/* take a group id and return a filled struct group */ static struct group *wb_aix_getgrgid(gid_t gid) { struct winbindd_response response; struct winbindd_request request; struct group *grp; NSS_STATUS ret; logit("getgrgid %d\n", gid); ZERO_STRUCT(response); ZERO_STRUCT(request); request.data.gid = gid; ret = winbindd_request(WINBINDD_GETGRGID, &request, &response); logit("getgrgid ret=%d\n", ret); HANDLE_ERRORS(ret); grp = fill_grent(&response.data.gr, response.extra_data); free_response(&response); return grp; }
/* take a group name and return a filled struct group */ static struct group *wb_aix_getgrnam(const char *name) { struct winbindd_response response; struct winbindd_request request; NSS_STATUS ret; struct group *grp; if (*name == WB_AIX_ENCODED) { return wb_aix_getgrgid(decode_id(name)); } logit("getgrnam '%s'\n", name); ZERO_STRUCT(response); ZERO_STRUCT(request); STRCPY_RETNULL(request.data.groupname, name); ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response); HANDLE_ERRORS(ret); grp = fill_grent(&response.data.gr, response.extra_data); free_response(&response); return grp; }
NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop) { NSS_STATUS ret; struct winbindd_request request; struct winbindd_response response; int i; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(), user, group); #endif ZERO_STRUCT(request); ZERO_STRUCT(response); strncpy(request.data.username, user, sizeof(request.data.username) - 1); ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response); if (ret == NSS_STATUS_SUCCESS) { int num_gids = response.data.num_entries; gid_t *gid_list = (gid_t *)response.extra_data; /* Copy group list to client */ for (i = 0; i < num_gids; i++) { /* Skip primary group */ if (gid_list[i] == group) continue; /* Add to buffer */ if (*start == *size && limit <= 0) { (*groups) = realloc( (*groups), (2 * (*size) + 1) * sizeof(**groups)); if (! *groups) goto done; *size = 2 * (*size) + 1; } if (*start == *size) goto done; (*groups)[*start] = gid_list[i]; *start += 1; /* Filled buffer? */ if (*start == limit) goto done; } } /* Back to your regularly scheduled programming */ done: return ret; }
/* map a sid to a gid */ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop) { NSS_STATUS ret; struct winbindd_response response; struct winbindd_request request; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid); #endif ZERO_STRUCT(request); ZERO_STRUCT(response); strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1); request.data.sid[sizeof(request.data.sid) - 1] = '\0'; ret = winbindd_request(WINBINDD_SID_TO_GID, &request, &response); if (ret != NSS_STATUS_SUCCESS) { *errnop = errno = EINVAL; goto failed; } *gid = response.data.gid; failed: return ret; }
void char_to_sid(struct dom_sid *sid, char *sid_str) { /* If it looks like a SID, call string_to_sid() else look it up using wbinfo. */ if (strncmp(sid_str, "S-", 2) == 0) { string_to_sid(sid, sid_str); } else { struct winbindd_request request; struct winbindd_response response; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.data.name, sid_str); if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) != NSS_STATUS_SUCCESS) { printf("FAIL: unable to look up sid for name %s\n", sid_str); exit(1); } string_to_sid(sid, response.data.sid.sid); printf("converted char %s to sid %s\n", sid_str, response.data.sid.sid); } }
static PyObject *py_enum_trust_dom(PyObject *self, PyObject *args) { struct winbindd_response response; PyObject *result = NULL; if (!PyArg_ParseTuple(args, "")) return NULL; ZERO_STRUCT(response); if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } result = PyList_New(0); if (response.extra_data) { const char *extra_data = response.extra_data; fstring name; while (next_token(&extra_data, name, ",", sizeof(fstring))) PyList_Append(result, PyString_FromString(name)); } return result; }
BOOL winbind_lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; fstring sid_str; /* Initialise request */ ZERO_STRUCT(request); ZERO_STRUCT(response); sid_to_string(sid_str, sid); fstrcpy(request.data.sid, sid_str); /* Make request */ result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response); /* Copy out result */ if (result == NSS_STATUS_SUCCESS) { fstrcpy(dom_name, response.data.name.dom_name); fstrcpy(name, response.data.name.name); *name_type = (enum SID_NAME_USE)response.data.name.type; DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n", sid_str, dom_name, name)); } return (result == NSS_STATUS_SUCCESS); }
BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) { struct winbindd_request request; struct winbindd_response response; int result; fstring sid_str; if (!pgid) return False; /* Initialise request */ ZERO_STRUCT(request); ZERO_STRUCT(response); sid_to_string(sid_str, sid); fstrcpy(request.data.sid, sid_str); request.flags = WBFLAG_QUERY_ONLY; /* Make request */ result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response); /* Copy out result */ if (result == NSS_STATUS_SUCCESS) { *pgid = response.data.gid; } return (result == NSS_STATUS_SUCCESS); }
/* take a username and return a filled struct passwd */ static struct passwd *wb_aix_getpwnam(const char *name) { struct winbindd_response response; struct winbindd_request request; NSS_STATUS ret; struct passwd *pwd; if (*name == WB_AIX_ENCODED) { return wb_aix_getpwuid(decode_id(name)); } logit("getpwnam '%s'\n", name); ZERO_STRUCT(response); ZERO_STRUCT(request); STRCPY_RETNULL(request.data.username, name); ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response); HANDLE_ERRORS(ret); pwd = fill_pwent(&response.data.pw); free_response(&response); logit("getpwnam gave ptr %p\n", pwd); return pwd; }
_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_response response; struct winbindd_request request; static int keep_response=0; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getpwuid %d\n", getpid(), (unsigned int)uid); #endif /* If our static buffer needs to be expanded we are called again */ if (!keep_response) { /* Call for the first time */ ZERO_STRUCT(response); ZERO_STRUCT(request); request.data.uid = uid; ret = winbindd_request(WINBINDD_GETPWUID, &request, &response); if (ret == NSS_STATUS_SUCCESS) { ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; goto done; } } } else { /* We've been called again */ ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; goto done; } keep_response = False; *errnop = errno = 0; } free_response(&response); done: #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(), (unsigned int)uid, nss_err_str(ret), ret); #endif return ret; }
BOOL winbind_create_group( const char *name, uint32 *rid ) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; if ( !lp_winbind_enable_local_accounts() ) return False; if ( !name ) return False; DEBUG(10,("winbind_create_group: %s\n", name)); ZERO_STRUCT(request); ZERO_STRUCT(response); /* see if the caller wants a new RID returned */ if ( rid ) request.flags = WBFLAG_ALLOCATE_RID; fstrcpy( request.data.acct_mgt.groupname, name ); result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response); if ( rid ) *rid = response.data.rid; return result == NSS_STATUS_SUCCESS; }
static int wb_getgroups(const char *user, gid_t **groups) { struct winbindd_request request; struct winbindd_response response; int result; /* Call winbindd */ fstrcpy(request.data.username, user); ZERO_STRUCT(response); result = winbindd_request(WINBINDD_GETGROUPS, &request, &response); if (result == NSS_STATUS_SUCCESS) { /* Return group list. Don't forget to free the group list when finished. */ *groups = (gid_t *)response.extra_data; return response.data.num_entries; } return -1; }
BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, enum SID_NAME_USE *name_type) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; if (!sid || !name_type) return False; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.data.name.dom_name, dom_name); fstrcpy(request.data.name.name, name); if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request, &response)) == NSS_STATUS_SUCCESS) { if (!string_to_sid(sid, response.data.sid.sid)) return False; *name_type = (enum SID_NAME_USE)response.data.sid.type; } return result == NSS_STATUS_SUCCESS; }
NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_response response; struct winbindd_request request; static int keep_response; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid); #endif /* If our static buffer needs to be expanded we are called again */ if (!keep_response) { /* Call for the first time */ ZERO_STRUCT(request); ZERO_STRUCT(response); request.data.gid = gid; ret = winbindd_request(WINBINDD_GETGRGID, &request, &response); if (ret == NSS_STATUS_SUCCESS) { ret = fill_grent(result, &response.data.gr, response.extra_data, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } } } else { /* We've been called again */ ret = fill_grent(result, &response.data.gr, response.extra_data, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } keep_response = False; *errnop = 0; } free_response(&response); return ret; }
BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid) { struct winbindd_request request; struct winbindd_response response; int result; if (!sid) return False; /* Initialise request */ ZERO_STRUCT(request); ZERO_STRUCT(response); request.data.gid = gid; /* Make request */ result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response); /* Copy out result */ if (result == NSS_STATUS_SUCCESS) { if (!string_to_sid(sid, response.data.sid.sid)) return False; } else { sid_copy(sid, &global_sid_NULL); } return (result == NSS_STATUS_SUCCESS); }
BOOL winbind_set_user_primary_group( const char *user, const char *group ) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; if ( !lp_winbind_enable_local_accounts() ) return False; if ( !user || !group ) return False; ZERO_STRUCT(request); ZERO_STRUCT(response); DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n", user, group)); fstrcpy( request.data.acct_mgt.username, user ); fstrcpy( request.data.acct_mgt.groupname, group ); result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response); return result == NSS_STATUS_SUCCESS; }
/* take a uid and return a filled struct passwd */ static struct passwd *wb_aix_getpwuid(uid_t uid) { struct winbindd_response response; struct winbindd_request request; NSS_STATUS ret; struct passwd *pwd; logit("getpwuid '%d'\n", uid); ZERO_STRUCT(response); ZERO_STRUCT(request); request.data.uid = uid; ret = winbindd_request(WINBINDD_GETPWUID, &request, &response); HANDLE_ERRORS(ret); pwd = fill_pwent(&response.data.pw); free_response(&response); logit("getpwuid gave ptr %p\n", pwd); return pwd; }
static PyObject *py_sid_to_name(PyObject *self, PyObject *args) { struct winbindd_request request; struct winbindd_response response; PyObject *result; char *sid, *name; if (!PyArg_ParseTuple(args, "s", &sid)) return NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.data.sid, sid); if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } asprintf(&name, "%s%s%s", response.data.name.dom_name, lp_winbind_separator(), response.data.name.name); result = PyString_FromString(name); free(name); return result; }
static PyObject *py_getpwuid(PyObject *self, PyObject *args) { struct winbindd_request request; struct winbindd_response response; uid_t uid; PyObject *result; if (!PyArg_ParseTuple(args, "i", &uid)) return NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); request.data.uid = uid; if (winbindd_request(WINBINDD_GETPWUID, &request, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } if (!py_from_winbind_passwd(&result, &response)) { result = Py_None; Py_INCREF(result); } return result; }
static PyObject *py_getpwnam(PyObject *self, PyObject *args) { struct winbindd_request request; struct winbindd_response response; char *username; PyObject *result; if (!PyArg_ParseTuple(args, "s", &username)) return NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.data.username, username); if (winbindd_request(WINBINDD_GETPWNAM, &request, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } if (!py_from_winbind_passwd(&result, &response)) { result = Py_None; Py_INCREF(result); } return result; }
NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_response response; struct winbindd_request request; static int keep_response; #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name); #endif /* If our static buffer needs to be expanded we are called again */ if (!keep_response) { /* Call for the first time */ ZERO_STRUCT(response); ZERO_STRUCT(request); strncpy(request.data.username, name, sizeof(request.data.username) - 1); request.data.username [sizeof(request.data.username) - 1] = '\0'; ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response); if (ret == NSS_STATUS_SUCCESS) { ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } } } else { /* We've been called again */ ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } keep_response = False; *errnop = errno = 0; } free_response(&response); return ret; }
BOOL winbind_ping( void ) { NSS_STATUS result; result = winbindd_request(WINBINDD_PING, NULL, NULL); return result == NSS_STATUS_SUCCESS; }
static PyObject *py_auth_smbd(PyObject *self, PyObject *args, PyObject *kw) { static char *kwlist[] = {"username", "password", "use_lm_hash", "use_nt_hash", NULL }; struct winbindd_request request; struct winbindd_response response; char *username, *password; int use_lm_hash = 1, use_nt_hash = 1; if (!PyArg_ParseTupleAndKeywords( args, kw, "ss|ii", kwlist, &username, &password, &use_lm_hash, &use_nt_hash)) return NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); if (push_utf8_fstring(request.data.auth_crap.user, username) == -1) { PyErr_SetString("unable to create utf8 string"); return NULL; } generate_random_buffer(request.data.smbd_auth_crap.chal, 8); if (use_lm_hash) { SMBencrypt((uchar *)password, request.data.smbd_auth_crap.chal, (uchar *)request.data.smbd_auth_crap.lm_resp); request.data.smbd_auth_crap.lm_resp_len = 24; } if (use_nt_hash) { SMBNTencrypt((uchar *)password, request.data.smbd_auth_crap.chal, (uchar *)request.data.smbd_auth_crap.nt_resp); request.data.smbd_auth_crap.nt_resp_len = 24; } if (!secrets_fetch_trust_account_password( lp_workgroup(), request.data.smbd_auth_crap.proof, NULL)) { PyErr_SetString( winbind_error, "unable to fetch domain secret"); return NULL; } if (winbindd_request(WINBINDD_SMBD_AUTH_CRAP, &request, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } return PyInt_FromLong(response.data.auth.nt_status); }
NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop) { NSS_STATUS ret; static struct winbindd_response response; struct winbindd_request request; static int keep_response=0; /* If our static buffer needs to be expanded we are called again */ if (!keep_response) { /* Call for the first time */ ZERO_STRUCT(response); ZERO_STRUCT(request); request.data.uid = uid; ret = winbindd_request(WINBINDD_GETPWUID, &request, &response); if (ret == NSS_STATUS_SUCCESS) { ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } } } else { /* We've been called again */ ret = fill_pwent(result, &response.data.pw, &buffer, &buflen); if (ret == NSS_STATUS_TRYAGAIN) { keep_response = True; *errnop = errno = ERANGE; return ret; } keep_response = False; *errnop = errno = 0; } free_response(&response); return ret; }
NSS_STATUS _nss_winbind_endgrent(void) { #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: endgrent\n", getpid()); #endif if (num_gr_cache > 0) { ndx_gr_cache = num_gr_cache = 0; free_response(&getgrent_response); } return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL); }
NSS_STATUS _nss_winbind_setpwent(void) { #ifdef DEBUG_NSS fprintf(stderr, "[%5d]: setpwent\n", getpid()); #endif if (num_pw_cache > 0) { ndx_pw_cache = num_pw_cache = 0; free_response(&getpwent_response); } return winbindd_request(WINBINDD_SETPWENT, NULL, NULL); }
/* take a username and return a string containing a comma-separated list of group id numbers to which the user belongs */ static char *wb_aix_getgrset(char *user) { struct winbindd_response response; struct winbindd_request request; NSS_STATUS ret; int i, idx; char *tmpbuf; int num_gids; gid_t *gid_list; char *r_user = user; if (*user == WB_AIX_ENCODED) { r_user = decode_user(r_user); if (!r_user) { errno = ENOENT; return NULL; } } logit("getgrset '%s'\n", r_user); STRCPY_RETNULL(request.data.username, r_user); if (*user == WB_AIX_ENCODED) { free(r_user); } ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response); HANDLE_ERRORS(ret); num_gids = response.data.num_entries; gid_list = (gid_t *)response.extra_data; /* allocate a space large enough to contruct the string */ tmpbuf = malloc(num_gids*12); if (!tmpbuf) { return NULL; } for (idx=i=0; i < num_gids-1; i++) { idx += sprintf(tmpbuf+idx, "%u,", gid_list[i]); } idx += sprintf(tmpbuf+idx, "%u", gid_list[i]); free_response(&response); return tmpbuf; }
static PyObject *py_check_secret(PyObject *self, PyObject *args) { struct winbindd_response response; if (!PyArg_ParseTuple(args, "")) return NULL; ZERO_STRUCT(response); if (winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } return PyInt_FromLong(response.data.num_entries); }
/* returns 1 on success, 0 on failure */ static int Valid_Groups(char *UserName, const char **UserGroups) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; int i; char sid[FSTRING_LEN]; char group[FSTRING_LEN]; int match = 0; memset(&request,0,sizeof(struct winbindd_request)); memset(&response,0,sizeof(struct winbindd_response)); /* Send request */ strncpy(request.data.username,UserName,sizeof(fstring)-1); result = winbindd_request(WINBINDD_GETGROUPS, &request, &response); if (result != NSS_STATUS_SUCCESS) { warn("Warning: Can't enum user groups.\n"); return match; } for (i = 0; i < response.data.num_entries; i++) { if ((wbinfo_gid_to_sid(sid, (int)((gid_t *)response.extra_data)[i])) != NULL) { debug("SID: %s\n", sid); if (wbinfo_lookupsid(group,sid) == NULL) { warn("Can't lookup group SID.\n"); break; } if (strcmparray(group, UserGroups) == 0) { match = 1; break; } } else { return match; } } SAFE_FREE(response.extra_data); return match; }
/* authenticate a user */ static int wb_aix_authenticate(char *user, char *pass, int *reenter, char **message) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; char *r_user = user; logit("authenticate '%s' response='%s'\n", user, pass); *reenter = 0; *message = NULL; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); if (*user == WB_AIX_ENCODED) { r_user = decode_user(r_user); if (!r_user) { return AUTH_NOTFOUND; } } STRCPY_RET(request.data.auth.user, r_user); STRCPY_RET(request.data.auth.pass, pass); if (*user == WB_AIX_ENCODED) { free(r_user); } result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); free_response(&response); logit("auth result %d for '%s'\n", result, user); if (result == NSS_STATUS_SUCCESS) { errno = 0; return AUTH_SUCCESS; } return AUTH_FAILURE; }