
-	if (result != -1) {
-		int ngroups = result, i;
-		BOOL is_member = False;
-
-		/* Check to see if the passed gid is already in the list */
-
-		for (i = 0; i < ngroups; i++) {
-			if (groups[i] == gid) {
-				is_member = True;
-			}
-		}
-
-		/* Add group to list if necessary */
-
-		if (!is_member) {
-			tgr = (gid_t *)Realloc(groups, sizeof(gid_t) * ngroups + 1);
-			
-			if (!tgr) {
-				errno = ENOMEM;
-				result = -1;
-				goto done;
-			}
-			else groups = tgr;
-
-			groups[ngroups] = gid;
-			ngroups++;
-		}
-
-		/* Set the groups */
-
-		if (sys_setgroups(ngroups, groups) == -1) {
-			errno = EPERM;
-			result = -1;
-			goto done;
-		}
-
-	} else {
-		/* The call failed but if 'winbind use default domain' is 'true', we
-		    should call normal initgroups. */
-		    
-		if (lp_winbind_use_default_domain()) {
-			return initgroups(user, gid);
-		} else {
-			/* The call failed.  Set errno to something so we don't get
-			   a bogus value from the last failed system call. */
-
-			errno = EIO;
-		}
-	}
-
-	/* Free response data if necessary */
-
- done:
-	SAFE_FREE(groups);
-
-	return result;
-}
-
 /* Return a list of groups the user is a member of.  This function is
    useful for large systems where inverting the group database would be too
    time consuming.  If size is zero, list is not modified and the total

source3/smbd/sec_ctx.c

@@ -185,7 +185,7 @@ BOOL initialise_groups(char *user, uid_t uid, gid_t gid)
 
 	/* Call initgroups() to get user groups */
 
-	if (winbind_initgroups(user,gid) == -1) {
+	if (initgroups(user,gid) == -1) {
 		DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
 		if (getuid() == 0) {
 			if (gid < 0 || gid > 32767 || uid < 0 || uid > 32767) {

source3/smbd/service.c

@@ -84,7 +84,7 @@ int add_home_service(const char *service, const char *homedir)
 	int iHomeService;
 	int iService;
 	fstring new_service;
-	char *usr_p = NULL;
+	fstring domain;
 
 	if (!service || !homedir)
 		return -1;
@@ -99,11 +99,7 @@ int add_home_service(const char *service, const char *homedir)
 	 * include any macros.
 	 */
 
-	fstrcpy(new_service, service);
-
-	if ((usr_p = strchr_m(service,*lp_winbind_separator())) != NULL)
-		fstrcpy(new_service, usr_p+1);
-
+	split_domain_and_name(service, domain, new_service);
 	lp_add_home(new_service, iHomeService, homedir);
 	iService = lp_servicenumber(new_service);