NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
{
struct winbindd_request lrequest;
/* Check for our tricky environment variable */
if (winbind_env_set()) {
return NSS_STATUS_NOTFOUND;
}
if (!request) {
ZERO_STRUCT(lrequest);
request = &lrequest;
}
/* Fill in request and send down pipe */
init_request(request, req_type);
if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) {
return NSS_STATUS_UNAVAIL;
}
if ((request->extra_len != 0) &&
(write_sock(request->extra_data.data, request->extra_len, request->flags & WBFLAG_RECURSE) == -1)) {
return NSS_STATUS_UNAVAIL;
}
return NSS_STATUS_SUCCESS;
}
static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
int retval;
bool winbind_env;
DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
/* This is only ever called for Unix users, remote memberships are
* always determined by the info3 coming back from auth3 or the
* PAC. */
winbind_env = winbind_env_set();
(void)winbind_off();
#ifdef HAVE_GETGROUPLIST
retval = getgrouplist(user, gid, groups, grpcnt);
#else
#ifdef HAVE_GETGRSET
retval = getgrouplist_getgrset(user, gid, groups, grpcnt);
#else
become_root();
retval = getgrouplist_internals(user, gid, groups, grpcnt);
unbecome_root();
#endif /* HAVE_GETGRSET */
#endif /* HAVE_GETGROUPLIST */
/* allow winbindd lookups, but only if they were not already disabled */
if (!winbind_env) {
(void)winbind_on();
}
return retval;
}
NSS_STATUS winbindd_send_request(int req_type, int need_priv,
struct winbindd_request *request)
{
struct winbindd_request lrequest;
/* Check for our tricky environment variable */
if (winbind_env_set()) {
return NSS_STATUS_NOTFOUND;
}
if (!request) {
ZERO_STRUCT(lrequest);
request = &lrequest;
}
/* Fill in request and send down pipe */
winbindd_init_request(request, req_type);
if (winbind_write_sock(request, sizeof(*request),
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1)
{
/* Set ENOENT for consistency. Required by some apps */
errno = ENOENT;
return NSS_STATUS_UNAVAIL;
}
if ((request->extra_len != 0) &&
(winbind_write_sock(request->extra_data.data,
request->extra_len,
request->wb_flags & WBFLAG_RECURSE,
need_priv) == -1))
{
/* Set ENOENT for consistency. Required by some apps */
errno = ENOENT;
return NSS_STATUS_UNAVAIL;
}
return NSS_STATUS_SUCCESS;
}
krb5_error_code smb_krb5_locator_lookup(void *private_data,
enum locate_service_type svc,
const char *realm,
int socktype,
int family,
int (*cbfunc)(void *, int, struct sockaddr *),
void *cbdata)
{
krb5_error_code ret;
struct addrinfo aihints;
char *kdc_name = NULL;
const char *service = get_service_from_locate_service_type(svc);
ZERO_STRUCT(aihints);
#ifdef DEBUG_KRB5
fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: called for '%s' "
"svc: '%s' (%d) "
"socktype: '%s' (%d), family: '%s' (%d)\n",
(unsigned int)getpid(), realm,
locate_service_type_name(svc), svc,
socktype_name(socktype), socktype,
family_name(family), family);
#endif
ret = smb_krb5_locator_lookup_sanity_check(svc, realm, socktype,
family);
if (ret) {
#ifdef DEBUG_KRB5
fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
"returning ret: %s (%d)\n",
(unsigned int)getpid(), error_message(ret), ret);
#endif
return ret;
}
if (!winbind_env_set()) {
if (!ask_winbind(realm, &kdc_name)) {
#ifdef DEBUG_KRB5
fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
"failed to query winbindd\n",
(unsigned int)getpid());
#endif
goto failed;
}
} else {
const char *env = NULL;
char *var = NULL;
if (asprintf(&var, "%s_%s",
WINBINDD_LOCATOR_KDC_ADDRESS, realm) == -1) {
goto failed;
}
env = getenv(var);
if (!env) {
#ifdef DEBUG_KRB5
fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
"failed to get kdc from env %s\n",
(unsigned int)getpid(), var);
#endif
free(var);
goto failed;
}
free(var);
kdc_name = strdup(env);
if (!kdc_name) {
goto failed;
}
}
#ifdef DEBUG_KRB5
fprintf(stderr, "[%5u]: smb_krb5_locator_lookup: "
"got '%s' for '%s' from winbindd\n", (unsigned int)getpid(),
kdc_name, realm);
#endif
aihints.ai_family = family;
aihints.ai_socktype = socktype;
ret = smb_krb5_locator_call_cbfunc(kdc_name,
service,
&aihints,
cbfunc, cbdata);
SAFE_FREE(kdc_name);
return ret;
failed:
return KRB5_PLUGIN_NO_HANDLE;
}
