mirror of
https://github.com/samba-team/samba.git
synced 2025-01-13 13:18:06 +03:00
390 lines
8.8 KiB
C
390 lines
8.8 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
AIX loadable authentication module, providing identification
|
|
routines against Samba winbind/Windows NT Domain
|
|
|
|
Copyright (C) Tim Potter 2003
|
|
Copyright (C) Steve Roylance 2003
|
|
Copyright (C) Andrew Tridgell 2003
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Library General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Library General Public
|
|
License along with this library; if not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
/*
|
|
see
|
|
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm
|
|
for information in the interface that this module implements
|
|
*/
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <usersec.h>
|
|
#include <errno.h>
|
|
#include <stdarg.h>
|
|
|
|
#include "winbind_client.h"
|
|
|
|
/*
|
|
the documentation doesn't say so, but experimentation shows that all
|
|
of the functions need to return static data, and the area can be
|
|
freed only when the same function is called again, or the close
|
|
method is called on the module. Note that this matches the standard
|
|
behaviour of functions like getpwnam().
|
|
|
|
The most puzzling thing about this AIX interface is that it seems to
|
|
offer no way of providing a user or group enumeration method. You
|
|
can find out any amount of detail about a user or group once you
|
|
know the name, but you can't obtain a list of those names. If anyone
|
|
does find out how to do this then please let me know (yes, I should
|
|
be able to find out as I work for IBM, and this is an IBM interface,
|
|
but finding the right person to ask is a mammoth task!)
|
|
|
|
tridge@samba.org October 2003
|
|
*/
|
|
|
|
|
|
/*
|
|
each function uses one of the following lists of memory, declared
|
|
static in each backend method. This allows the function to destroy
|
|
the memory when that backend is called next time
|
|
*/
|
|
struct mem_list {
|
|
struct mem_list *next, *prev;
|
|
void *p;
|
|
};
|
|
|
|
|
|
/* allocate some memory on a mem_list */
|
|
static void *list_alloc(struct mem_list **list, size_t size)
|
|
{
|
|
struct mem_list *m;
|
|
m = malloc(sizeof(*m));
|
|
if (!m) {
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
}
|
|
m->p = malloc(size);
|
|
if (!m->p) {
|
|
errno = ENOMEM;
|
|
free(m);
|
|
return NULL;
|
|
}
|
|
m->next = *list;
|
|
m->prev = NULL;
|
|
if (*list) {
|
|
(*list)->prev = m;
|
|
}
|
|
(*list) = m;
|
|
return m->p;
|
|
}
|
|
|
|
/* duplicate a string using list_alloc() */
|
|
static char *list_strdup(struct mem_list **list, const char *s)
|
|
{
|
|
char *ret = list_alloc(list, strlen(s)+1);
|
|
if (!ret) return NULL;
|
|
strcpy(ret, s);
|
|
return ret;
|
|
}
|
|
|
|
/* destroy a mem_list */
|
|
static void list_destory(struct mem_list **list)
|
|
{
|
|
struct mem_list *m, *next;
|
|
for (m=*list; m; m=next) {
|
|
next = m->next;
|
|
free(m->p);
|
|
free(m);
|
|
}
|
|
(*list) = NULL;
|
|
}
|
|
|
|
|
|
#define HANDLE_ERRORS(ret) do { \
|
|
if ((ret) == NSS_STATUS_NOTFOUND) { \
|
|
errno = ENOENT; \
|
|
return NULL; \
|
|
} else if ((ret) != NSS_STATUS_SUCCESS) { \
|
|
errno = EIO; \
|
|
return NULL; \
|
|
} \
|
|
} while (0)
|
|
|
|
/*
|
|
fill a struct passwd from a winbindd_pw struct, using memory from a mem_list
|
|
*/
|
|
static struct passwd *fill_pwent(struct mem_list **list, struct winbindd_pw *pw)
|
|
{
|
|
struct passwd *result;
|
|
|
|
if (!(result = list_alloc(list, sizeof(struct passwd)))) {
|
|
return NULL;
|
|
}
|
|
|
|
ZERO_STRUCTP(result);
|
|
|
|
result->pw_uid = pw->pw_uid;
|
|
result->pw_gid = pw->pw_gid;
|
|
|
|
/* strings */
|
|
if ((result->pw_name = list_strdup(list, pw->pw_name)) == NULL ||
|
|
(result->pw_passwd = list_strdup(list, pw->pw_passwd)) == NULL ||
|
|
(result->pw_gecos = list_strdup(list, pw->pw_gecos)) == NULL ||
|
|
(result->pw_dir = list_strdup(list, pw->pw_dir)) == NULL ||
|
|
(result->pw_shell = list_strdup(list, pw->pw_shell)) == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
|
|
/*
|
|
fill a struct group from a winbindd_pw struct, using memory from a mem_list
|
|
*/
|
|
static struct group *fill_grent(struct mem_list **list, struct winbindd_gr *gr, char *gr_mem)
|
|
{
|
|
int i;
|
|
char *tst;
|
|
struct group *result;
|
|
char *name, *p;
|
|
|
|
if (!(result = list_alloc(list, sizeof(struct group)))) {
|
|
return NULL;
|
|
}
|
|
|
|
ZERO_STRUCTP(result);
|
|
|
|
result->gr_gid = gr->gr_gid;
|
|
|
|
/* Group name */
|
|
if ((result->gr_name = list_strdup(list, gr->gr_name)) == NULL ||
|
|
(result->gr_passwd = list_strdup(list, gr->gr_passwd)) == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
/* Group membership */
|
|
if ((gr->num_gr_mem < 0) || !gr_mem) {
|
|
gr->num_gr_mem = 0;
|
|
}
|
|
|
|
if (gr->num_gr_mem == 0) {
|
|
/* Group is empty */
|
|
return result;
|
|
}
|
|
|
|
tst = list_alloc(list, (gr->num_gr_mem + 1) * sizeof(char *));
|
|
if (!tst) {
|
|
return NULL;
|
|
}
|
|
|
|
result->gr_mem = (char **)tst;
|
|
|
|
/* Start looking at extra data */
|
|
i=0;
|
|
for (name = strtok_r(gr_mem, ",", &p);
|
|
name;
|
|
name = strtok_r(NULL, ",", &p)) {
|
|
if (i >= gr->num_gr_mem) {
|
|
return NULL;
|
|
}
|
|
(result->gr_mem)[i] = list_strdup(list, name);
|
|
if ((result->gr_mem)[i] == NULL) {
|
|
return NULL;
|
|
}
|
|
i++;
|
|
}
|
|
|
|
/* Terminate list */
|
|
(result->gr_mem)[i] = NULL;
|
|
|
|
return result;
|
|
}
|
|
|
|
|
|
|
|
/* take a group id and return a filled struct group */
|
|
static struct group *wb_aix_getgrgid(gid_t gid)
|
|
{
|
|
static struct mem_list *list;
|
|
struct winbindd_response response;
|
|
struct winbindd_request request;
|
|
struct group *grp;
|
|
NSS_STATUS ret;
|
|
|
|
list_destory(&list);
|
|
|
|
ZERO_STRUCT(response);
|
|
ZERO_STRUCT(request);
|
|
|
|
request.data.gid = gid;
|
|
|
|
ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
|
|
|
|
HANDLE_ERRORS(ret);
|
|
|
|
grp = fill_grent(&list, &response.data.gr, response.extra_data);
|
|
|
|
free_response(&response);
|
|
|
|
return grp;
|
|
}
|
|
|
|
/* take a group name and return a filled struct group */
|
|
static struct group *wb_aix_getgrnam(const char *name)
|
|
{
|
|
static struct mem_list *list;
|
|
struct winbindd_response response;
|
|
struct winbindd_request request;
|
|
NSS_STATUS ret;
|
|
struct group *grp;
|
|
|
|
list_destory(&list);
|
|
|
|
ZERO_STRUCT(response);
|
|
ZERO_STRUCT(request);
|
|
|
|
if (strlen(name)+1 > sizeof(request.data.groupname)) {
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
strcpy(request.data.groupname, name);
|
|
|
|
ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
|
|
|
|
HANDLE_ERRORS(ret);
|
|
|
|
grp = fill_grent(&list, &response.data.gr, response.extra_data);
|
|
|
|
free_response(&response);
|
|
|
|
return grp;
|
|
}
|
|
|
|
|
|
/* take a username and return a string containing a comma-separated
|
|
list of group id numbers to which the user belongs */
|
|
static char *wb_aix_getgrset(char *user)
|
|
{
|
|
static struct mem_list *list;
|
|
struct winbindd_response response;
|
|
struct winbindd_request request;
|
|
NSS_STATUS ret;
|
|
int i, idx;
|
|
char *tmpbuf;
|
|
int num_gids;
|
|
gid_t *gid_list;
|
|
|
|
list_destory(&list);
|
|
|
|
if (strlen(user)+1 > sizeof(request.data.username)) {
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
strcpy(request.data.username, user);
|
|
|
|
ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
|
|
|
|
HANDLE_ERRORS(ret);
|
|
|
|
num_gids = response.data.num_entries;
|
|
gid_list = (gid_t *)response.extra_data;
|
|
|
|
/* allocate a space large enough to contruct the string */
|
|
tmpbuf = list_alloc(&list, num_gids*12);
|
|
if (!tmpbuf) {
|
|
return NULL;
|
|
}
|
|
|
|
for (idx=i=0; i < num_gids-1; i++) {
|
|
idx += sprintf(tmpbuf+idx, "%u,", gid_list[i]);
|
|
}
|
|
idx += sprintf(tmpbuf+idx, "%u", gid_list[i]);
|
|
|
|
free_response(&response);
|
|
|
|
return tmpbuf;
|
|
}
|
|
|
|
|
|
/* take a uid and return a filled struct passwd */
|
|
static struct passwd *wb_aix_getpwuid(uid_t uid)
|
|
{
|
|
static struct mem_list *list;
|
|
struct winbindd_response response;
|
|
struct winbindd_request request;
|
|
NSS_STATUS ret;
|
|
|
|
list_destory(&list);
|
|
|
|
ZERO_STRUCT(response);
|
|
ZERO_STRUCT(request);
|
|
|
|
request.data.uid = uid;
|
|
|
|
ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
|
|
|
|
HANDLE_ERRORS(ret);
|
|
|
|
return fill_pwent(&list, &response.data.pw);
|
|
}
|
|
|
|
|
|
/* take a username and return a filled struct passwd */
|
|
static struct passwd *wb_aix_getpwnam(const char *name)
|
|
{
|
|
static struct mem_list *list;
|
|
struct winbindd_response response;
|
|
struct winbindd_request request;
|
|
NSS_STATUS ret;
|
|
|
|
list_destory(&list);
|
|
|
|
ZERO_STRUCT(response);
|
|
ZERO_STRUCT(request);
|
|
|
|
if (strlen(name)+1 > sizeof(request.data.username)) {
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
|
|
strcpy(request.data.username, name);
|
|
|
|
ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
|
|
|
|
HANDLE_ERRORS(ret);
|
|
|
|
return fill_pwent(&list, &response.data.pw);
|
|
}
|
|
|
|
int wb_aix_init(struct secmethod_table *methods)
|
|
{
|
|
ZERO_STRUCTP(methods);
|
|
|
|
/* identification methods, this is the minimum requried for a
|
|
working module */
|
|
|
|
methods->method_getgrgid = wb_aix_getgrgid;
|
|
methods->method_getgrnam = wb_aix_getgrnam;
|
|
methods->method_getgrset = wb_aix_getgrset;
|
|
methods->method_getpwnam = wb_aix_getpwnam;
|
|
methods->method_getpwuid = wb_aix_getpwuid;
|
|
|
|
return AUTH_SUCCESS;
|
|
}
|
|
|