mirror of
https://github.com/samba-team/samba.git
synced 2025-03-29 02:50:28 +03:00
s3: Implement wbcGetpwsid
* Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3.
This commit is contained in:
Dan Sledz
Steven Danneman
parent
4e69f23857
commit
aed8e9aa0a
@ -190,6 +190,45 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd)
|
||||
return wbc_status;
|
||||
}
|
||||
|
||||
/* Fill in a struct passwd* for a domain user based on sid */
|
||||
wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd)
|
||||
{
|
||||
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
||||
struct winbindd_request request;
|
||||
struct winbindd_response response;
|
||||
char * sid_string = NULL;
|
||||
|
||||
if (!pwd) {
|
||||
wbc_status = WBC_ERR_INVALID_PARAM;
|
||||
BAIL_ON_WBC_ERROR(wbc_status);
|
||||
}
|
||||
|
||||
wbc_status = wbcSidToString(sid, &sid_string);
|
||||
BAIL_ON_WBC_ERROR(wbc_status);
|
||||
|
||||
/* Initialize request */
|
||||
|
||||
ZERO_STRUCT(request);
|
||||
ZERO_STRUCT(response);
|
||||
|
||||
strncpy(request.data.sid, sid_string, sizeof(request.data.sid));
|
||||
|
||||
wbc_status = wbcRequestResponse(WINBINDD_GETPWSID,
|
||||
&request,
|
||||
&response);
|
||||
BAIL_ON_WBC_ERROR(wbc_status);
|
||||
|
||||
*pwd = copy_passwd_entry(&response.data.pw);
|
||||
BAIL_ON_PTR_ERROR(*pwd, wbc_status);
|
||||
|
||||
done:
|
||||
if (sid_string) {
|
||||
wbcFreeMemory(sid_string);
|
||||
}
|
||||
|
||||
return wbc_status;
|
||||
}
|
||||
|
||||
/* Fill in a struct passwd* for a domain user based on username */
|
||||
wbcErr wbcGetgrnam(const char *name, struct group **grp)
|
||||
{
|
||||
|
||||
@ -60,9 +60,10 @@ const char *wbcErrorString(wbcErr error);
|
||||
* 0.1: Initial version
|
||||
* 0.2: Added wbcRemoveUidMapping()
|
||||
* Added wbcRemoveGidMapping()
|
||||
* 0.3: Added wbcGetpwsid()
|
||||
**/
|
||||
#define WBCLIENT_MAJOR_VERSION 0
|
||||
#define WBCLIENT_MINOR_VERSION 2
|
||||
#define WBCLIENT_MINOR_VERSION 3
|
||||
#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
|
||||
struct wbcLibraryDetails {
|
||||
uint16_t major_version;
|
||||
@ -836,6 +837,17 @@ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
|
||||
**/
|
||||
wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
|
||||
|
||||
/**
|
||||
* @brief Fill in a struct passwd* for a domain user based
|
||||
* on sid
|
||||
*
|
||||
* @param sid Sid to lookup
|
||||
* @param **pwd Pointer to resulting struct passwd* from the query.
|
||||
*
|
||||
* @return #wbcErr
|
||||
**/
|
||||
wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
|
||||
|
||||
/**
|
||||
* @brief Fill in a struct passwd* for a domain user based
|
||||
* on username
|
||||
|
||||
@ -202,6 +202,31 @@ static bool wbinfo_get_uidinfo(int uid)
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool wbinfo_get_user_sidinfo(const char *sid_str)
|
||||
{
|
||||
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
||||
struct passwd *pwd = NULL;
|
||||
struct wbcDomainSid sid;
|
||||
|
||||
wbc_status = wbcStringToSid(sid_str, &sid);
|
||||
wbc_status = wbcGetpwsid(&sid, &pwd);
|
||||
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
d_printf("%s:%s:%d:%d:%s:%s:%s\n",
|
||||
pwd->pw_name,
|
||||
pwd->pw_passwd,
|
||||
pwd->pw_uid,
|
||||
pwd->pw_gid,
|
||||
pwd->pw_gecos,
|
||||
pwd->pw_dir,
|
||||
pwd->pw_shell);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* pull grent for a given group */
|
||||
static bool wbinfo_get_groupinfo(const char *group)
|
||||
{
|
||||
@ -1564,6 +1589,7 @@ enum {
|
||||
OPT_LIST_ALL_DOMAINS,
|
||||
OPT_LIST_OWN_DOMAIN,
|
||||
OPT_UID_INFO,
|
||||
OPT_USER_SIDINFO,
|
||||
OPT_GROUP_INFO,
|
||||
OPT_GID_INFO,
|
||||
OPT_VERBOSE,
|
||||
@ -1622,6 +1648,7 @@ int main(int argc, char **argv, char **envp)
|
||||
{ "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
|
||||
{ "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
|
||||
{ "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
|
||||
{ "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
|
||||
{ "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
|
||||
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
|
||||
{ "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
|
||||
@ -1860,6 +1887,13 @@ int main(int argc, char **argv, char **envp)
|
||||
goto done;
|
||||
}
|
||||
break;
|
||||
case OPT_USER_SIDINFO:
|
||||
if ( !wbinfo_get_user_sidinfo(string_arg)) {
|
||||
d_fprintf(stderr, "Could not get info for user sid %s\n",
|
||||
string_arg);
|
||||
goto done;
|
||||
}
|
||||
break;
|
||||
case OPT_UID_INFO:
|
||||
if ( !wbinfo_get_uidinfo(int_arg)) {
|
||||
d_fprintf(stderr, "Could not get info for uid "
|
||||
|
||||
@ -39,9 +39,11 @@
|
||||
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
|
||||
#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
|
||||
|
||||
/* Update this when you change the interface. */
|
||||
|
||||
#define WINBIND_INTERFACE_VERSION 20
|
||||
/* Update this when you change the interface.
|
||||
* 21: added WINBINDD_GETPWSID
|
||||
* added WINBINDD_GETSIDALIASES
|
||||
*/
|
||||
#define WINBIND_INTERFACE_VERSION 21
|
||||
|
||||
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
|
||||
On a 64bit Linux box, we have to support a constant structure size
|
||||
@ -60,6 +62,7 @@ enum winbindd_cmd {
|
||||
|
||||
WINBINDD_GETPWNAM,
|
||||
WINBINDD_GETPWUID,
|
||||
WINBINDD_GETPWSID,
|
||||
WINBINDD_GETGRNAM,
|
||||
WINBINDD_GETGRGID,
|
||||
WINBINDD_GETGROUPS,
|
||||
|
||||
@ -1660,6 +1660,8 @@ bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid);
|
||||
bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid);
|
||||
bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid);
|
||||
bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid);
|
||||
struct passwd * winbind_getpwnam(const char * sname);
|
||||
struct passwd * winbind_getpwsid(const DOM_SID *sid);
|
||||
wbcErr wb_is_trusted_domain(const char *domain);
|
||||
bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
|
||||
const DOM_SID *domain_sid,
|
||||
@ -1668,22 +1670,6 @@ bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
|
||||
const char ***names, enum lsa_SidType **types);
|
||||
bool winbind_allocate_uid(uid_t *uid);
|
||||
bool winbind_allocate_gid(gid_t *gid);
|
||||
bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
|
||||
enum lsa_SidType *name_type);
|
||||
bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
|
||||
const char **domain, const char **name,
|
||||
enum lsa_SidType *name_type);
|
||||
bool winbind_ping(void);
|
||||
bool winbind_sid_to_uid(uid_t *puid, const DOM_SID *sid);
|
||||
bool winbind_uid_to_sid(DOM_SID *sid, uid_t uid);
|
||||
bool winbind_sid_to_gid(gid_t *pgid, const DOM_SID *sid);
|
||||
bool winbind_gid_to_sid(DOM_SID *sid, gid_t gid);
|
||||
wbcErr wb_is_trusted_domain(const char *domain);
|
||||
bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
|
||||
const DOM_SID *domain_sid,
|
||||
int num_rids, uint32 *rids,
|
||||
const char **domain_name,
|
||||
const char ***names, enum lsa_SidType **types);
|
||||
|
||||
/* The following definitions come from lib/wins_srv.c */
|
||||
|
||||
|
||||
@ -24,6 +24,43 @@
|
||||
|
||||
#include "nsswitch/libwbclient/wbclient.h"
|
||||
|
||||
struct passwd * winbind_getpwnam(const char * name)
|
||||
{
|
||||
wbcErr result;
|
||||
struct passwd * tmp_pwd = NULL;
|
||||
struct passwd * pwd = NULL;
|
||||
|
||||
result = wbcGetpwnam(name, &tmp_pwd);
|
||||
if (result != WBC_ERR_SUCCESS)
|
||||
return pwd;
|
||||
|
||||
pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
|
||||
|
||||
wbcFreeMemory(tmp_pwd);
|
||||
|
||||
return pwd;
|
||||
}
|
||||
|
||||
struct passwd * winbind_getpwsid(const DOM_SID *sid)
|
||||
{
|
||||
wbcErr result;
|
||||
struct passwd * tmp_pwd = NULL;
|
||||
struct passwd * pwd = NULL;
|
||||
struct wbcDomainSid dom_sid;
|
||||
|
||||
memcpy(&dom_sid, sid, sizeof(dom_sid));
|
||||
|
||||
result = wbcGetpwsid(&dom_sid, &tmp_pwd);
|
||||
if (result != WBC_ERR_SUCCESS)
|
||||
return pwd;
|
||||
|
||||
pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
|
||||
|
||||
wbcFreeMemory(tmp_pwd);
|
||||
|
||||
return pwd;
|
||||
}
|
||||
|
||||
/* Call winbindd to convert a name to a sid */
|
||||
|
||||
bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
|
||||
@ -236,6 +273,16 @@ bool winbind_allocate_gid(gid_t *gid)
|
||||
|
||||
#else /* WITH_WINBIND */
|
||||
|
||||
struct passwd * winbind_getpwnam(const char * name)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct passwd * winbind_getpwsid(const DOM_SID *sid)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bool winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid,
|
||||
enum lsa_SidType *name_type)
|
||||
{
|
||||
|
||||
@ -420,6 +420,7 @@ static struct winbindd_dispatch_table {
|
||||
|
||||
{ WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" },
|
||||
{ WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" },
|
||||
{ WINBINDD_GETPWSID, winbindd_getpwsid, "GETPWSID" },
|
||||
|
||||
{ WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" },
|
||||
{ WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" },
|
||||
|
||||
@ -495,6 +495,7 @@ enum winbindd_result winbindd_dual_userinfo(struct winbindd_domain *domain,
|
||||
struct winbindd_cli_state *state);
|
||||
void winbindd_getpwnam(struct winbindd_cli_state *state);
|
||||
void winbindd_getpwuid(struct winbindd_cli_state *state);
|
||||
void winbindd_getpwsid(struct winbindd_cli_state *state);
|
||||
void winbindd_setpwent(struct winbindd_cli_state *state);
|
||||
void winbindd_endpwent(struct winbindd_cli_state *state);
|
||||
void winbindd_getpwent(struct winbindd_cli_state *state);
|
||||
|
||||
@ -217,8 +217,8 @@ static void getpwsid_queryuser_recv(void *private_data, bool success,
|
||||
static void getpwsid_sid2uid_recv(void *private_data, bool success, uid_t uid);
|
||||
static void getpwsid_sid2gid_recv(void *private_data, bool success, gid_t gid);
|
||||
|
||||
static void winbindd_getpwsid(struct winbindd_cli_state *state,
|
||||
const DOM_SID *sid)
|
||||
static void getpwsid_queryuser(struct winbindd_cli_state *state,
|
||||
const DOM_SID *sid)
|
||||
{
|
||||
struct getpwsid_state *s;
|
||||
|
||||
@ -509,7 +509,7 @@ static void getpwnam_name2sid_recv(void *private_data, bool success,
|
||||
check_domain_trusted(domname, sid);
|
||||
}
|
||||
|
||||
winbindd_getpwsid(state, sid);
|
||||
getpwsid_queryuser(state, sid);
|
||||
}
|
||||
|
||||
static void getpwuid_recv(void *private_data, bool success, const char *sid)
|
||||
@ -535,7 +535,7 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid)
|
||||
return;
|
||||
}
|
||||
|
||||
winbindd_getpwsid(state, &user_sid);
|
||||
getpwsid_queryuser(state, &user_sid);
|
||||
}
|
||||
|
||||
/* Return a password structure given a uid number */
|
||||
@ -553,6 +553,26 @@ void winbindd_getpwuid(struct winbindd_cli_state *state)
|
||||
winbindd_uid2sid_async(state->mem_ctx, uid, getpwuid_recv, state);
|
||||
}
|
||||
|
||||
/* Return a password structure given a sid */
|
||||
void winbindd_getpwsid(struct winbindd_cli_state *state)
|
||||
{
|
||||
DOM_SID sid;
|
||||
|
||||
/* Ensure null termination */
|
||||
state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
|
||||
|
||||
DEBUG(3, ("[%5lu]: getpwsid %s\n", (unsigned long)state->pid,
|
||||
state->request.data.sid));
|
||||
|
||||
if (!string_to_sid(&sid, state->request.data.sid)) {
|
||||
DEBUG(5, ("%s not a SID\n", state->request.data.sid));
|
||||
request_error(state);
|
||||
return;
|
||||
}
|
||||
|
||||
getpwsid_queryuser(state, &sid);
|
||||
}
|
||||
|
||||
/*
|
||||
* set/get/endpwent functions
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user