diff options
42 files changed, 11 insertions, 8735 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 5ce3d973039..2bf7aecf227 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -239,20 +239,12 @@ ^samba3.rpc.netlogon.admin.*.LogonControl2\(ad_dc\) ^samba3.rpc.netlogon.admin.*.LogonControl\(ad_dc\) # -# The Samba4 winbind does not cover the full winbind protocol, so these are expected -# -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -N against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --trusted-domains against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs -# # This makes less sense when not running against an AD DC # ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping -^samba4.winbind.struct.show_sequence\(ad_dc_ntvfs:local\) ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-uid ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-gid ^samba.wbinfo_simple.\(s4member:local\).--allocate-uid @@ -288,38 +280,14 @@ ^samba3.local.nss.reentrant enumeration\(ad_member:local\) ^samba3.local.nss.enumeration\(ad_member:local\) # -# These just happen to fail for some reason (probably because they run against the s4 winbind) -# -^samba4.winbind.struct.getdcname\(ad_member:local\) -^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) -^samba4.winbind.struct.lookup_name_sid\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.list_trustdom\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.domain_info\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.getdcname\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.dsgetdcname\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--all-domains.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--trusted-domains.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=BUILTIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --trusted-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -# -# This will fail against the NTVFS DC, because it requires functionality only in winbindd -# -^samba4.winbind.pac.*\(ad_dc_ntvfs:local\) # Not implemented -# # These do not work against winbindd in member mode for unknown reasons # ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\) -^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth against winbindd with failed require-membership-of -^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of +^samba4.winbind.struct.getdcname\(ad_member:local\) +^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) ^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC # # Differences in our KDC compared to windows diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 6ee56b393c3..ae7eb235c49 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1432,6 +1432,10 @@ sub provision_ad_dc_ntvfs($$) { my ($self, $prefix) = @_; + # We keep the old 'winbind' name here in server services to + # ensure upgrades which used that name still work with the now + # alias. + print "PROVISIONING AD DC (NTVFS)..."; my $extra_conf_options = "netbios aliases = localDC1-a server services = +winbind -winbindd"; diff --git a/source4/winbind/wb_cmd_getdcname.c b/source4/winbind/wb_cmd_getdcname.c deleted file mode 100644 index f3c24825799..00000000000 --- a/source4/winbind/wb_cmd_getdcname.c +++ /dev/null @@ -1,133 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo --getdcname - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -#include "librpc/gen_ndr/ndr_netlogon_c.h" - -struct cmd_getdcname_state { - struct composite_context *ctx; - const char *domain_name; - - struct netr_GetAnyDCName g; -}; - -static void getdcname_recv_domain(struct composite_context *ctx); -static void getdcname_recv_dcname(struct tevent_req *subreq); - -struct composite_context *wb_cmd_getdcname_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *domain_name) -{ - struct composite_context *result, *ctx; - struct cmd_getdcname_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_getdcname_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->domain_name = talloc_strdup(state, domain_name); - if (state->domain_name == NULL) goto failed; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (ctx == NULL) goto failed; - - ctx->async.fn = getdcname_recv_domain; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void getdcname_recv_domain(struct composite_context *ctx) -{ - struct cmd_getdcname_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getdcname_state); - struct wbsrv_domain *domain; - struct tevent_req *subreq; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - state->g.in.logon_server = talloc_asprintf( - state, "\\\\%s", - dcerpc_server_name(domain->netlogon_pipe)); - state->g.in.domainname = state->domain_name; - state->g.out.dcname = talloc(state, const char *); - - subreq = dcerpc_netr_GetAnyDCName_r_send(state, - state->ctx->event_ctx, - domain->netlogon_pipe->binding_handle, - &state->g); - if (composite_nomem(subreq, state->ctx)) return; - - tevent_req_set_callback(subreq, getdcname_recv_dcname, state); -} - -static void getdcname_recv_dcname(struct tevent_req *subreq) -{ - struct cmd_getdcname_state *state = - tevent_req_callback_data(subreq, - struct cmd_getdcname_state); - - state->ctx->status = dcerpc_netr_GetAnyDCName_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = werror_to_ntstatus(state->g.out.result); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getdcname_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - const char **dcname) -{ - struct cmd_getdcname_state *state = - talloc_get_type(c->private_data, struct cmd_getdcname_state); - NTSTATUS status = composite_wait(c); - if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN)) { - /* special case: queried DC is PDC */ - state->g.out.dcname = &state->g.in.logon_server; - status = NT_STATUS_OK; - } - if (NT_STATUS_IS_OK(status)) { - const char *p = *(state->g.out.dcname); - if (*p == '\\') p += 1; - if (*p == '\\') p += 1; - *dcname = talloc_strdup(mem_ctx, p); - if (*dcname == NULL) { - status = NT_STATUS_NO_MEMORY; - } - } - talloc_free(state); - return status; -} diff --git a/source4/winbind/wb_cmd_getgrent.c b/source4/winbind/wb_cmd_getgrent.c deleted file mode 100644 index 79a3aff852b..00000000000 --- a/source4/winbind/wb_cmd_getgrent.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for getgrent - - Copyright (C) Matthieu Patou 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_getgrent_state { - struct composite_context *ctx; - struct wbsrv_service *service; - - struct wbsrv_grent *grent; - uint32_t max_groups; - - uint32_t num_groups; - struct winbindd_gr *result; -}; - -static void cmd_getgrent_recv_grnam(struct composite_context *ctx); -#if 0 /*FIXME: implement this*/ -static void cmd_getgrent_recv_user_list(struct composite_context *ctx); -#endif - -struct composite_context *wb_cmd_getgrent_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, struct wbsrv_grent *grent, - uint32_t max_groups) -{ - struct composite_context *ctx, *result; - struct cmd_getgrent_state *state; - - DEBUG(5, ("wb_cmd_getgrent_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct cmd_getgrent_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->grent = grent; - state->max_groups = max_groups; - state->num_groups = 0; - - /* If there are groups left in the libnet_GroupList and we're below the - * maximum number of groups to get per winbind getgrent call, use - * getgrnam to get the winbindd_gr struct */ - if (grent->page_index < grent->group_list->out.count) { - int idx = grent->page_index; - char *groupname = talloc_strdup(state, - grent->group_list->out.groups[idx].groupname); - - grent->page_index++; - ctx = wb_cmd_getgrnam_send(state, service, groupname); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_getgrent_recv_grnam, - state); - } else { - /* If there is no valid group left, call libnet_GroupList to get a new - * list of group. */ - composite_error(state->ctx, NT_STATUS_NO_MORE_ENTRIES); - } - return result; -} - -static void cmd_getgrent_recv_grnam(struct composite_context *ctx) -{ - struct cmd_getgrent_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgrent_state); - struct winbindd_gr *gr; - - DEBUG(5, ("cmd_getgrent_recv_grnam called\n")); - - state->ctx->status = wb_cmd_getgrnam_recv(ctx, state, &gr); - if (!composite_is_ok(state->ctx)) return; - - /*FIXME: Cheat for now and only get one group per call */ - state->result = gr; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getgrent_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_gr **gr, - uint32_t *num_groups) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getgrent_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getgrent_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getgrent_state); - *gr = talloc_steal(mem_ctx, state->result); - /*FIXME: Cheat and only get one group */ - *num_groups = 1; - } - - talloc_free(ctx); - return status; -} diff --git a/source4/winbind/wb_cmd_getgrgid.c b/source4/winbind/wb_cmd_getgrgid.c deleted file mode 100644 index 8ca93db38ee..00000000000 --- a/source4/winbind/wb_cmd_getgrgid.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Backend for getgrgid - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "param/param.h" - -struct cmd_getgrgid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - gid_t gid; - struct dom_sid *sid; - char *workgroup; - struct wbsrv_domain *domain; - - struct winbindd_gr *result; -}; - -static void cmd_getgrgid_recv_sid(struct composite_context *ctx); -static void cmd_getgrgid_recv_domain(struct composite_context *ctx); -static void cmd_getgrgid_recv_group_info(struct composite_context *ctx); - -/* Get the SID using the gid */ - -struct composite_context *wb_cmd_getgrgid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - gid_t gid) -{ - struct composite_context *ctx, *result; - struct cmd_getgrgid_state *state; - - DEBUG(5, ("wb_cmd_getgrgid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_getgrgid_state); - if (composite_nomem(state, result)) return result; - state->ctx = result; - result->private_data = state; - state->service = service; - state->gid = gid; - - ctx = wb_gid2sid_send(state, service, gid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(result, ctx, cmd_getgrgid_recv_sid, state); - return result; -} - - -/* Receive the sid and get the domain structure with it */ - -static void cmd_getgrgid_recv_sid(struct composite_context *ctx) -{ - struct cmd_getgrgid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgrgid_state); - - DEBUG(5, ("cmd_getgrgid_recv_sid called %p\n", ctx->private_data)); - - state->ctx->status = wb_gid2sid_recv(ctx, state, &state->sid); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_sid2domain_send(state, state->service, state->sid); - - composite_continue(state->ctx, ctx, cmd_getgrgid_recv_domain, state); -} - -/* Receive the domain struct and call libnet to get the user info struct */ - -static void cmd_getgrgid_recv_domain(struct composite_context *ctx) -{ - struct cmd_getgrgid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgrgid_state); - struct libnet_GroupInfo *group_info; - - DEBUG(5, ("cmd_getgrgid_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &state->domain); - if (!composite_is_ok(state->ctx)) return; - - group_info = talloc(state, struct libnet_GroupInfo); - if (composite_nomem(group_info, state->ctx)) return; - - group_info->in.level = GROUP_INFO_BY_SID; - group_info->in.data.group_sid = state->sid; - group_info->in.domain_name = state->domain->libnet_ctx->samr.name; - - /* We need the workgroup later, so copy it */ - state->workgroup = talloc_strdup(state, - state->domain->libnet_ctx->samr.name); - if (composite_nomem(state->workgroup, state->ctx)) return; - - ctx = libnet_GroupInfo_send(state->domain->libnet_ctx, state,group_info, - NULL); - - composite_continue(state->ctx, ctx, cmd_getgrgid_recv_group_info,state); -} - -/* Receive the group info struct */ - -static void cmd_getgrgid_recv_group_info(struct composite_context *ctx) -{ - struct cmd_getgrgid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgrgid_state); - struct libnet_GroupInfo *group_info; - struct winbindd_gr *gr; - char *group_name_with_domain; - - DEBUG(5, ("cmd_getgrgid_recv_group_info called\n")); - - gr = talloc_zero(state, struct winbindd_gr); - if (composite_nomem(gr, state->ctx)) return; - - group_info = talloc(state, struct libnet_GroupInfo); - if(composite_nomem(group_info, state->ctx)) return; - - state->ctx->status = libnet_GroupInfo_recv(ctx, state, group_info); - if (!composite_is_ok(state->ctx)) return; - - group_name_with_domain = talloc_asprintf(gr, "%s%s%s", - state->workgroup, - lpcfg_winbind_separator(state->service->task->lp_ctx), - group_info->out.group_name); - if (composite_nomem(group_name_with_domain, state->ctx)) { - return; - } - - WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_name_with_domain); - WBSRV_SAMBA3_SET_STRING(gr->gr_passwd, "*"); - - gr->gr_gid = state->gid; - - state->result = gr; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getgrgid_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_gr **gr) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getgrgid_recv called\n")); - - DEBUG(5, ("status is %s\n", nt_errstr(status))); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getgrgid_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getgrgid_state); - *gr = talloc_steal(mem_ctx, state->result); - } - talloc_free(ctx); - return status; - -} - diff --git a/source4/winbind/wb_cmd_getgrnam.c b/source4/winbind/wb_cmd_getgrnam.c deleted file mode 100644 index d75a460bd06..00000000000 --- a/source4/winbind/wb_cmd_getgrnam.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo --group-info - - Copyright (C) Kai Blin 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "winbind/wb_helper.h" -#include "smbd/service_task.h" -#include "param/param.h" - -struct cmd_getgrnam_state { - struct composite_context *ctx; - struct wbsrv_service *service; - char *name; - char *workgroup_name; - struct dom_sid *group_sid; - - struct winbindd_gr *result; -}; - -static void cmd_getgrnam_recv_domain(struct composite_context *ctx); -static void cmd_getgrnam_recv_group_info(struct composite_context *ctx); -static void cmd_getgrnam_recv_gid(struct composite_context *ctx); - -struct composite_context *wb_cmd_getgrnam_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *name) -{ - struct composite_context *result, *ctx; - struct cmd_getgrnam_state *state; - - DEBUG(5, ("wb_cmd_getgrnam_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_getgrnam_state); - if (composite_nomem(state, result)) return result; - state->ctx = result; - result->private_data = state; - state->service = service; - state->name = talloc_strdup(state, name); - if(composite_nomem(state->name, result)) return result; - - ctx = wb_name2domain_send(state, service, name); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, cmd_getgrnam_recv_domain, state); - return result; -} - -static void cmd_getgrnam_recv_domain(struct composite_context *ctx) -{ - struct cmd_getgrnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getgrnam_state); - struct wbsrv_domain *domain; - struct libnet_GroupInfo *group_info; - char *group_dom, *group_name; - bool ok; - - state->ctx->status = wb_name2domain_recv(ctx, &domain); - if(!composite_is_ok(state->ctx)) return; - - group_info = talloc(state, struct libnet_GroupInfo); - if (composite_nomem(group_info, state->ctx)) return; - - ok = wb_samba3_split_username(state, state->service->task->lp_ctx, - state->name, &group_dom, &group_name); - if(!ok){ - composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID); - return; - } - - group_info->in.level = GROUP_INFO_BY_NAME; - group_info->in.data.group_name = group_name; - group_info->in.domain_name = group_dom; - state->workgroup_name = talloc_strdup(state, group_dom); - if(composite_nomem(state->workgroup_name, state->ctx)) return; - - ctx = libnet_GroupInfo_send(domain->libnet_ctx, state, group_info,NULL); - - composite_continue(state->ctx, ctx, cmd_getgrnam_recv_group_info,state); -} - -static void cmd_getgrnam_recv_group_info(struct composite_context *ctx) -{ - struct cmd_getgrnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getgrnam_state); - struct libnet_GroupInfo *group_info; - struct winbindd_gr *gr; - char *group_name_with_domain; - - DEBUG(5, ("cmd_getgrnam_recv_group_info called\n")); - - group_info = talloc(state, struct libnet_GroupInfo); - if(composite_nomem(group_info, state->ctx)) return; - - gr = talloc(state, struct winbindd_gr); - if(composite_nomem(gr, state->ctx)) return; - - state->ctx->status = libnet_GroupInfo_recv(ctx, state, group_info); - if(!composite_is_ok(state->ctx)) return; - - group_name_with_domain = talloc_asprintf(gr, "%s%s%s", - state->workgroup_name, - lpcfg_winbind_separator(state->service->task->lp_ctx), - group_info->out.group_name); - if (composite_nomem(group_name_with_domain, state->ctx)) { - return; - } - - WBSRV_SAMBA3_SET_STRING(gr->gr_name, group_name_with_domain); - WBSRV_SAMBA3_SET_STRING(gr->gr_passwd, "*"); - gr->num_gr_mem = group_info->out.num_members; - gr->gr_mem_ofs = 0; - - state->result = gr; - - ctx = wb_sid2gid_send(state, state->service, group_info->out.group_sid); - composite_continue(state->ctx, ctx, cmd_getgrnam_recv_gid, state); -} - -static void cmd_getgrnam_recv_gid(struct composite_context *ctx) -{ - struct cmd_getgrnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getgrnam_state); - gid_t gid; - - DEBUG(5, ("cmd_getgrnam_recv_gid called\n")); - - state->ctx->status = wb_sid2gid_recv(ctx, &gid); - if(!composite_is_ok(state->ctx)) return; - - state->result->gr_gid = gid; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getgrnam_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_gr **gr) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getgrnam_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getgrnam_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getgrnam_state); - *gr = talloc_steal(mem_ctx, state->result); - } - talloc_free(ctx); - return status; - -} - diff --git a/source4/winbind/wb_cmd_getgroups.c b/source4/winbind/wb_cmd_getgroups.c deleted file mode 100644 index 29c5205369a..00000000000 --- a/source4/winbind/wb_cmd_getgroups.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Backend for getgroups - - Copyright (C) Matthieu Patou 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" - -struct cmd_getgroups_state { - struct composite_context *ctx; - struct wbsrv_service *service; - char* username; - uint32_t num_groups; - uint32_t current_group; - struct dom_sid **sids; - - gid_t *gids; -}; - -/* The idea is to get the groups for a user - We receive one user from this we search for his uid - From the uid we search for his SID - From the SID we search for the list of groups - And with the list of groups we search for each group its gid -*/ -static void cmd_getgroups_recv_pwnam(struct composite_context *ctx); -static void wb_getgroups_uid2sid_recv(struct composite_context *ctx); -static void wb_getgroups_userdomsgroups_recv(struct composite_context *ctx); -static void cmd_getgroups_recv_gid(struct composite_context *ctx); - -/* - Ask for the uid from the username -*/ -struct composite_context *wb_cmd_getgroups_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char* username) -{ - struct composite_context *ctx, *result; - struct cmd_getgroups_state *state; - - DEBUG(5, ("wb_cmd_getgroups_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct cmd_getgroups_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->num_groups = 0; - - state->username = talloc_strdup(state,username); - if (composite_nomem(state->username, result)) return result; - - ctx = wb_cmd_getpwnam_send(state, service, username); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, cmd_getgroups_recv_pwnam, state); - return result; -} - -/* - Receive the uid and send request for SID -*/ -static void cmd_getgroups_recv_pwnam(struct composite_context *ctx) -{ - struct composite_context *res; - struct cmd_getgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgroups_state); - struct winbindd_pw *pw; - struct wbsrv_service *service = state->service; - - DEBUG(5, ("cmd_getgroups_recv_pwnam called\n")); - - state->ctx->status = wb_cmd_getpwnam_recv(ctx, state, &pw); - if (composite_is_ok(state->ctx)) { - res = wb_uid2sid_send(state, service, pw->pw_uid); - if (res == NULL) { - composite_error(state->ctx, NT_STATUS_NO_MEMORY); - return; - } - DEBUG(6, ("cmd_getgroups_recv_pwnam uid %d\n",pw->pw_uid)); - - composite_continue(ctx, res, wb_getgroups_uid2sid_recv, state); - } -} - -/* - Receive the SID and request groups through the userdomgroups helper -*/ -static void wb_getgroups_uid2sid_recv(struct composite_context *ctx) -{ - struct composite_context *res; - struct cmd_getgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgroups_state); - NTSTATUS status; - struct dom_sid *sid; - char *sid_str; - - DEBUG(5, ("wb_getgroups_uid2sid_recv called\n")); - - status = wb_uid2sid_recv(ctx, state, &sid); - if(NT_STATUS_IS_OK(status)) { - sid_str = dom_sid_string(state, sid); - - /* If the conversion failed, bail out with a failure. */ - if (sid_str != NULL) { - DEBUG(7, ("wb_getgroups_uid2sid_recv SID = %s\n",sid_str)); - /* Ok got the SID now get the groups */ - res = wb_cmd_userdomgroups_send(state, state->service, sid); - if (res == NULL) { - composite_error(state->ctx, - NT_STATUS_NO_MEMORY); - return; - } - - composite_continue(ctx, res, wb_getgroups_userdomsgroups_recv, state); - } else { - composite_error(state->ctx, NT_STATUS_UNSUCCESSFUL); - } - } -} - -/* - Receive groups and search for uid for the first group -*/ -static void wb_getgroups_userdomsgroups_recv(struct composite_context *ctx) { - struct cmd_getgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgroups_state); - uint32_t num_sids; - struct dom_sid **sids; - - DEBUG(5, ("wb_getgroups_userdomsgroups_recv called\n")); - state->ctx->status = wb_cmd_userdomgroups_recv(ctx,state,&num_sids,&sids); - if (!composite_is_ok(state->ctx)) return; - - DEBUG(5, ("wb_getgroups_userdomsgroups_recv %d groups\n",num_sids)); - - state->sids=sids; - state->num_groups=num_sids; - state->current_group=0; - - if(num_sids > 0) { - state->gids = talloc_array(state, gid_t, state->num_groups); - ctx = wb_sid2gid_send(state, state->service, state->sids[state->current_group]); - composite_continue(state->ctx, ctx, cmd_getgroups_recv_gid, state); - } else { - composite_done(state->ctx); - } -} - -/* - Receive and uid the previous searched group and request the uid for the next one -*/ -static void cmd_getgroups_recv_gid(struct composite_context *ctx) -{ - struct cmd_getgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getgroups_state); - gid_t gid; - - DEBUG(5, ("cmd_getgroups_recv_gid called\n")); - - state->ctx->status = wb_sid2gid_recv(ctx, &gid); - if(!composite_is_ok(state->ctx)) return; - - state->gids[state->current_group] = gid; - DEBUG(5, ("cmd_getgroups_recv_gid group %d \n",state->current_group)); - - state->current_group++; - if(state->current_group < state->num_groups ) { - ctx = wb_sid2gid_send(state, state->service, state->sids[state->current_group]); - composite_continue(state->ctx, ctx, cmd_getgroups_recv_gid, state); - } else { - composite_done(state->ctx); - } -} - -/* - Return list of uids when finished -*/ -NTSTATUS wb_cmd_getgroups_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, gid_t **groups, - uint32_t *num_groups) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getgroups_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getgroups_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getgroups_state); - *groups = talloc_steal(mem_ctx, state->gids); - *num_groups = state->num_groups; - } - talloc_free(ctx); - return status; -} diff --git a/source4/winbind/wb_cmd_getpwent.c b/source4/winbind/wb_cmd_getpwent.c deleted file mode 100644 index 45b966377ad..00000000000 --- a/source4/winbind/wb_cmd_getpwent.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for getpwent - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_getpwent_state { - struct composite_context *ctx; - struct wbsrv_service *service; - - struct wbsrv_pwent *pwent; - uint32_t max_users; - - uint32_t num_users; - struct winbindd_pw *result; -}; - -static void cmd_getpwent_recv_pwnam(struct composite_context *ctx); -#if 0 /*FIXME: implement this*/ -static void cmd_getpwent_recv_user_list(struct composite_context *ctx); -#endif - -struct composite_context *wb_cmd_getpwent_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, struct wbsrv_pwent *pwent, - uint32_t max_users) -{ - struct composite_context *ctx, *result; - struct cmd_getpwent_state *state; - - DEBUG(5, ("wb_cmd_getpwent_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct cmd_getpwent_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->pwent = pwent; - state->max_users = max_users; - state->num_users = 0; - - /* If there are users left in the libnet_UserList and we're below the - * maximum number of users to get per winbind getpwent call, use - * getpwnam to get the winbindd_pw struct */ - if (pwent->page_index < pwent->user_list->out.count) { - int idx = pwent->page_index; - char *username = talloc_strdup(state, - pwent->user_list->out.users[idx].username); - - pwent->page_index++; - ctx = wb_cmd_getpwnam_send(state, service, username); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_getpwent_recv_pwnam, - state); - } else { - /* If there is no valid user left, call libnet_UserList to get a new - * list of users. */ - composite_error(state->ctx, NT_STATUS_NO_MORE_ENTRIES); - } - return result; -} - -static void cmd_getpwent_recv_pwnam(struct composite_context *ctx) -{ - struct cmd_getpwent_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getpwent_state); - struct winbindd_pw *pw; - - DEBUG(5, ("cmd_getpwent_recv_pwnam called\n")); - - state->ctx->status = wb_cmd_getpwnam_recv(ctx, state, &pw); - if (!composite_is_ok(state->ctx)) return; - - /*FIXME: Cheat for now and only get one user per call */ - state->result = pw; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getpwent_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_pw **pw, - uint32_t *num_users) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getpwent_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getpwent_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getpwent_state); - *pw = talloc_steal(mem_ctx, state->result); - /*FIXME: Cheat and only get oner user */ - *num_users = 1; - } - - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_cmd_getpwnam.c b/source4/winbind/wb_cmd_getpwnam.c deleted file mode 100644 index 2a25ba3d16c..00000000000 --- a/source4/winbind/wb_cmd_getpwnam.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -i - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "param/param.h" -#include "winbind/wb_helper.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" - -struct cmd_getpwnam_state { - struct composite_context *ctx; - struct wbsrv_service *service; - char *name; - char *workgroup_name; - struct dom_sid *group_sid; - - struct winbindd_pw *result; -}; - -static void cmd_getpwnam_recv_domain(struct composite_context *ctx); -static void cmd_getpwnam_recv_user_info(struct composite_context *ctx); -static void cmd_getpwnam_recv_uid(struct composite_context *ctx); -static void cmd_getpwnam_recv_gid(struct composite_context *ctx); - -struct composite_context *wb_cmd_getpwnam_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *name) -{ - struct composite_context *result, *ctx; - struct cmd_getpwnam_state *state; - - DEBUG(5, ("wb_cmd_getpwnam_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_getpwnam_state); - if (composite_nomem(state, result)) return result; - state->ctx = result; - result->private_data = state; - state->service = service; - state->name = talloc_strdup(state, name); - if(composite_nomem(state->name, result)) return result; - - ctx = wb_name2domain_send(state, service, name); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, cmd_getpwnam_recv_domain, state); - return result; -} - -static void cmd_getpwnam_recv_domain(struct composite_context *ctx) -{ - struct cmd_getpwnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getpwnam_state); - struct wbsrv_domain *domain; - struct libnet_UserInfo *user_info; - char *user_dom, *user_name; - bool ok; - - state->ctx->status = wb_name2domain_recv(ctx, &domain); - if(!composite_is_ok(state->ctx)) return; - - user_info = talloc(state, struct libnet_UserInfo); - if (composite_nomem(user_info, state->ctx)) return; - - ok = wb_samba3_split_username(state, state->service->task->lp_ctx, - state->name, &user_dom, &user_name); - if(!ok){ - composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID); - return; - } - - user_info->in.level = USER_INFO_BY_NAME; - user_info->in.data.user_name = user_name; - user_info->in.domain_name = domain->libnet_ctx->samr.name; - state->workgroup_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - if(composite_nomem(state->workgroup_name, state->ctx)) return; - - ctx = libnet_UserInfo_send(domain->libnet_ctx, state, user_info, NULL); - - composite_continue(state->ctx, ctx, cmd_getpwnam_recv_user_info, state); -} - -static void cmd_getpwnam_recv_user_info(struct composite_context *ctx) -{ - struct cmd_getpwnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getpwnam_state); - struct libnet_UserInfo *user_info; - struct winbindd_pw *pw; - char *username_with_domain; - char *lowercase_username; - - DEBUG(5, ("cmd_getpwnam_recv_user_info called\n")); - - user_info = talloc(state, struct libnet_UserInfo); - if(composite_nomem(user_info, state->ctx)) return; - - pw = talloc(state, struct winbindd_pw); - if(composite_nomem(pw, state->ctx)) return; - - state->ctx->status = libnet_UserInfo_recv(ctx, state, user_info); - if(!composite_is_ok(state->ctx)) return; - - lowercase_username = strlower_talloc(state, user_info->out.account_name); - if (composite_nomem(lowercase_username, state->ctx)) { - return; - } - - username_with_domain = talloc_asprintf(pw, "%s%s%s", - state->workgroup_name, - lpcfg_winbind_separator(state->service->task->lp_ctx), - lowercase_username); - if(composite_nomem(username_with_domain, state->ctx)) return; - - WBSRV_SAMBA3_SET_STRING(pw->pw_name, username_with_domain); - WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*"); - WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name); - WBSRV_SAMBA3_SET_STRING(pw->pw_dir, - lpcfg_template_homedir(state->service->task->lp_ctx)); - all_string_sub(pw->pw_dir, "%D", state->workgroup_name, - sizeof(fstring) - 1); - all_string_sub(pw->pw_dir, "%U", lowercase_username, - sizeof(fstring) - 1); - WBSRV_SAMBA3_SET_STRING(pw->pw_shell, - lpcfg_template_shell(state->service->task->lp_ctx)); - - state->group_sid = dom_sid_dup(state, user_info->out.primary_group_sid); - if(composite_nomem(state->group_sid, state->ctx)) return; - - state->result = pw; - - ctx = wb_sid2uid_send(state, state->service, user_info->out.user_sid); - composite_continue(state->ctx, ctx, cmd_getpwnam_recv_uid, state); -} - -static void cmd_getpwnam_recv_uid(struct composite_context *ctx) -{ - struct cmd_getpwnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getpwnam_state); - uid_t uid; - - DEBUG(5, ("cmd_getpwnam_recv_uid called\n")); - - state->ctx->status = wb_sid2uid_recv(ctx, &uid); - if(!composite_is_ok(state->ctx)) return; - - state->result->pw_uid = uid; - - ctx = wb_sid2gid_send(state, state->service, state->group_sid); - composite_continue(state->ctx, ctx, cmd_getpwnam_recv_gid, state); -} - -static void cmd_getpwnam_recv_gid(struct composite_context *ctx) -{ - struct cmd_getpwnam_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_getpwnam_state); - gid_t gid; - - DEBUG(5, ("cmd_getpwnam_recv_gid called\n")); - - state->ctx->status = wb_sid2gid_recv(ctx, &gid); - if(!composite_is_ok(state->ctx)) return; - - state->result->pw_gid = gid; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getpwnam_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_pw **pw) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getpwnam_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getpwnam_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getpwnam_state); - *pw = talloc_steal(mem_ctx, state->result); - } - talloc_free(ctx); - return status; - -} - diff --git a/source4/winbind/wb_cmd_getpwuid.c b/source4/winbind/wb_cmd_getpwuid.c deleted file mode 100644 index 6da3c088d25..00000000000 --- a/source4/winbind/wb_cmd_getpwuid.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Backend for getpwuid - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "param/param.h" - -struct cmd_getpwuid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - uid_t uid; - struct dom_sid *sid; - char *workgroup; - struct wbsrv_domain *domain; - - struct winbindd_pw *result; -}; - -static void cmd_getpwuid_recv_sid(struct composite_context *ctx); -static void cmd_getpwuid_recv_domain(struct composite_context *ctx); -static void cmd_getpwuid_recv_user_info(struct composite_context *ctx); -static void cmd_getpwuid_recv_gid(struct composite_context *ctx); - -/* Get the SID using the uid */ - -struct composite_context *wb_cmd_getpwuid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - uid_t uid) -{ - struct composite_context *ctx, *result; - struct cmd_getpwuid_state *state; - - DEBUG(5, ("wb_cmd_getpwuid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_getpwuid_state); - if (composite_nomem(state, result)) return result; - state->ctx = result; - result->private_data = state; - state->service = service; - state->uid = uid; - - ctx = wb_uid2sid_send(state, service, uid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(result, ctx, cmd_getpwuid_recv_sid, state); - return result; -} - - -/* Receive the sid and get the domain structure with it */ - -static void cmd_getpwuid_recv_sid(struct composite_context *ctx) -{ - struct cmd_getpwuid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getpwuid_state); - - DEBUG(5, ("cmd_getpwuid_recv_sid called %p\n", ctx->private_data)); - - state->ctx->status = wb_uid2sid_recv(ctx, state, &state->sid); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_sid2domain_send(state, state->service, state->sid); - - composite_continue(state->ctx, ctx, cmd_getpwuid_recv_domain, state); -} - -/* Receive the domain struct and call libnet to get the user info struct */ - -static void cmd_getpwuid_recv_domain(struct composite_context *ctx) -{ - struct cmd_getpwuid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getpwuid_state); - struct libnet_UserInfo *user_info; - - DEBUG(5, ("cmd_getpwuid_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &state->domain); - if (!composite_is_ok(state->ctx)) return; - - user_info = talloc(state, struct libnet_UserInfo); - if (composite_nomem(user_info, state->ctx)) return; - - user_info->in.level = USER_INFO_BY_SID; - user_info->in.data.user_sid = state->sid; - user_info->in.domain_name = state->domain->libnet_ctx->samr.name; - - /* We need the workgroup later, so copy it */ - state->workgroup = talloc_strdup(state, - state->domain->libnet_ctx->samr.name); - if (composite_nomem(state->workgroup, state->ctx)) return; - - ctx = libnet_UserInfo_send(state->domain->libnet_ctx, state, user_info, - NULL); - - composite_continue(state->ctx, ctx, cmd_getpwuid_recv_user_info, state); -} - -/* Receive the user info struct and get the gid for the user */ - -static void cmd_getpwuid_recv_user_info(struct composite_context *ctx) -{ - struct cmd_getpwuid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getpwuid_state); - struct libnet_UserInfo *user_info; - struct winbindd_pw *pw; - char *username_with_domain; - char *lowercase_username; - - DEBUG(5, ("cmd_getpwuid_recv_user_info called\n")); - - pw = talloc(state, struct winbindd_pw); - if (composite_nomem(pw, state->ctx)) return; - - user_info = talloc(state, struct libnet_UserInfo); - if(composite_nomem(user_info, state->ctx)) return; - - state->ctx->status = libnet_UserInfo_recv(ctx, state, user_info); - if (!composite_is_ok(state->ctx)) return; - - lowercase_username = strlower_talloc(state, user_info->out.account_name); - if (composite_nomem(lowercase_username, state->ctx)) { - return; - } - - username_with_domain = talloc_asprintf(pw, "%s%s%s", - state->workgroup, - lpcfg_winbind_separator(state->service->task->lp_ctx), - lowercase_username); - if(composite_nomem(username_with_domain, state->ctx)) return; - - WBSRV_SAMBA3_SET_STRING(pw->pw_name, username_with_domain); - WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*"); - WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name); - WBSRV_SAMBA3_SET_STRING(pw->pw_dir, - lpcfg_template_homedir(state->service->task->lp_ctx)); - all_string_sub(pw->pw_dir, "%D", state->workgroup, - sizeof(fstring) - 1); - all_string_sub(pw->pw_dir, "%U", lowercase_username, - sizeof(fstring) - 1); - WBSRV_SAMBA3_SET_STRING(pw->pw_shell, - lpcfg_template_shell(state->service->task->lp_ctx)); - - pw->pw_uid = state->uid; - - state->result = pw; - - ctx = wb_sid2gid_send(state, state->service, - user_info->out.primary_group_sid); - - composite_continue(state->ctx, ctx, cmd_getpwuid_recv_gid, state); -} - -static void cmd_getpwuid_recv_gid(struct composite_context *ctx) -{ - struct cmd_getpwuid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_getpwuid_state); - gid_t gid; - - DEBUG(5, ("cmd_getpwuid_recv_gid called\n")); - - state->ctx->status = wb_sid2gid_recv(ctx, &gid); - if (!composite_is_ok(state->ctx)) return; - - state->result->pw_gid = gid; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_getpwuid_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct winbindd_pw **pw) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_getpwuid_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_getpwuid_state *state = - talloc_get_type(ctx->private_data, - struct cmd_getpwuid_state); - *pw = talloc_steal(mem_ctx, state->result); - } - talloc_free(ctx); - return status; - -} - diff --git a/source4/winbind/wb_cmd_list_groups.c b/source4/winbind/wb_cmd_list_groups.c deleted file mode 100644 index db256761d32..00000000000 --- a/source4/winbind/wb_cmd_list_groups.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -g - - Copyright (C) Kai Blin 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_list_groups_state { - struct composite_context *ctx; - struct wbsrv_service *service; - - struct wbsrv_domain *domain; - char *domain_name; - uint32_t resume_index; - char *result; - uint32_t num_groups; -}; - -static void cmd_list_groups_recv_domain(struct composite_context *ctx); -static void cmd_list_groups_recv_group_list(struct composite_context *ctx); - -struct composite_context *wb_cmd_list_groups_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, const char *domain_name) -{ - struct composite_context *ctx, *result; - struct cmd_list_groups_state *state; - - DEBUG(5, ("wb_cmd_list_groups_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_list_groups_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->resume_index = 0; - state->num_groups = 0; - state->result = talloc_strdup(state, ""); - if (composite_nomem(state->result, state->ctx)) return result; - - /*FIXME: We should look up the domain in the winbind request if it is - * set, not just take the primary domain. However, I want to get the - * libnet logic to work first. */ - - if (domain_name && *domain_name != '\0') { - state->domain_name = talloc_strdup(state, domain_name); - if (composite_nomem(state->domain_name, state->ctx)) - return result; - } else { - state->domain_name = NULL; - } - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_list_groups_recv_domain, state); - return result; -} - -static void cmd_list_groups_recv_domain(struct composite_context *ctx) -{ - struct cmd_list_groups_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_list_groups_state); - struct wbsrv_domain *domain; - struct libnet_GroupList *group_list; - - DEBUG(5, ("cmd_list_groups_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - /* we use this entry also for context purposes (libnet_GroupList) */ - state->domain = domain; - - /* If this is non-null, we've looked up the domain given in the winbind - * request, otherwise we'll just use the default name .*/ - if (state->domain_name == NULL) { - state->domain_name = talloc_strdup(state, - state->domain->libnet_ctx->samr.name); - if (composite_nomem(state->domain_name, state->ctx)) return; - } - - group_list = talloc(state, struct libnet_GroupList); - if (composite_nomem(group_list, state->ctx)) return; - - group_list->in.domain_name = state->domain_name; - - /* Rafal suggested that 128 is a good number here. I don't like magic - * numbers too much, but for now it'll have to do. - */ - group_list->in.page_size = 128; - group_list->in.resume_index = state->resume_index; - - ctx = libnet_GroupList_send(state->domain->libnet_ctx, state, - group_list, NULL); - - composite_continue(state->ctx, ctx, cmd_list_groups_recv_group_list, - state); -} - -static void cmd_list_groups_recv_group_list(struct composite_context *ctx) -{ - struct cmd_list_groups_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_list_groups_state); - struct libnet_GroupList *group_list; - NTSTATUS status; - int i; - - DEBUG(5, ("cmd_list_groups_recv_group_list called\n")); - - group_list = talloc(state, struct libnet_GroupList); - if (composite_nomem(group_list, state->ctx)) return; - - status = libnet_GroupList_recv(ctx, state, group_list); - - /* If NTSTATUS is neither OK nor MORE_ENTRIES, something broke */ - if (!NT_STATUS_IS_OK(status) && - !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && - !NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) { - composite_error(state->ctx, status); - return; - } - - for (i = 0; i < group_list->out.count; ++i) { - DEBUG(5, ("Appending group '%s'\n", - group_list->out.groups[i].groupname)); - state->result = talloc_asprintf_append_buffer(state->result, - "%s,", - group_list->out.groups[i].groupname); - state->num_groups++; - } - - /* If the status is OK, we're finished, there's no more groups. - * So we'll trim off the trailing ',' and are done.*/ - if (NT_STATUS_IS_OK(status)) { - size_t str_len = strlen(state->result); - DEBUG(5, ("list_GroupList_recv returned NT_STATUS_OK\n")); - if (str_len > 0) { - state->result[str_len - 1] = '\0'; - } - composite_done(state->ctx); - return; - } - - DEBUG(5, ("list_GroupList_recv returned NT_STATUS_MORE_ENTRIES\n")); - - /* Otherwise there's more groups to get, so call out to libnet and - * continue on this function here. */ - - group_list->in.domain_name = state->domain_name; - /* See comment above about the page size. 128 seems like a good default. - */ - group_list->in.page_size = 128; - group_list->in.resume_index = group_list->out.resume_index; - - ctx = libnet_GroupList_send(state->domain->libnet_ctx, state,group_list, - NULL); - - composite_continue(state->ctx, ctx, cmd_list_groups_recv_group_list, - state); -} - -NTSTATUS wb_cmd_list_groups_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, uint32_t *extra_data_len, - char **extra_data, uint32_t *num_groups) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_list_groups_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_list_groups_state *state = talloc_get_type( - ctx->private_data, struct cmd_list_groups_state); - - *extra_data_len = strlen(state->result); - *extra_data = talloc_steal(mem_ctx, state->result); - *num_groups = state->num_groups; - } - - talloc_free(ctx); - return status; -} - - diff --git a/source4/winbind/wb_cmd_list_trustdom.c b/source4/winbind/wb_cmd_list_trustdom.c deleted file mode 100644 index 899de61c078..00000000000 --- a/source4/winbind/wb_cmd_list_trustdom.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -m - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "librpc/gen_ndr/ndr_lsa_c.h" - -/* List trusted domains. To avoid the trouble with having to wait for other - * conflicting requests waiting for the lsa pipe we're opening our own lsa - * pipe here. */ - -struct cmd_list_trustdom_state { - struct composite_context *ctx; - struct dcerpc_pipe *lsa_pipe; - struct policy_handle *lsa_policy; - uint32_t num_domains; - struct wb_dom_info **domains; - - uint32_t resume_handle; - struct lsa_DomainList domainlist; - struct lsa_EnumTrustDom r; -}; - -static void cmd_list_trustdoms_recv_domain(struct composite_context *ctx); -static void cmd_list_trustdoms_recv_lsa(struct composite_context *ctx); -static void cmd_list_trustdoms_recv_doms(struct tevent_req *subreq); - -struct composite_context *wb_cmd_list_trustdoms_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service) -{ - struct composite_context *result, *ctx; - struct cmd_list_trustdom_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_list_trustdom_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (ctx == NULL) goto failed; - ctx->async.fn = cmd_list_trustdoms_recv_domain; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void cmd_list_trustdoms_recv_domain(struct composite_context *ctx) -{ - struct cmd_list_trustdom_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_list_trustdom_state); - struct wbsrv_domain *domain; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_init_lsa_send(state, domain); - composite_continue(state->ctx, ctx, cmd_list_trustdoms_recv_lsa, - state); -} - -static void cmd_list_trustdoms_recv_lsa(struct composite_context *ctx) -{ - struct cmd_list_trustdom_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_list_trustdom_state); - struct tevent_req *subreq; - - state->ctx->status = wb_init_lsa_recv(ctx, state, - &state->lsa_pipe, - &state->lsa_policy); - if (!composite_is_ok(state->ctx)) return; - - state->num_domains = 0; - state->domains = NULL; - - state->domainlist.count = 0; - state->domainlist.domains = NULL; - - state->resume_handle = 0; - state->r.in.handle = state->lsa_policy; - state->r.in.resume_handle = &state->resume_handle; - state->r.in.max_size = 1000; - state->r.out.resume_handle = &state->resume_handle; - state->r.out.domains = &state->domainlist; - - subreq = dcerpc_lsa_EnumTrustDom_r_send(state, - state->ctx->event_ctx, - state->lsa_pipe->binding_handle, - &state->r); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, cmd_list_trustdoms_recv_doms, state); -} - -static void cmd_list_trustdoms_recv_doms(struct tevent_req *subreq) -{ - struct cmd_list_trustdom_state *state = - tevent_req_callback_data(subreq, - struct cmd_list_trustdom_state); - uint32_t i, old_num_domains; - - state->ctx->status = dcerpc_lsa_EnumTrustDom_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->r.out.result; - - if (!NT_STATUS_IS_OK(state->ctx->status) && - !NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_NO_MORE_ENTRIES) && - !NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) { - composite_error(state->ctx, state->ctx->status); - return; - } - - old_num_domains = state->num_domains; - - state->num_domains += state->r.out.domains->count; - state->domains = talloc_realloc(state, state->domains, - struct wb_dom_info *, - state->num_domains); - if (state->num_domains && - composite_nomem(state->domains, state->ctx)) return; - - for (i=0; i<state->r.out.domains->count; i++) { - uint32_t j = i+old_num_domains; - state->domains[j] = talloc(state->domains, - struct wb_dom_info); - if (composite_nomem(state->domains[i], state->ctx)) return; - state->domains[j]->name = talloc_steal( - state->domains[j], - state->r.out.domains->domains[i].name.string); - state->domains[j]->sid = talloc_steal( - state->domains[j], - state->r.out.domains->domains[i].sid); - } - - if (NT_STATUS_IS_OK(state->ctx->status) || NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_NO_MORE_ENTRIES)) { - state->ctx->status = NT_STATUS_OK; - composite_done(state->ctx); - return; - } - - state->domainlist.count = 0; - state->domainlist.domains = NULL; - state->r.in.handle = state->lsa_policy; - state->r.in.resume_handle = &state->resume_handle; - state->r.in.max_size = 1000; - state->r.out.resume_handle = &state->resume_handle; - state->r.out.domains = &state->domainlist; - - subreq = dcerpc_lsa_EnumTrustDom_r_send(state, - state->ctx->event_ctx, - state->lsa_pipe->binding_handle, - &state->r); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, cmd_list_trustdoms_recv_doms, state); -} - -NTSTATUS wb_cmd_list_trustdoms_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, - uint32_t *num_domains, - struct wb_dom_info ***domains) -{ - NTSTATUS status = composite_wait(ctx); - if (NT_STATUS_IS_OK(status)) { - struct cmd_list_trustdom_state *state = - talloc_get_type(ctx->private_data, - struct cmd_list_trustdom_state); - *num_domains = state->num_domains; - *domains = talloc_steal(mem_ctx, state->domains); - } - talloc_free(ctx); - return status; -} diff --git a/source4/winbind/wb_cmd_list_users.c b/source4/winbind/wb_cmd_list_users.c deleted file mode 100644 index 03544f6585b..00000000000 --- a/source4/winbind/wb_cmd_list_users.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -u - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_list_users_state { - struct composite_context *ctx; - struct wbsrv_service *service; - - struct wbsrv_domain *domain; - char *domain_name; - uint32_t resume_index; - char *result; - uint32_t num_users; -}; - -static void cmd_list_users_recv_domain(struct composite_context *ctx); -static void cmd_list_users_recv_user_list(struct composite_context *ctx); - -struct composite_context *wb_cmd_list_users_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, const char *domain_name) -{ - struct composite_context *ctx, *result; - struct cmd_list_users_state *state; - - DEBUG(5, ("wb_cmd_list_users_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct cmd_list_users_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->resume_index = 0; - state->num_users = 0; - state->result = talloc_strdup(state, ""); - if (composite_nomem(state->result, state->ctx)) return result; - - /*FIXME: We should look up the domain in the winbind request if it is - * set, not just take the primary domain. However, I want to get the - * libnet logic to work first. */ - - if (domain_name && *domain_name != '\0') { - state->domain_name = talloc_strdup(state, domain_name); - if (composite_nomem(state->domain_name, state->ctx)) - return result; - } else { - state->domain_name = NULL; - } - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_list_users_recv_domain, state); - return result; -} - -static void cmd_list_users_recv_domain(struct composite_context *ctx) -{ - struct cmd_list_users_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_list_users_state); - struct wbsrv_domain *domain; - struct libnet_UserList *user_list; - - DEBUG(5, ("cmd_list_users_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - state->domain = domain; - - /* If this is non-null, we've looked up the domain given in the winbind - * request, otherwise we'll just use the default name.*/ - if (state->domain_name == NULL) { - state->domain_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - if (composite_nomem(state->domain_name, state->ctx)) return; - } - - user_list = talloc(state, struct libnet_UserList); - if (composite_nomem(user_list, state->ctx)) return; - - user_list->in.domain_name = state->domain_name; - - /* Rafal suggested that 128 is a good number here. I don't like magic - * numbers too much, but for now it'll have to do. - */ - user_list->in.page_size = 128; - user_list->in.resume_index = state->resume_index; - - ctx = libnet_UserList_send(domain->libnet_ctx, state, user_list, NULL); - - composite_continue(state->ctx, ctx, cmd_list_users_recv_user_list, - state); -} - -static void cmd_list_users_recv_user_list(struct composite_context *ctx) -{ - struct cmd_list_users_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_list_users_state); - struct libnet_UserList *user_list; - NTSTATUS status; - int i; - - DEBUG(5, ("cmd_list_users_recv_user_list called\n")); - - user_list = talloc(state, struct libnet_UserList); - if (composite_nomem(user_list, state->ctx)) return; - - status = libnet_UserList_recv(ctx, state, user_list); - - /* If NTSTATUS is neither OK nor MORE_ENTRIES, something broke */ - if (!NT_STATUS_IS_OK(status) && - !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && - !NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) { - composite_error(state->ctx, status); - return; - } - - for (i = 0; i < user_list->out.count; ++i) { - DEBUG(5, ("Appending user '%s'\n", user_list->out.users[i].username)); - state->result = talloc_asprintf_append_buffer(state->result, "%s,", - user_list->out.users[i].username); - state->num_users++; - } - - /* If the status is OK, we're finished, there's no more users. - * So we'll trim off the trailing ',' and are done.*/ - if (NT_STATUS_IS_OK(status)) { - int str_len = strlen(state->result); - DEBUG(5, ("list_UserList_recv returned NT_STATUS_OK\n")); - state->result[str_len - 1] = '\0'; - composite_done(state->ctx); - return; - } - - DEBUG(5, ("list_UserList_recv returned NT_STATUS_MORE_ENTRIES\n")); - - /* Otherwise there's more users to get, so call out to libnet and - * continue on this function here. */ - - user_list->in.domain_name = state->domain_name; - /* See comment above about the page size. 128 seems like a good default. - */ - user_list->in.page_size = 128; - user_list->in.resume_index = user_list->out.resume_index; - - ctx = libnet_UserList_send(state->domain->libnet_ctx, state, user_list, - NULL); - - composite_continue(state->ctx, ctx, cmd_list_users_recv_user_list, - state); -} - -NTSTATUS wb_cmd_list_users_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, uint32_t *extra_data_len, - char **extra_data, uint32_t *num_users) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_list_users_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_list_users_state *state = talloc_get_type( - ctx->private_data, struct cmd_list_users_state); - - *extra_data_len = strlen(state->result); - *extra_data = talloc_steal(mem_ctx, state->result); - *num_users = state->num_users; - } - - talloc_free(ctx); - return status; -} - - diff --git a/source4/winbind/wb_cmd_lookupname.c b/source4/winbind/wb_cmd_lookupname.c deleted file mode 100644 index 7761dcea4f1..00000000000 --- a/source4/winbind/wb_cmd_lookupname.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -n - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "winbind/wb_helper.h" -#include "smbd/service_task.h" - -struct cmd_lookupname_state { - struct composite_context *ctx; - const char *name; - struct wb_sid_object *result; -}; - -static void lookupname_recv_domain(struct composite_context *ctx); -static void lookupname_recv_sids(struct composite_context *ctx); - -struct composite_context *wb_cmd_lookupname_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *dom_name, - const char *name) -{ - struct composite_context *result, *ctx; - struct cmd_lookupname_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_lookupname_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->name = talloc_asprintf(state, "%s\\%s", dom_name, name); - if (state->name == NULL) goto failed; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (ctx == NULL) goto failed; - - ctx->async.fn = lookupname_recv_domain; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void lookupname_recv_domain(struct composite_context *ctx) -{ - struct cmd_lookupname_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_lookupname_state); - struct wbsrv_domain *domain; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_lsa_lookupnames_send(state, state->ctx->event_ctx, - domain->libnet_ctx->lsa.lsa_handle, - &domain->libnet_ctx->lsa.handle, 1, &state->name); - composite_continue(state->ctx, ctx, lookupname_recv_sids, state); -} - -static void lookupname_recv_sids(struct composite_context *ctx) -{ - struct cmd_lookupname_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_lookupname_state); - struct wb_sid_object **sids; - - state->ctx->status = wb_lsa_lookupnames_recv(ctx, state, &sids); - if (!composite_is_ok(state->ctx)) return; - - state->result = sids[0]; - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_lookupname_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct wb_sid_object **sid) -{ - struct cmd_lookupname_state *state = - talloc_get_type(c->private_data, struct cmd_lookupname_state); - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - *sid = talloc_steal(mem_ctx, state->result); - } - talloc_free(state); - return status; -} - -NTSTATUS wb_cmd_lookupname(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *dom_name, - const char *name, - struct wb_sid_object **sid) -{ - struct composite_context *c = - wb_cmd_lookupname_send(mem_ctx, service, dom_name, name); - return wb_cmd_lookupname_recv(c, mem_ctx, sid); -} diff --git a/source4/winbind/wb_cmd_lookupsid.c b/source4/winbind/wb_cmd_lookupsid.c deleted file mode 100644 index 4996569bad8..00000000000 --- a/source4/winbind/wb_cmd_lookupsid.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -s - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "winbind/wb_helper.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" - -struct cmd_lookupsid_state { - struct composite_context *ctx; - const struct dom_sid *sid; - struct wb_sid_object *result; -}; - -static void lookupsid_recv_domain(struct composite_context *ctx); -static void lookupsid_recv_names(struct composite_context *ctx); - -struct composite_context *wb_cmd_lookupsid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct cmd_lookupsid_state *state; - - DEBUG(5, ("wb_cmd_lookupsid_send called\n")); - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_lookupsid_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->sid = dom_sid_dup(state, sid); - if (state->sid == NULL) goto failed; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (ctx == NULL) goto failed; - - ctx->async.fn = lookupsid_recv_domain; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void lookupsid_recv_domain(struct composite_context *ctx) -{ - struct cmd_lookupsid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_lookupsid_state); - struct wbsrv_domain *domain; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_lsa_lookupsids_send(state, state->ctx->event_ctx, - domain->libnet_ctx->lsa.lsa_handle, - &domain->libnet_ctx->lsa.handle, 1, &state->sid); - composite_continue(state->ctx, ctx, lookupsid_recv_names, state); -} - -static void lookupsid_recv_names(struct composite_context *ctx) -{ - struct cmd_lookupsid_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_lookupsid_state); - struct wb_sid_object **names; - - state->ctx->status = wb_lsa_lookupsids_recv(ctx, state, &names); - if (!composite_is_ok(state->ctx)) return; - - state->result = names[0]; - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_lookupsid_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct wb_sid_object **sid) -{ - struct cmd_lookupsid_state *state = - talloc_get_type(c->private_data, struct cmd_lookupsid_state); - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - *sid = talloc_steal(mem_ctx, state->result); - } - talloc_free(state); - return status; -} - -NTSTATUS wb_cmd_lookupsid(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - const struct dom_sid *sid, - struct wb_sid_object **name) -{ - struct composite_context *c = - wb_cmd_lookupsid_send(mem_ctx, service, sid); - return wb_cmd_lookupsid_recv(c, mem_ctx, name); -} diff --git a/source4/winbind/wb_cmd_setgrent.c b/source4/winbind/wb_cmd_setgrent.c deleted file mode 100644 index aed5c7088b5..00000000000 --- a/source4/winbind/wb_cmd_setgrent.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for setgrent - - Copyright (C) Matthieu Patou 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_setgrent_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct libnet_context *libnet_ctx; - - struct wbsrv_grent *result; - char *domain_name; -}; - -static void cmd_setgrent_recv_domain(struct composite_context *ctx); -static void cmd_setgrent_recv_group_list(struct composite_context *ctx); - -struct composite_context *wb_cmd_setgrent_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service) -{ - struct composite_context *ctx, *result; - struct cmd_setgrent_state *state; - - DEBUG(5, ("wb_cmd_setgrent_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct cmd_setgrent_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - state->result = talloc(state, struct wbsrv_grent); - if (composite_nomem(state->result, state->ctx)) return result; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_setgrent_recv_domain, state); - return result; -} - -static void cmd_setgrent_recv_domain(struct composite_context *ctx) -{ - struct cmd_setgrent_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_setgrent_state); - struct wbsrv_domain *domain; - struct libnet_GroupList *group_list; - - DEBUG(5, ("cmd_setgrent_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - state->libnet_ctx = domain->libnet_ctx; - - group_list = talloc(state->result, struct libnet_GroupList); - if (composite_nomem(group_list, state->ctx)) return; - - state->domain_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - group_list->in.domain_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - if (composite_nomem(group_list->in.domain_name, state->ctx)) return; - - /* Page size recommended by Rafal */ - group_list->in.page_size = 128; - - /* Always get the start of the list */ - group_list->in.resume_index = 0; - - ctx = libnet_GroupList_send(domain->libnet_ctx, state->result, group_list, - NULL); - - state->result->page_index = -1; - composite_continue(state->ctx, ctx, cmd_setgrent_recv_group_list, state); -} - -static void cmd_setgrent_recv_group_list(struct composite_context *ctx) -{ - struct cmd_setgrent_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_setgrent_state); - struct libnet_GroupList *group_list; - struct libnet_GroupList *group_list_send; - DEBUG(5, ("cmd_setgrent_recv_group_list called\n")); - - group_list = talloc(state->result, struct libnet_GroupList); - if (composite_nomem(group_list, state->ctx)) return; - - state->ctx->status = libnet_GroupList_recv(ctx, state->result, - group_list); - if (NT_STATUS_IS_OK(state->ctx->status) || - NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) { - uint32_t resume_index = group_list->out.resume_index; - if( state->result->page_index == -1) { /* First run*/ - state->result->group_list = group_list; - state->result->page_index = 0; - state->result->libnet_ctx = state->libnet_ctx; - } else { - int i; - struct grouplist *tmp; - tmp = state->result->group_list->out.groups; - state->result->group_list->out.groups = talloc_realloc(state->result,tmp,struct grouplist, - state->result->group_list->out.count+group_list->out.count); - tmp = state->result->group_list->out.groups; - for(i=0;i<group_list->out.count;i++ ) { - tmp[i+state->result->group_list->out.count].groupname = talloc_steal(state->result,group_list->out.groups[i].groupname); - } - state->result->group_list->out.count += group_list->out.count; - TALLOC_FREE(group_list); - } - - - if (NT_STATUS_IS_OK(state->ctx->status) ) { - composite_done(state->ctx); - } else { - group_list_send = talloc(state->result, struct libnet_GroupList); - if (composite_nomem(group_list_send, state->ctx)) return; - group_list_send->in.domain_name = talloc_strdup(state, state->domain_name); - group_list_send->in.resume_index = resume_index; - group_list_send->in.page_size = 128; - ctx = libnet_GroupList_send(state->libnet_ctx, state->result, group_list_send, NULL); - composite_continue(state->ctx, ctx, cmd_setgrent_recv_group_list, state); - } - } else { - composite_error(state->ctx, state->ctx->status); - } - return; -} - -NTSTATUS wb_cmd_setgrent_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct wbsrv_grent **grent) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_setgrent_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_setgrent_state *state = - talloc_get_type(ctx->private_data, - struct cmd_setgrent_state); - - *grent = talloc_steal(mem_ctx, state->result); - } - - talloc_free(ctx); - return status; -} diff --git a/source4/winbind/wb_cmd_setpwent.c b/source4/winbind/wb_cmd_setpwent.c deleted file mode 100644 index ab9fd2ef949..00000000000 --- a/source4/winbind/wb_cmd_setpwent.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for setpwent - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct cmd_setpwent_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct libnet_context *libnet_ctx; - - struct wbsrv_pwent *result; - char *domain_name; -}; - -static void cmd_setpwent_recv_domain(struct composite_context *ctx); -static void cmd_setpwent_recv_user_list(struct composite_context *ctx); - -struct composite_context *wb_cmd_setpwent_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service) -{ - struct composite_context *ctx, *result; - struct cmd_setpwent_state *state; - - DEBUG(5, ("wb_cmd_setpwent_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct cmd_setpwent_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - state->result = talloc(state, struct wbsrv_pwent); - if (composite_nomem(state->result, state->ctx)) return result; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(state->ctx, ctx, cmd_setpwent_recv_domain, state); - return result; -} - -static void cmd_setpwent_recv_domain(struct composite_context *ctx) -{ - struct cmd_setpwent_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_setpwent_state); - struct wbsrv_domain *domain; - struct libnet_UserList *user_list; - - DEBUG(5, ("cmd_setpwent_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - state->libnet_ctx = domain->libnet_ctx; - - user_list = talloc(state->result, struct libnet_UserList); - if (composite_nomem(user_list, state->ctx)) return; - - state->domain_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - user_list->in.domain_name = talloc_strdup(state, - domain->libnet_ctx->samr.name); - if (composite_nomem(user_list->in.domain_name, state->ctx)) return; - - /* Page size recommended by Rafal */ - user_list->in.page_size = 128; - - /* Always get the start of the list */ - user_list->in.resume_index = 0; - - ctx = libnet_UserList_send(domain->libnet_ctx, state->result, user_list, - NULL); - - state->result->page_index = -1; - composite_continue(state->ctx, ctx, cmd_setpwent_recv_user_list, state); -} - -static void cmd_setpwent_recv_user_list(struct composite_context *ctx) -{ - struct cmd_setpwent_state *state = talloc_get_type( - ctx->async.private_data, struct cmd_setpwent_state); - struct libnet_UserList *user_list; - struct libnet_UserList *user_list_send; - DEBUG(5, ("cmd_setpwent_recv_user_list called\n")); - - user_list = talloc(state->result, struct libnet_UserList); - if (composite_nomem(user_list, state->ctx)) return; - - state->ctx->status = libnet_UserList_recv(ctx, state->result, - user_list); - if (NT_STATUS_IS_OK(state->ctx->status) || - NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) { - - uint32_t resume_index = user_list->out.resume_index; - - if (state->result->page_index == -1) { /* First run*/ - state->result->user_list = user_list; - state->result->page_index = 0; - state->result->libnet_ctx = state->libnet_ctx; - } else { - int i, cnt = state->result->user_list->out.count - + user_list->out.count; - struct userlist *tmp; - tmp = state->result->user_list->out.users; - state->result->user_list->out.users = talloc_realloc(state->result, - tmp, struct userlist, - cnt); - tmp = state->result->user_list->out.users; - for(i=0;i<user_list->out.count;i++ ) { - tmp[state->result->user_list->out.count + i].username - = talloc_strdup(state->result, user_list->out.users[i].username); - } - state->result->user_list->out.count = cnt; - TALLOC_FREE(user_list); - } - - if (NT_STATUS_IS_OK(state->ctx->status) ) { - composite_done(state->ctx); - } else { - user_list_send = talloc(state->result, struct libnet_UserList); - if (composite_nomem(user_list_send, state->ctx)) return; - user_list_send->in.domain_name = talloc_strdup(state, state->domain_name); - user_list_send->in.resume_index = resume_index; - user_list_send->in.page_size = 128; - ctx = libnet_UserList_send(state->libnet_ctx, state->result, user_list_send, NULL); - composite_continue(state->ctx, ctx, cmd_setpwent_recv_user_list, state); - } - } else { - composite_error(state->ctx, state->ctx->status); - } - return; -} - -NTSTATUS wb_cmd_setpwent_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, struct wbsrv_pwent **pwent) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_cmd_setpwent_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct cmd_setpwent_state *state = - talloc_get_type(ctx->private_data, - struct cmd_setpwent_state); - - *pwent = talloc_steal(mem_ctx, state->result); - } - - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_cmd_userdomgroups.c b/source4/winbind/wb_cmd_userdomgroups.c deleted file mode 100644 index ee53a44bf6e..00000000000 --- a/source4/winbind/wb_cmd_userdomgroups.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo --user-domgroups - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "libcli/security/security.h" -#include "winbind/wb_server.h" -#include "winbind/wb_helper.h" -#include "smbd/service_task.h" - -struct cmd_userdomgroups_state { - struct composite_context *ctx; - struct dom_sid *dom_sid; - uint32_t user_rid; - uint32_t num_rids; - uint32_t *rids; -}; - -static void userdomgroups_recv_domain(struct composite_context *ctx); -static void userdomgroups_recv_rids(struct composite_context *ctx); - -struct composite_context *wb_cmd_userdomgroups_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct cmd_userdomgroups_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_userdomgroups_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->dom_sid = dom_sid_dup(state, sid); - if (state->dom_sid == NULL) goto failed; - state->dom_sid->num_auths -= 1; - - state->user_rid = sid->sub_auths[sid->num_auths-1]; - - ctx = wb_sid2domain_send(state, service, sid); - - composite_continue(state->ctx, ctx, userdomgroups_recv_domain, state); - - if (ctx) { - return result; - } - - failed: - talloc_free(result); - return NULL; -} - -static void userdomgroups_recv_domain(struct composite_context *ctx) -{ - struct cmd_userdomgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_userdomgroups_state); - struct wbsrv_domain *domain; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_samr_userdomgroups_send(state, state->ctx->event_ctx, - domain->libnet_ctx->samr.samr_handle, - &domain->libnet_ctx->samr.handle, - state->user_rid); - composite_continue(state->ctx, ctx, userdomgroups_recv_rids, state); - -} - -static void userdomgroups_recv_rids(struct composite_context *ctx) -{ - struct cmd_userdomgroups_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_userdomgroups_state); - - state->ctx->status = wb_samr_userdomgroups_recv(ctx, state, - &state->num_rids, - &state->rids); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_userdomgroups_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - uint32_t *num_sids, struct dom_sid ***sids) -{ - struct cmd_userdomgroups_state *state = - talloc_get_type(c->private_data, - struct cmd_userdomgroups_state); - uint32_t i; - NTSTATUS status; - - status = composite_wait(c); - if (!NT_STATUS_IS_OK(status)) goto done; - - *num_sids = state->num_rids; - *sids = talloc_array(mem_ctx, struct dom_sid *, state->num_rids); - if (*sids == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<state->num_rids; i++) { - (*sids)[i] = dom_sid_add_rid((*sids), state->dom_sid, - state->rids[i]); - if ((*sids)[i] == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - } - -done: - talloc_free(c); - return status; -} - -NTSTATUS wb_cmd_userdomgroups(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const struct dom_sid *sid, - uint32_t *num_sids, struct dom_sid ***sids) -{ - struct composite_context *c = - wb_cmd_userdomgroups_send(mem_ctx, service, sid); - return wb_cmd_userdomgroups_recv(c, mem_ctx, num_sids, sids); -} diff --git a/source4/winbind/wb_cmd_usersids.c b/source4/winbind/wb_cmd_usersids.c deleted file mode 100644 index da4cb80c7bb..00000000000 --- a/source4/winbind/wb_cmd_usersids.c +++ /dev/null @@ -1,197 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo --user-sids - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "librpc/gen_ndr/ndr_samr_c.h" -#include "libcli/security/security.h" - -/* Calculate the token in two steps: Go the user's originating domain, ask for - * the user's domain groups. Then with the resulting list of sids go to our - * own domain to expand the aliases aka domain local groups. */ - -struct cmd_usersids_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct dom_sid *user_sid; - uint32_t num_domgroups; - struct dom_sid **domgroups; - - struct lsa_SidArray lsa_sids; - struct samr_Ids rids; - struct samr_GetAliasMembership r; - - uint32_t num_sids; - struct dom_sid **sids; -}; - -static void usersids_recv_domgroups(struct composite_context *ctx); -static void usersids_recv_domain(struct composite_context *ctx); -static void usersids_recv_aliases(struct tevent_req *subreq); - -struct composite_context *wb_cmd_usersids_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct cmd_usersids_state *state; - - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_usersids_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->service = service; - state->user_sid = dom_sid_dup(state, sid); - if (state->user_sid == NULL) goto failed; - - ctx = wb_cmd_userdomgroups_send(state, service, sid); - if (ctx == NULL) goto failed; - - ctx->async.fn = usersids_recv_domgroups; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void usersids_recv_domgroups(struct composite_context *ctx) -{ - struct cmd_usersids_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_usersids_state); - - state->ctx->status = wb_cmd_userdomgroups_recv(ctx, state, - &state->num_domgroups, - &state->domgroups); - if (!composite_is_ok(state->ctx)) return; - - ctx = wb_sid2domain_send(state, state->service, - state->service->primary_sid); - composite_continue(state->ctx, ctx, usersids_recv_domain, state); -} - -static void usersids_recv_domain(struct composite_context *ctx) -{ - struct cmd_usersids_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_usersids_state); - struct tevent_req *subreq; - struct wbsrv_domain *domain; - uint32_t i; - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if (!composite_is_ok(state->ctx)) return; - - state->lsa_sids.num_sids = state->num_domgroups+1; - state->lsa_sids.sids = talloc_array(state, struct lsa_SidPtr, - state->lsa_sids.num_sids); - if (composite_nomem(state->lsa_sids.sids, state->ctx)) return; - - state->lsa_sids.sids[0].sid = state->user_sid; - for (i=0; i<state->num_domgroups; i++) { - state->lsa_sids.sids[i+1].sid = state->domgroups[i]; - } - - state->rids.count = 0; - state->rids.ids = NULL; - - state->r.in.domain_handle = &domain->libnet_ctx->samr.handle; - state->r.in.sids = &state->lsa_sids; - state->r.out.rids = &state->rids; - - subreq = dcerpc_samr_GetAliasMembership_r_send(state, - state->ctx->event_ctx, - domain->libnet_ctx->samr.pipe->binding_handle, - &state->r); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, usersids_recv_aliases, state); -} - -static void usersids_recv_aliases(struct tevent_req *subreq) -{ - struct cmd_usersids_state *state = - tevent_req_callback_data(subreq, - struct cmd_usersids_state); - uint32_t i; - - state->ctx->status = dcerpc_samr_GetAliasMembership_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->r.out.result; - if (!composite_is_ok(state->ctx)) return; - - state->num_sids = 1 + state->num_domgroups + state->r.out.rids->count; - state->sids = talloc_array(state, struct dom_sid *, state->num_sids); - if (composite_nomem(state->sids, state->ctx)) return; - - state->sids[0] = talloc_steal(state->sids, state->user_sid); - - for (i=0; i<state->num_domgroups; i++) { - state->sids[1+i] = - talloc_steal(state->sids, state->domgroups[i]); - } - - for (i=0; i<state->r.out.rids->count; i++) { - state->sids[1+state->num_domgroups+i] = dom_sid_add_rid( - state->sids, state->service->primary_sid, - state->r.out.rids->ids[i]); - - if (composite_nomem(state->sids[1+state->num_domgroups+i], - state->ctx)) return; - } - - composite_done(state->ctx); -} - -NTSTATUS wb_cmd_usersids_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, - uint32_t *num_sids, struct dom_sid ***sids) -{ - NTSTATUS status = composite_wait(ctx); - if (NT_STATUS_IS_OK(status)) { - struct cmd_usersids_state *state = - talloc_get_type(ctx->private_data, - struct cmd_usersids_state); - *num_sids = state->num_sids; - *sids = talloc_steal(mem_ctx, state->sids); - } - talloc_free(ctx); - return status; -} - -NTSTATUS wb_cmd_usersids(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - const struct dom_sid *sid, - uint32_t *num_sids, struct dom_sid ***sids) -{ - struct composite_context *c = - wb_cmd_usersids_send(mem_ctx, service, sid); - return wb_cmd_usersids_recv(c, mem_ctx, num_sids, sids); -} - diff --git a/source4/winbind/wb_connect_lsa.c b/source4/winbind/wb_connect_lsa.c deleted file mode 100644 index 3bf02a0ed09..00000000000 --- a/source4/winbind/wb_connect_lsa.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Connect to the LSA pipe, given an smbcli_tree and possibly some - credentials. Try ntlmssp, schannel and anon in that order. - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" - -#include "librpc/gen_ndr/ndr_lsa_c.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -/* Helper to initialize LSA with a specific auth methods. Verify by opening - * the LSA policy. */ - -struct init_lsa_state { - struct composite_context *ctx; - struct dcerpc_pipe *lsa_pipe; - - uint8_t auth_type; - struct cli_credentials *creds; - - struct lsa_ObjectAttribute objectattr; - struct lsa_OpenPolicy2 openpolicy; - struct policy_handle *handle; -}; - -static void init_lsa_recv_pipe(struct composite_context *ctx); -static void init_lsa_recv_openpol(struct tevent_req *subreq); - -struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx, - struct wbsrv_domain *domain) -{ - struct composite_context *result, *ctx; - struct init_lsa_state *state; - - result = composite_create(mem_ctx, domain->service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct init_lsa_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - /* this will make the secondary connection on the same IPC$ share, - secured with SPNEGO or NTLMSSP */ - ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe, - domain->lsa_binding, - &ndr_table_lsarpc, - domain->libnet_ctx->cred, - domain->libnet_ctx->lp_ctx); - composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state); - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void init_lsa_recv_pipe(struct composite_context *ctx) -{ - struct init_lsa_state *state = - talloc_get_type(ctx->async.private_data, - struct init_lsa_state); - struct tevent_req *subreq; - - state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state, - &state->lsa_pipe); - if (!composite_is_ok(state->ctx)) return; - - state->handle = talloc(state, struct policy_handle); - if (composite_nomem(state->handle, state->ctx)) return; - - state->openpolicy.in.system_name = - talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->lsa_pipe)); - ZERO_STRUCT(state->objectattr); - state->openpolicy.in.attr = &state->objectattr; - state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->openpolicy.out.handle = state->handle; - - subreq = dcerpc_lsa_OpenPolicy2_r_send(state, - state->ctx->event_ctx, - state->lsa_pipe->binding_handle, - &state->openpolicy); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, init_lsa_recv_openpol, state); -} - -static void init_lsa_recv_openpol(struct tevent_req *subreq) -{ - struct init_lsa_state *state = - tevent_req_callback_data(subreq, - struct init_lsa_state); - - state->ctx->status = dcerpc_lsa_OpenPolicy2_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->openpolicy.out.result; - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_init_lsa_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct dcerpc_pipe **lsa_pipe, - struct policy_handle **lsa_policy) -{ - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - struct init_lsa_state *state = - talloc_get_type(c->private_data, - struct init_lsa_state); - *lsa_pipe = talloc_steal(mem_ctx, state->lsa_pipe); - *lsa_policy = talloc_steal(mem_ctx, state->handle); - } - talloc_free(c); - return status; -} - diff --git a/source4/winbind/wb_connect_sam.c b/source4/winbind/wb_connect_sam.c deleted file mode 100644 index 67d4983754e..00000000000 --- a/source4/winbind/wb_connect_sam.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Connect to the SAMR pipe, and return connection and domain handles. - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" - -#include "libcli/security/security.h" -#include "librpc/gen_ndr/ndr_samr_c.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - - -/* Helper to initialize SAMR with a specific auth methods. Verify by opening - * the SAM handle */ - -struct connect_samr_state { - struct composite_context *ctx; - struct dom_sid *sid; - - struct dcerpc_pipe *samr_pipe; - struct policy_handle *connect_handle; - struct policy_handle *domain_handle; - - struct samr_Connect2 c; - struct samr_OpenDomain o; -}; - -static void connect_samr_recv_pipe(struct composite_context *ctx); -static void connect_samr_recv_conn(struct tevent_req *subreq); -static void connect_samr_recv_open(struct tevent_req *subreq); - -struct composite_context *wb_connect_samr_send(TALLOC_CTX *mem_ctx, - struct wbsrv_domain *domain) -{ - struct composite_context *result, *ctx; - struct connect_samr_state *state; - - result = composite_create(mem_ctx, domain->service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct connect_samr_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->sid = dom_sid_dup(state, domain->info->sid); - if (state->sid == NULL) goto failed; - - /* this will make the secondary connection on the same IPC$ share, - secured with SPNEGO, NTLMSSP or SCHANNEL */ - ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe, - domain->samr_binding, - &ndr_table_samr, - domain->libnet_ctx->cred, - domain->libnet_ctx->lp_ctx); - composite_continue(state->ctx, ctx, connect_samr_recv_pipe, state); - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void connect_samr_recv_pipe(struct composite_context *ctx) -{ - struct connect_samr_state *state = - talloc_get_type(ctx->async.private_data, - struct connect_samr_state); - struct tevent_req *subreq; - - state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state, - &state->samr_pipe); - if (!composite_is_ok(state->ctx)) return; - - state->connect_handle = talloc(state, struct policy_handle); - if (composite_nomem(state->connect_handle, state->ctx)) return; - - state->c.in.system_name = - talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->samr_pipe)); - state->c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->c.out.connect_handle = state->connect_handle; - - subreq = dcerpc_samr_Connect2_r_send(state, - state->ctx->event_ctx, - state->samr_pipe->binding_handle, - &state->c); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, connect_samr_recv_conn, state); -} - -static void connect_samr_recv_conn(struct tevent_req *subreq) -{ - struct connect_samr_state *state = - tevent_req_callback_data(subreq, - struct connect_samr_state); - - state->ctx->status = dcerpc_samr_Connect2_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->c.out.result; - if (!composite_is_ok(state->ctx)) return; - - state->domain_handle = talloc(state, struct policy_handle); - if (composite_nomem(state->domain_handle, state->ctx)) return; - - state->o.in.connect_handle = state->connect_handle; - state->o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->o.in.sid = state->sid; - state->o.out.domain_handle = state->domain_handle; - - subreq = dcerpc_samr_OpenDomain_r_send(state, - state->ctx->event_ctx, - state->samr_pipe->binding_handle, - &state->o); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, connect_samr_recv_open, state); -} - -static void connect_samr_recv_open(struct tevent_req *subreq) -{ - struct connect_samr_state *state = - tevent_req_callback_data(subreq, - struct connect_samr_state); - - state->ctx->status = dcerpc_samr_OpenDomain_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->o.out.result; - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_connect_samr_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct dcerpc_pipe **samr_pipe, - struct policy_handle *connect_handle, - struct policy_handle *domain_handle) -{ - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - struct connect_samr_state *state = - talloc_get_type(c->private_data, - struct connect_samr_state); - *samr_pipe = talloc_steal(mem_ctx, state->samr_pipe); - *connect_handle = *state->connect_handle; - *domain_handle = *state->domain_handle; - } - talloc_free(c); - return status; -} - diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c deleted file mode 100644 index 8c08c73a8f2..00000000000 --- a/source4/winbind/wb_dom_info.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Get a struct wb_dom_info for a domain using DNS, netbios, possibly cldap - etc. - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "libcli/resolve/resolve.h" -#include "libcli/security/security.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "libcli/finddc.h" -#include "lib/socket/netif.h" -#include "param/param.h" - -struct get_dom_info_state { - struct composite_context *ctx; - struct wb_dom_info *info; -}; - -static void get_dom_info_recv_addrs(struct tevent_req *req); - -struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *domain_name, - const char *dns_domain_name, - const struct dom_sid *sid) -{ - struct composite_context *result; - struct tevent_req *req; - struct get_dom_info_state *state; - struct dom_sid *dom_sid; - struct finddcs finddcs_io; - - DEBUG(5, ("wb_get_dom_info_send called\n")); - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct get_dom_info_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->info = talloc_zero(state, struct wb_dom_info); - if (state->info == NULL) goto failed; - - state->info->name = talloc_strdup(state->info, domain_name); - if (state->info->name == NULL) goto failed; - - state->info->sid = dom_sid_dup(state->info, sid); - if (state->info->sid == NULL) goto failed; - - if (dom_sid_equal(sid, &global_sid_Builtin) || - ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && - dom_sid_equal(sid, service->primary_sid) && - service->sec_channel_type != SEC_CHAN_RODC)) { - struct interface *ifaces = NULL; - - load_interface_list(state, service->task->lp_ctx, &ifaces); - - state->info->dc = talloc(state->info, struct nbt_dc_name); - - state->info->dc->address = talloc_strdup(state->info->dc, - iface_list_n_ip(ifaces, 0)); - state->info->dc->name = talloc_strdup(state->info->dc, - lpcfg_netbios_name(service->task->lp_ctx)); - - composite_done(state->ctx); - return result; - } - - dom_sid = dom_sid_dup(mem_ctx, sid); - if (dom_sid == NULL) goto failed; - - ZERO_STRUCT(finddcs_io); - finddcs_io.in.domain_name = dns_domain_name; - finddcs_io.in.domain_sid = dom_sid; - finddcs_io.in.minimum_dc_flags = NBT_SERVER_LDAP | NBT_SERVER_DS; - if (service->sec_channel_type == SEC_CHAN_RODC) { - finddcs_io.in.minimum_dc_flags |= NBT_SERVER_WRITABLE; - } - - req = finddcs_cldap_send(mem_ctx, &finddcs_io, - lpcfg_resolve_context(service->task->lp_ctx), - service->task->event_ctx); - if (req == NULL) goto failed; - - tevent_req_set_callback(req, get_dom_info_recv_addrs, state); - - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void get_dom_info_recv_addrs(struct tevent_req *req) -{ - struct get_dom_info_state *state = tevent_req_callback_data(req, struct get_dom_info_state); - struct finddcs finddcs_io; - - state->info->dc = talloc(state->info, struct nbt_dc_name); - - state->ctx->status = finddcs_cldap_recv(req, state->info, &finddcs_io); - if (!composite_is_ok(state->ctx)) return; - - if (finddcs_io.out.netlogon.ntver != NETLOGON_NT_VERSION_5EX) { - /* the finddcs code should have mapped the response to - the type we want */ - DEBUG(0,(__location__ ": unexpected ntver 0x%08x in finddcs response\n", - finddcs_io.out.netlogon.ntver)); - state->ctx->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR; - if (!composite_is_ok(state->ctx)) return; - } - - state->info->dc->address = finddcs_io.out.address; - state->info->dc->name = finddcs_io.out.netlogon.data.nt5_ex.pdc_dns_name; - - composite_done(state->ctx); -} - -NTSTATUS wb_get_dom_info_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, - struct wb_dom_info **result) -{ - NTSTATUS status = composite_wait(ctx); - if (NT_STATUS_IS_OK(status)) { - struct get_dom_info_state *state = - talloc_get_type(ctx->private_data, - struct get_dom_info_state); - *result = talloc_steal(mem_ctx, state->info); - } - talloc_free(ctx); - return status; -} - -NTSTATUS wb_get_dom_info(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *domain_name, - const char *dns_domain_name, - const struct dom_sid *sid, - struct wb_dom_info **result) -{ - struct composite_context *ctx = - wb_get_dom_info_send(mem_ctx, service, domain_name, dns_domain_name, sid); - return wb_get_dom_info_recv(ctx, mem_ctx, result); -} diff --git a/source4/winbind/wb_dom_info_trusted.c b/source4/winbind/wb_dom_info_trusted.c deleted file mode 100644 index af887c854c7..00000000000 --- a/source4/winbind/wb_dom_info_trusted.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Get a struct wb_dom_info for a trusted domain, relying on "our" DC. - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "libcli/resolve/resolve.h" -#include "libcli/security/security.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "librpc/gen_ndr/ndr_netlogon_c.h" -#include "libcli/libcli.h" - -struct trusted_dom_info_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct wbsrv_domain *my_domain; - - struct netr_DsRGetDCName d; - struct netr_GetAnyDCName g; - - struct wb_dom_info *info; -}; - -static void trusted_dom_info_recv_domain(struct composite_context *ctx); -static void trusted_dom_info_recv_dsr(struct tevent_req *subreq); -static void trusted_dom_info_recv_dcname(struct tevent_req *subreq); -static void trusted_dom_info_recv_dcaddr(struct composite_context *ctx); - -struct composite_context *wb_trusted_dom_info_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *domain_name, - const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct trusted_dom_info_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct trusted_dom_info_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->info = talloc_zero(state, struct wb_dom_info); - if (state->info == NULL) goto failed; - - state->service = service; - - state->info->sid = dom_sid_dup(state->info, sid); - if (state->info->sid == NULL) goto failed; - - state->info->name = talloc_strdup(state->info, domain_name); - if (state->info->name == NULL) goto failed; - - ctx = wb_sid2domain_send(state, service, service->primary_sid); - if (ctx == NULL) goto failed; - - ctx->async.fn = trusted_dom_info_recv_domain; - ctx->async.private_data = state; - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void trusted_dom_info_recv_domain(struct composite_context *ctx) -{ - struct trusted_dom_info_state *state = - talloc_get_type(ctx->async.private_data, - struct trusted_dom_info_state); - struct tevent_req *subreq; - - state->ctx->status = wb_sid2domain_recv(ctx, &state->my_domain); - if (!composite_is_ok(state->ctx)) return; - - state->d.in.server_unc = - talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->my_domain->netlogon_pipe)); - if (composite_nomem(state->d.in.server_unc, - state->ctx)) return; - - state->d.in.domain_name = state->info->name; - state->d.in.domain_guid = NULL; - state->d.in.site_guid = NULL; - state->d.in.flags = DS_RETURN_DNS_NAME; - state->d.out.info = talloc(state, struct netr_DsRGetDCNameInfo *); - if (composite_nomem(state->d.out.info, state->ctx)) return; - - subreq = dcerpc_netr_DsRGetDCName_r_send(state, - state->ctx->event_ctx, - state->my_domain->netlogon_pipe->binding_handle, - &state->d); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, trusted_dom_info_recv_dsr, state); -} - -/* - * dcerpc_netr_DsRGetDCName has replied - */ - -static void trusted_dom_info_recv_dsr(struct tevent_req *subreq) -{ - struct trusted_dom_info_state *state = - tevent_req_callback_data(subreq, - struct trusted_dom_info_state); - - state->ctx->status = dcerpc_netr_DsRGetDCName_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(state->ctx->status)) { - DEBUG(9, ("dcerpc_netr_DsRGetDCName_recv returned %s\n", - nt_errstr(state->ctx->status))); - goto fallback; - } - - state->ctx->status = - werror_to_ntstatus(state->d.out.result); - if (!NT_STATUS_IS_OK(state->ctx->status)) { - DEBUG(9, ("dsrgetdcname returned %s\n", - nt_errstr(state->ctx->status))); - goto fallback; - } - - /* Hey, that was easy! */ - state->info->dc = talloc(state->info, struct nbt_dc_name); - state->info->dc->name = talloc_steal(state->info, - (*state->d.out.info)->dc_unc); - if (*state->info->dc->name == '\\') state->info->dc->name++; - if (*state->info->dc->name == '\\') state->info->dc->name++; - - state->info->dc->address = talloc_steal(state->info, - (*state->d.out.info)->dc_address); - if (*state->info->dc->address == '\\') state->info->dc->address++; - if (*state->info->dc->address == '\\') state->info->dc->address++; - - state->info->dns_name = talloc_steal(state->info, - (*state->d.out.info)->domain_name); - - composite_done(state->ctx); - return; - - fallback: - - state->g.in.logon_server = talloc_asprintf( - state, "\\\\%s", - dcerpc_server_name(state->my_domain->netlogon_pipe)); - state->g.in.domainname = state->info->name; - state->g.out.dcname = talloc(state, const char *); - - subreq = dcerpc_netr_GetAnyDCName_r_send(state, - state->ctx->event_ctx, - state->my_domain->netlogon_pipe->binding_handle, - &state->g); - if (composite_nomem(subreq, state->ctx)) return; - - tevent_req_set_callback(subreq, trusted_dom_info_recv_dcname, state); -} - -static void trusted_dom_info_recv_dcname(struct tevent_req *subreq) -{ - struct trusted_dom_info_state *state = - tevent_req_callback_data(subreq, - struct trusted_dom_info_state); - struct composite_context *ctx; - struct nbt_name name; - - state->ctx->status = dcerpc_netr_GetAnyDCName_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = werror_to_ntstatus(state->g.out.result); - if (!composite_is_ok(state->ctx)) return; - - /* Hey, that was easy! */ - state->info->dc = talloc(state->info, struct nbt_dc_name); - state->info->dc->name = talloc_steal(state->info, - *(state->g.out.dcname)); - if (*state->info->dc->name == '\\') state->info->dc->name++; - if (*state->info->dc->name == '\\') state->info->dc->name++; - - make_nbt_name(&name, state->info->dc->name, 0x20); - ctx = resolve_name_send(lpcfg_resolve_context(state->service->task->lp_ctx), state, - &name, state->service->task->event_ctx); - - composite_continue(state->ctx, ctx, trusted_dom_info_recv_dcaddr, - state); -} - -static void trusted_dom_info_recv_dcaddr(struct composite_context *ctx) -{ - struct trusted_dom_info_state *state = - talloc_get_type(ctx->async.private_data, - struct trusted_dom_info_state); - - state->ctx->status = resolve_name_recv(ctx, state->info, - &state->info->dc->address); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_trusted_dom_info_recv(struct composite_context *ctx, - TALLOC_CTX *mem_ctx, - struct wb_dom_info **result) -{ - NTSTATUS status = composite_wait(ctx); - if (NT_STATUS_IS_OK(status)) { - struct trusted_dom_info_state *state = - talloc_get_type(ctx->private_data, - struct trusted_dom_info_state); - *result = talloc_steal(mem_ctx, state->info); - } - talloc_free(ctx); - return status; -} - -NTSTATUS wb_trusted_dom_info(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const char *domain_name, - const struct dom_sid *sid, - struct wb_dom_info **result) -{ - struct composite_context *ctx = - wb_trusted_dom_info_send(mem_ctx, service, domain_name, sid); - return wb_trusted_dom_info_recv(ctx, mem_ctx, result); -} diff --git a/source4/winbind/wb_gid2sid.c b/source4/winbind/wb_gid2sid.c deleted file mode 100644 index 67a145e909d..00000000000 --- a/source4/winbind/wb_gid2sid.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -G - - Copyright (C) 2007-2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct gid2sid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct dom_sid *sid; -}; - -static void gid2sid_recv_sid(struct composite_context *ctx); - -struct composite_context *wb_gid2sid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, gid_t gid) -{ - struct composite_context *result, *ctx; - struct gid2sid_state *state; - struct id_map *ids; - - DEBUG(5, ("wb_gid2sid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct gid2sid_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - ids = talloc(result, struct id_map); - if (composite_nomem(ids, result)) return result; - ids->xid.id = gid; - ids->xid.type = ID_TYPE_GID; - ids->sid = NULL; - - ctx = wb_xids2sids_send(result, service, 1, ids); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, gid2sid_recv_sid, state); - return result; -} - -static void gid2sid_recv_sid(struct composite_context *ctx) -{ - struct gid2sid_state *state = talloc_get_type(ctx->async.private_data, - struct gid2sid_state); - struct id_map *ids = NULL; - state->ctx->status = wb_xids2sids_recv(ctx, &ids); - if (!composite_is_ok(state->ctx)) return; - - if (ids->status != ID_MAPPED) { - composite_error(state->ctx, NT_STATUS_UNSUCCESSFUL); - return; - } - - state->sid = ids->sid; - composite_done(state->ctx); -} - -NTSTATUS wb_gid2sid_recv(struct composite_context *ctx, TALLOC_CTX *mem_ctx, - struct dom_sid **sid) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_gid2sid_recv called.\n")); - - if (NT_STATUS_IS_OK(status)) { - struct gid2sid_state *state = - talloc_get_type(ctx->private_data, - struct gid2sid_state); - *sid = talloc_steal(mem_ctx, state->sid); - } - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c deleted file mode 100644 index e768c48c1ec..00000000000 --- a/source4/winbind/wb_init_domain.c +++ /dev/null @@ -1,485 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - A composite API for initializing a domain - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "librpc/gen_ndr/ndr_netlogon.h" -#include "librpc/gen_ndr/ndr_lsa_c.h" -#include "librpc/gen_ndr/ndr_samr_c.h" -#include "libcli/libcli.h" - -#include "libcli/security/security.h" - - -#include "auth/credentials/credentials.h" -#include "param/param.h" - -/* - * Initialize a domain: - * - * - With schannel credentials, try to open the SMB connection and - * NETLOGON pipe with the machine creds. This works against W2k3SP1 - * with an NTLMSSP session setup. Fall back to anonymous (for the CIFS level). - * - * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon - * pipe. - * - * - Open LSA. If we have machine creds, try to open with SPNEGO or NTLMSSP. Fall back - * to schannel. - * - * - With queryinfopolicy, verify that we're talking to the right domain - * - * A bit complex, but with all the combinations I think it's the best we can - * get. NT4, W2k3 and W2k all have different combinations, but in the end we - * have a signed&sealed lsa connection on all of them. - * - * Not sure if it is overkill, but it seems to work. - */ - -struct init_domain_state { - struct composite_context *ctx; - struct wbsrv_domain *domain; - struct wbsrv_service *service; - - struct lsa_ObjectAttribute objectattr; - struct lsa_OpenPolicy2 lsa_openpolicy; - struct lsa_QueryInfoPolicy queryinfo; - union lsa_PolicyInformation *info; -}; - -static void init_domain_recv_netlogonpipe(struct composite_context *ctx); -static void init_domain_recv_lsa_pipe(struct composite_context *ctx); -static void init_domain_recv_lsa_policy(struct tevent_req *subreq); -static void init_domain_recv_queryinfo(struct tevent_req *subreq); -static void init_domain_recv_samr(struct composite_context *ctx); - -static struct dcerpc_binding *init_domain_binding(struct init_domain_state *state, - const struct ndr_interface_table *table) -{ - struct dcerpc_binding *binding; - enum dcerpc_transport_t transport; - char *s; - NTSTATUS status; - - /* Make a binding string */ - if ((lpcfg_server_role(state->service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && - dom_sid_equal(state->domain->info->sid, state->service->primary_sid) && - state->service->sec_channel_type != SEC_CHAN_RODC) { - s = talloc_asprintf(state, "ncalrpc:%s[target_hostname=%s]", - state->domain->dc_address, - state->domain->dc_name); - if (s == NULL) return NULL; - } else { - s = talloc_asprintf(state, "ncacn_np:%s[target_hostname=%s]", - state->domain->dc_address, - state->domain->dc_name); - if (s == NULL) return NULL; - - } - status = dcerpc_parse_binding(state, s, &binding); - talloc_free(s); - if (!NT_STATUS_IS_OK(status)) { - return NULL; - } - - transport = dcerpc_binding_get_transport(binding); - if (transport == NCALRPC) { - return binding; - } - - /* This shouldn't make a network call, as the mappings for named pipes are well known */ - status = dcerpc_epm_map_binding(binding, binding, table, state->service->task->event_ctx, - state->service->task->lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - return NULL; - } - - return binding; -} - -struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - struct wb_dom_info *dom_info) -{ - struct composite_context *result, *ctx; - struct init_domain_state *state; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc_zero(result, struct init_domain_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - state->service = service; - - state->domain = talloc(state, struct wbsrv_domain); - if (state->domain == NULL) goto failed; - - state->domain->service = service; - - state->domain->info = talloc_reference(state->domain, dom_info); - if (state->domain->info == NULL) goto failed; - - state->domain->dc_name = dom_info->dc->name; - state->domain->dc_address = dom_info->dc->address; - - state->domain->libnet_ctx = libnet_context_init(service->task->event_ctx, - service->task->lp_ctx); - if (state->domain->libnet_ctx == NULL) goto failed; - talloc_steal(state->domain, state->domain->libnet_ctx); - - /* Create a credentials structure */ - state->domain->libnet_ctx->cred = cli_credentials_init(state->domain); - if (state->domain->libnet_ctx->cred == NULL) goto failed; - - cli_credentials_set_conf(state->domain->libnet_ctx->cred, service->task->lp_ctx); - - /* Connect the machine account to the credentials */ - state->ctx->status = - cli_credentials_set_machine_account(state->domain->libnet_ctx->cred, state->domain->libnet_ctx->lp_ctx); - if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed; - - state->domain->netlogon_binding = init_domain_binding(state, &ndr_table_netlogon); - - state->domain->netlogon_pipe = NULL; - - state->domain->netlogon_queue = tevent_queue_create(state->domain, - "netlogon_queue"); - if (state->domain->netlogon_queue == NULL) goto failed; - - /* We start the queue when the connection is usable */ - tevent_queue_stop(state->domain->netlogon_queue); - - if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) && - ((lpcfg_server_role(service->task->lp_ctx) == ROLE_DOMAIN_MEMBER) || - (lpcfg_server_role(service->task->lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC)) && - (dom_sid_equal(state->domain->info->sid, - state->service->primary_sid))) { - uint32_t flags = DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO; - - /* For debugging, it can be a real pain if all the traffic is encrypted */ - if (lpcfg_winbind_sealed_pipes(service->task->lp_ctx)) { - flags |= DCERPC_SIGN | DCERPC_SEAL; - } else { - flags |= DCERPC_SIGN; - } - state->ctx->status = dcerpc_binding_set_flags(state->domain->netlogon_binding, - flags, 0); - if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed; - } - - /* No encryption on anonymous pipes */ - - ctx = dcerpc_pipe_connect_b_send(state, state->domain->netlogon_binding, - &ndr_table_netlogon, - state->domain->libnet_ctx->cred, - service->task->event_ctx, - service->task->lp_ctx); - - if (composite_nomem(ctx, state->ctx)) { - goto failed; - } - - composite_continue(state->ctx, ctx, init_domain_recv_netlogonpipe, - state); - return result; - failed: - talloc_free(result); - return NULL; -} - -/* Having make a netlogon connection (possibly secured with schannel), - * make an LSA connection to the same DC, on the same IPC$ share */ -static void init_domain_recv_netlogonpipe(struct composite_context *ctx) -{ - struct init_domain_state *state = - talloc_get_type(ctx->async.private_data, - struct init_domain_state); - uint32_t flags; - - state->ctx->status = dcerpc_pipe_connect_b_recv(ctx, state->domain, - &state->domain->netlogon_pipe); - - if (!composite_is_ok(state->ctx)) { - return; - } - talloc_reparent(state, state->domain->netlogon_pipe, state->domain->netlogon_binding); - - /* the netlogon connection is ready */ - tevent_queue_start(state->domain->netlogon_queue); - - state->domain->lsa_binding = init_domain_binding(state, &ndr_table_lsarpc); - - /* For debugging, it can be a real pain if all the traffic is encrypted */ - if (lpcfg_winbind_sealed_pipes(state->service->task->lp_ctx)) { - flags = DCERPC_SIGN | DCERPC_SEAL; - } else { - flags = DCERPC_SIGN; - } - state->ctx->status = dcerpc_binding_set_flags(state->domain->lsa_binding, - flags, 0); - if (!composite_is_ok(state->ctx)) { - return; - } - - state->domain->libnet_ctx->lsa.pipe = NULL; - state->domain->libnet_ctx->lsa.lsa_handle = NULL; - - /* this will make the secondary connection on the same IPC$ share, - secured with SPNEGO or NTLMSSP */ - ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, - state->domain->lsa_binding, - &ndr_table_lsarpc, - state->domain->libnet_ctx->cred, - state->domain->libnet_ctx->lp_ctx - ); - composite_continue(state->ctx, ctx, init_domain_recv_lsa_pipe, state); -} - -static bool retry_with_schannel(struct init_domain_state *state, - struct dcerpc_binding *binding, - const struct ndr_interface_table *table, - void (*continuation)(struct composite_context *)) -{ - struct composite_context *ctx; - uint32_t nflags; - uint32_t bflags; - - state->ctx->status = NT_STATUS_OK; - - nflags = dcerpc_binding_get_flags(state->domain->netlogon_binding); - bflags = dcerpc_binding_get_flags(binding); - - if ((nflags & DCERPC_SCHANNEL) && !(bflags & DCERPC_SCHANNEL)) { - /* Opening a policy handle failed, perhaps it was - * because we don't get a 'wrong password' error on - * NTLMSSP binds */ - - /* Try again with schannel */ - bflags |= DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO; - - state->ctx->status = dcerpc_binding_set_flags(binding, bflags, 0); - if (!composite_is_ok(state->ctx)) return true; - - /* Try again, likewise on the same IPC$ share, - secured with SCHANNEL */ - ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, - binding, - table, - state->domain->libnet_ctx->cred, - state->domain->libnet_ctx->lp_ctx); - composite_continue(state->ctx, ctx, continuation, state); - return true; - } else { - return false; - } -} -/* We should now have either an authenticated LSA pipe, or an error. - * On success, open a policy handle - */ -static void init_domain_recv_lsa_pipe(struct composite_context *ctx) -{ - struct init_domain_state *state = - talloc_get_type(ctx->async.private_data, - struct init_domain_state); - struct tevent_req *subreq; - - state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state->domain, - &state->domain->libnet_ctx->lsa.pipe); - if (NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_LOGON_FAILURE)) { - if (retry_with_schannel(state, state->domain->lsa_binding, - &ndr_table_lsarpc, - init_domain_recv_lsa_pipe)) { - return; - } - } - if (!composite_is_ok(state->ctx)) return; - - talloc_steal(state->domain->libnet_ctx, state->domain->libnet_ctx->lsa.pipe); - talloc_reparent(state, state->domain->libnet_ctx->lsa.pipe, state->domain->lsa_binding); - state->domain->libnet_ctx->lsa.lsa_handle = - state->domain->libnet_ctx->lsa.pipe->binding_handle; - state->domain->libnet_ctx->lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->domain->libnet_ctx->lsa.name = state->domain->info->name; - - ZERO_STRUCT(state->domain->libnet_ctx->lsa.handle); - state->lsa_openpolicy.in.system_name = - talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe)); - ZERO_STRUCT(state->objectattr); - state->lsa_openpolicy.in.attr = &state->objectattr; - state->lsa_openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->lsa_openpolicy.out.handle = &state->domain->libnet_ctx->lsa.handle; - - subreq = dcerpc_lsa_OpenPolicy2_r_send(state, - state->ctx->event_ctx, - state->domain->libnet_ctx->lsa.pipe->binding_handle, - &state->lsa_openpolicy); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, init_domain_recv_lsa_policy, state); -} - -/* Receive a policy handle (or not, and retry the authentication) and - * obtain some basic information about the domain */ - -static void init_domain_recv_lsa_policy(struct tevent_req *subreq) -{ - struct init_domain_state *state = - tevent_req_callback_data(subreq, - struct init_domain_state); - - state->ctx->status = dcerpc_lsa_OpenPolicy2_r_recv(subreq, state); - TALLOC_FREE(subreq); - if ((!NT_STATUS_IS_OK(state->ctx->status) - || !NT_STATUS_IS_OK(state->lsa_openpolicy.out.result))) { - if (retry_with_schannel(state, state->domain->lsa_binding, - &ndr_table_lsarpc, - init_domain_recv_lsa_pipe)) { - return; - } - } - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->lsa_openpolicy.out.result; - if (!composite_is_ok(state->ctx)) return; - - state->info = talloc_zero(state->ctx, union lsa_PolicyInformation); - if (composite_nomem(state->info, state->ctx)) return; - - state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle; - state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN; - state->queryinfo.out.info = &state->info; - - subreq = dcerpc_lsa_QueryInfoPolicy_r_send(state, - state->ctx->event_ctx, - state->domain->libnet_ctx->lsa.pipe->binding_handle, - &state->queryinfo); - if (composite_nomem(subreq, state->ctx)) return; - tevent_req_set_callback(subreq, init_domain_recv_queryinfo, state); -} - -static void init_domain_recv_queryinfo(struct tevent_req *subreq) -{ - struct init_domain_state *state = - tevent_req_callback_data(subreq, - struct init_domain_state); - struct lsa_DomainInfo *dominfo; - struct composite_context *ctx; - uint32_t lflags; - - state->ctx->status = dcerpc_lsa_QueryInfoPolicy_r_recv(subreq, state); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - state->ctx->status = state->queryinfo.out.result; - if (!composite_is_ok(state->ctx)) return; - - if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) { - dominfo = &(*state->queryinfo.out.info)->account_domain; - - if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) { - DEBUG(2, ("Expected domain name %s, DC %s said %s\n", - state->domain->info->name, - dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), - dominfo->name.string)); - composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); - return; - } - - if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) { - DEBUG(2, ("Expected domain sid %s, DC %s said %s\n", - dom_sid_string(state, state->domain->info->sid), - dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), - dom_sid_string(state, dominfo->sid))); - composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); - return; - } - } - - state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr); - - /* We want to use the same flags as the LSA pipe did (so, if - * it needed schannel, then we need that here too) */ - lflags = dcerpc_binding_get_flags(state->domain->lsa_binding); - state->ctx->status = dcerpc_binding_set_flags(state->domain->samr_binding, - lflags, 0); - if (!composite_is_ok(state->ctx)) return; - - state->domain->libnet_ctx->samr.pipe = NULL; - state->domain->libnet_ctx->samr.samr_handle = NULL; - - ctx = wb_connect_samr_send(state, state->domain); - composite_continue(state->ctx, ctx, init_domain_recv_samr, state); -} - -/* Recv the SAMR details (SamrConnect and SamrOpenDomain handle) and - * open an LDAP connection */ -static void init_domain_recv_samr(struct composite_context *ctx) -{ - struct init_domain_state *state = - talloc_get_type(ctx->async.private_data, - struct init_domain_state); - - state->ctx->status = wb_connect_samr_recv( - ctx, state->domain, - &state->domain->libnet_ctx->samr.pipe, - &state->domain->libnet_ctx->samr.connect_handle, - &state->domain->libnet_ctx->samr.handle); - if (!composite_is_ok(state->ctx)) return; - - talloc_reparent(state, state->domain->libnet_ctx->samr.pipe, state->domain->samr_binding); - state->domain->libnet_ctx->samr.samr_handle = - state->domain->libnet_ctx->samr.pipe->binding_handle; - state->domain->libnet_ctx->samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->domain->libnet_ctx->samr.name = state->domain->info->name; - state->domain->libnet_ctx->samr.sid = dom_sid_dup( - state->domain->libnet_ctx, - state->domain->info->sid); - - composite_done(state->ctx); -} - -NTSTATUS wb_init_domain_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct wbsrv_domain **result) -{ - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - struct init_domain_state *state = - talloc_get_type(c->private_data, - struct init_domain_state); - *result = talloc_steal(mem_ctx, state->domain); - } - talloc_free(c); - return status; -} - -NTSTATUS wb_init_domain(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - struct wb_dom_info *dom_info, - struct wbsrv_domain **result) -{ - struct composite_context *c = - wb_init_domain_send(mem_ctx, service, dom_info); - return wb_init_domain_recv(c, mem_ctx, result); -} diff --git a/source4/winbind/wb_irpc.c b/source4/winbind/wb_irpc.c deleted file mode 100644 index 7a4ca69baa8..00000000000 --- a/source4/winbind/wb_irpc.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main winbindd irpc handlers - - Copyright (C) Stefan Metzmacher 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "winbind/wb_server.h" -#include "lib/messaging/irpc.h" -#include "libcli/composite/composite.h" -#include "librpc/gen_ndr/ndr_winbind.h" -#include "smbd/service_task.h" - -struct wb_irpc_SamLogon_state { - struct irpc_message *msg; - struct winbind_SamLogon *req; -}; - -static void wb_irpc_SamLogon_callback(struct tevent_req *subreq); - -static NTSTATUS wb_irpc_SamLogon(struct irpc_message *msg, - struct winbind_SamLogon *req) -{ - struct wbsrv_service *service = talloc_get_type(msg->private_data, - struct wbsrv_service); - struct wb_irpc_SamLogon_state *s; - struct tevent_req *subreq; - - DEBUG(5, ("wb_irpc_SamLogon called\n")); - - s = talloc(msg, struct wb_irpc_SamLogon_state); - NT_STATUS_HAVE_NO_MEMORY(s); - - s->msg = msg; - s->req = req; - - subreq = wb_sam_logon_send(s, - service->task->event_ctx, - service, req); - NT_STATUS_HAVE_NO_MEMORY(subreq); - - tevent_req_set_callback(subreq, wb_irpc_SamLogon_callback, s); - - msg->defer_reply = true; - return NT_STATUS_OK; -} - -static void wb_irpc_SamLogon_callback(struct tevent_req *subreq) -{ - struct wb_irpc_SamLogon_state *s = - tevent_req_callback_data(subreq, - struct wb_irpc_SamLogon_state); - NTSTATUS status; - - DEBUG(5, ("wb_irpc_SamLogon_callback called\n")); - - status = wb_sam_logon_recv(subreq, s, s->req); - TALLOC_FREE(subreq); - - irpc_send_reply(s->msg, status); -} - -struct wb_irpc_DsrUpdateReadOnlyServerDnsRecords_state { - struct irpc_message *msg; - struct winbind_DsrUpdateReadOnlyServerDnsRecords *req; -}; - -static void wb_irpc_DsrUpdateReadOnlyServerDnsRecords_callback(struct tevent_req *subreq); - -static NTSTATUS wb_irpc_DsrUpdateReadOnlyServerDnsRecords(struct irpc_message *msg, - struct winbind_DsrUpdateReadOnlyServerDnsRecords *req) -{ - struct wbsrv_service *service = talloc_get_type(msg->private_data, - struct wbsrv_service); - struct wb_irpc_DsrUpdateReadOnlyServerDnsRecords_state *s; - struct tevent_req *subreq; - - DEBUG(5, ("wb_irpc_DsrUpdateReadOnlyServerDnsRecords called\n")); - - s = talloc(msg, struct wb_irpc_DsrUpdateReadOnlyServerDnsRecords_state); - NT_STATUS_HAVE_NO_MEMORY(s); - - s->msg = msg; - s->req = req; - - subreq = wb_update_rodc_dns_send(s, - service->task->event_ctx, - service, req); - NT_STATUS_HAVE_NO_MEMORY(subreq); - - tevent_req_set_callback(subreq, - wb_irpc_DsrUpdateReadOnlyServerDnsRecords_callback, - s); - - msg->defer_reply = true; - return NT_STATUS_OK; -} - -static void wb_irpc_DsrUpdateReadOnlyServerDnsRecords_callback(struct tevent_req *subreq) -{ - struct wb_irpc_DsrUpdateReadOnlyServerDnsRecords_state *s = - tevent_req_callback_data(subreq, - struct wb_irpc_DsrUpdateReadOnlyServerDnsRecords_state); - NTSTATUS status; - - DEBUG(5, ("wb_irpc_DsrUpdateReadOnlyServerDnsRecords_callback called\n")); - - status = wb_update_rodc_dns_recv(subreq, s, s->req); - TALLOC_FREE(subreq); - - irpc_send_reply(s->msg, status); -} - -NTSTATUS wbsrv_init_irpc(struct wbsrv_service *service) -{ - NTSTATUS status; - - irpc_add_name(service->task->msg_ctx, "winbind_server"); - - status = IRPC_REGISTER(service->task->msg_ctx, winbind, WINBIND_SAMLOGON, - wb_irpc_SamLogon, service); - NT_STATUS_NOT_OK_RETURN(status); - - status = IRPC_REGISTER(service->task->msg_ctx, winbind, WINBIND_DSRUPDATEREADONLYSERVERDNSRECORDS, - wb_irpc_DsrUpdateReadOnlyServerDnsRecords, service); - NT_STATUS_NOT_OK_RETURN(status); - - return NT_STATUS_OK; -} diff --git a/source4/winbind/wb_name2domain.c b/source4/winbind/wb_name2domain.c deleted file mode 100644 index 9da3d43ebcf..00000000000 --- a/source4/winbind/wb_name2domain.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Find and init a domain struct for a name - - Copyright (C) Kai Blin 2007 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "winbind/wb_helper.h" - -struct name2domain_state { - struct composite_context *ctx; - struct wbsrv_service *service; - - struct wbsrv_domain *domain; -}; - -static void name2domain_recv_sid(struct composite_context *ctx); -static void name2domain_recv_domain(struct composite_context *ctx); - -struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, const char* name) -{ - struct composite_context *result, *ctx; - struct name2domain_state *state; - char *user_dom, *user_name; - bool ok; - - DEBUG(5, ("wb_name2domain_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct name2domain_state); - if (composite_nomem(state, result)) return result; - state->ctx = result; - result->private_data = state; - state->service = service; - - ok = wb_samba3_split_username(state, service->task->lp_ctx, name, &user_dom, &user_name); - if(!ok) { - composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID); - return result; - } - - ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); - if (composite_nomem(ctx, state->ctx)) return result; - - composite_continue(result, ctx, name2domain_recv_sid, state); - return result; -} - -static void name2domain_recv_sid(struct composite_context *ctx) -{ - struct name2domain_state *state = - talloc_get_type(ctx->async.private_data, - struct name2domain_state); - struct wb_sid_object *sid; - - DEBUG(5, ("name2domain_recv_sid called\n")); - - state->ctx->status = wb_cmd_lookupname_recv(ctx, state, &sid); - if(!composite_is_ok(state->ctx)) return; - - ctx = wb_sid2domain_send(state, state->service, sid->sid); - - composite_continue(state->ctx, ctx, name2domain_recv_domain, state); -} - -static void name2domain_recv_domain(struct composite_context *ctx) -{ - struct name2domain_state *state = - talloc_get_type(ctx->async.private_data, - struct name2domain_state); - struct wbsrv_domain *domain; - - DEBUG(5, ("name2domain_recv_domain called\n")); - - state->ctx->status = wb_sid2domain_recv(ctx, &domain); - if(!composite_is_ok(state->ctx)) return; - - state->domain = domain; - - composite_done(state->ctx); -} - -NTSTATUS wb_name2domain_recv(struct composite_context *ctx, - struct wbsrv_domain **result) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_name2domain_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct name2domain_state *state = - talloc_get_type(ctx->private_data, - struct name2domain_state); - *result = state->domain; - } - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c deleted file mode 100644 index c84b51f4fe9..00000000000 --- a/source4/winbind/wb_pam_auth.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Authenticate a user - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "auth/credentials/credentials.h" -#include "libcli/auth/libcli_auth.h" -#include "librpc/gen_ndr/ndr_netlogon.h" -#include "librpc/gen_ndr/winbind.h" -#include "param/param.h" - -/* Oh, there is so much to keep an eye on when authenticating a user. Oh my! */ -struct pam_auth_crap_state { - struct composite_context *ctx; - struct tevent_context *event_ctx; - struct loadparm_context *lp_ctx; - - struct winbind_SamLogon *req; - char *unix_username; - - struct netr_NetworkInfo ninfo; - struct netr_LogonSamLogon r; - - const char *user_name; - const char *domain_name; - - struct netr_UserSessionKey user_session_key; - struct netr_LMSessionKey lm_key; - DATA_BLOB info3; -}; - -/* - * NTLM authentication. -*/ - -static void pam_auth_crap_recv_logon(struct tevent_req *subreq); - -struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - uint32_t logon_parameters, - const char *domain, - const char *user, - const char *workstation, - DATA_BLOB chal, - DATA_BLOB nt_resp, - DATA_BLOB lm_resp) -{ - struct composite_context *result; - struct pam_auth_crap_state *state; - struct netr_NetworkInfo *ninfo; - DATA_BLOB tmp_nt_resp, tmp_lm_resp; - struct tevent_req *subreq; - - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct pam_auth_crap_state); - if (state == NULL) goto failed; - state->ctx = result; - state->lp_ctx = service->task->lp_ctx; - result->private_data = state; - - state->req = talloc(state, struct winbind_SamLogon); - - state->req->in.logon_level = 2; - state->req->in.validation_level = 3; - ninfo = state->req->in.logon.network = talloc(state, struct netr_NetworkInfo); - if (ninfo == NULL) goto failed; - - ninfo->identity_info.account_name.string = talloc_strdup(state, user); - ninfo->identity_info.domain_name.string = talloc_strdup(state, domain); - ninfo->identity_info.parameter_control = logon_parameters; - ninfo->identity_info.logon_id_low = 0; - ninfo->identity_info.logon_id_high = 0; - ninfo->identity_info.workstation.string = talloc_strdup(state, workstation); - - SMB_ASSERT(chal.length == sizeof(ninfo->challenge)); - memcpy(ninfo->challenge, chal.data, - sizeof(ninfo->challenge)); - - tmp_nt_resp = data_blob_talloc(ninfo, nt_resp.data, nt_resp.length); - if ((nt_resp.data != NULL) && - (tmp_nt_resp.data == NULL)) goto failed; - - tmp_lm_resp = data_blob_talloc(ninfo, lm_resp.data, lm_resp.length); - if ((lm_resp.data != NULL) && - (tmp_lm_resp.data == NULL)) goto failed; - - ninfo->nt.length = tmp_nt_resp.length; - ninfo->nt.data = tmp_nt_resp.data; - ninfo->lm.length = tmp_lm_resp.length; - ninfo->lm.data = tmp_lm_resp.data; - - state->unix_username = NULL; - - subreq = wb_sam_logon_send(state, - service->task->event_ctx, - service, state->req); - if (subreq == NULL) goto failed; - tevent_req_set_callback(subreq, pam_auth_crap_recv_logon, state); - return result; - - failed: - talloc_free(result); - return NULL; -} - -/* - NTLM Authentication - - Send of a SamLogon request to authenticate a user. -*/ -static void pam_auth_crap_recv_logon(struct tevent_req *subreq) -{ - DATA_BLOB tmp_blob; - enum ndr_err_code ndr_err; - struct netr_SamBaseInfo *base; - struct pam_auth_crap_state *state = - tevent_req_callback_data(subreq, - struct pam_auth_crap_state); - - state->ctx->status = wb_sam_logon_recv(subreq, state, state->req); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - - ndr_err = ndr_push_struct_blob( - &tmp_blob, state, state->req->out.validation.sam3, - (ndr_push_flags_fn_t)ndr_push_netr_SamInfo3); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - state->ctx->status = ndr_map_error2ntstatus(ndr_err); - if (!composite_is_ok(state->ctx)) return; - } - - /* The Samba3 protocol is a bit broken (due to non-IDL - * heritage, so for compatability we must add a non-zero 4 - * bytes to the info3 */ - state->info3 = data_blob_talloc(state, NULL, tmp_blob.length+4); - if (composite_nomem(state->info3.data, state->ctx)) return; - - SIVAL(state->info3.data, 0, 1); - memcpy(state->info3.data+4, tmp_blob.data, tmp_blob.length); - - base = &state->req->out.validation.sam3->base; - - state->user_session_key = base->key; - state->lm_key = base->LMSessKey; - - /* Give the caller the most accurate username possible. - * Assists where case sensitive comparisons may be done by our - * ntlm_auth callers */ - if (base->account_name.string) { - state->user_name = base->account_name.string; - talloc_steal(state, base->account_name.string); - } - if (base->logon_domain.string) { - state->domain_name = base->logon_domain.string; - talloc_steal(state, base->logon_domain.string); - } - - state->unix_username = talloc_asprintf(state, "%s%s%s", - state->domain_name, - lpcfg_winbind_separator(state->lp_ctx), - state->user_name); - if (composite_nomem(state->unix_username, state->ctx)) return; - - composite_done(state->ctx); -} - -/* Having received a NTLM authentication reply, parse out the useful - * reply data for the caller */ -NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - DATA_BLOB *info3, - struct netr_UserSessionKey *user_session_key, - struct netr_LMSessionKey *lm_key, - char **unix_username) -{ - struct pam_auth_crap_state *state = - talloc_get_type(c->private_data, struct pam_auth_crap_state); - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - info3->length = state->info3.length; - info3->data = talloc_steal(mem_ctx, state->info3.data); - *user_session_key = state->user_session_key; - *lm_key = state->lm_key; - *unix_username = talloc_steal(mem_ctx, state->unix_username); - } - talloc_free(state); - return status; -} - -/* Handle plaintext authentication, by encrypting the password and - * then sending via the NTLM calls */ - -struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - struct cli_credentials *credentials) -{ - const char *workstation; - NTSTATUS status; - const char *user, *domain; - DATA_BLOB chal, nt_resp, lm_resp, names_blob; - int flags = CLI_CRED_NTLM_AUTH; - if (lpcfg_client_lanman_auth(service->task->lp_ctx)) { - flags |= CLI_CRED_LANMAN_AUTH; - } - - if (lpcfg_client_ntlmv2_auth(service->task->lp_ctx)) { - flags |= CLI_CRED_NTLMv2_AUTH; - } - - DEBUG(5, ("wbsrv_samba3_pam_auth called\n")); - - chal = data_blob_talloc(mem_ctx, NULL, 8); - if (!chal.data) { - return NULL; - } - generate_random_buffer(chal.data, chal.length); - cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, - &user, &domain); - /* for best compatability with multiple vitual netbios names - * on the host, this should be generated from the - * cli_credentials associated with the machine account */ - workstation = cli_credentials_get_workstation(credentials); - - names_blob = NTLMv2_generate_names_blob( - mem_ctx, - cli_credentials_get_workstation(credentials), - cli_credentials_get_domain(credentials)); - - status = cli_credentials_get_ntlm_response( - credentials, mem_ctx, &flags, chal, names_blob, - &lm_resp, &nt_resp, NULL, NULL); - if (!NT_STATUS_IS_OK(status)) { - return NULL; - } - return wb_cmd_pam_auth_crap_send(mem_ctx, service, - MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT|MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT /* logon parameters */, - domain, user, workstation, - chal, nt_resp, lm_resp); -} - -NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - DATA_BLOB *info3, - struct netr_UserSessionKey *user_session_key, - struct netr_LMSessionKey *lm_key, - char **unix_username) -{ - struct pam_auth_crap_state *state = - talloc_get_type(c->private_data, struct pam_auth_crap_state); - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - if (info3) { - info3->length = state->info3.length; - info3->data = talloc_steal(mem_ctx, state->info3.data); - } - if (user_session_key) { - *user_session_key = state->user_session_key; - } - if (lm_key) { - *lm_key = state->lm_key; - } - if (unix_username) { - *unix_username = talloc_steal(mem_ctx, state->unix_username); - } - } - talloc_free(state); - return status; -} diff --git a/source4/winbind/wb_sam_logon.c b/source4/winbind/wb_sam_logon.c deleted file mode 100644 index e940082791e..00000000000 --- a/source4/winbind/wb_sam_logon.c +++ /dev/null @@ -1,243 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Do a netr_LogonSamLogon to a remote DC - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 - Copyright (C) Stefan Metzmacher 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include <tevent.h> -#include "../lib/util/tevent_ntstatus.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "auth/credentials/credentials.h" -#include "libcli/auth/libcli_auth.h" -#include "librpc/gen_ndr/ndr_netlogon_c.h" -#include "librpc/gen_ndr/winbind.h" - -struct wb_sam_logon_state { - struct tevent_context *ev; - - struct winbind_SamLogon *req; - - struct wbsrv_domain *domain; - struct tevent_queue_entry *queue_entry; - struct netlogon_creds_CredentialState *creds_state; - struct netr_Authenticator auth1, auth2; - - TALLOC_CTX *r_mem_ctx; - struct netr_LogonSamLogon r; -}; - -static void wb_sam_logon_recv_domain(struct composite_context *ctx); -static void wb_sam_logon_queue_trigger(struct tevent_req *req, void *priv); -static void wb_sam_logon_recv_samlogon(struct tevent_req *subreq); - -/* - Find the connection to the DC (or find an existing connection) -*/ -struct tevent_req *wb_sam_logon_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct wbsrv_service *service, - struct winbind_SamLogon *_req) -{ - struct tevent_req *req; - struct wb_sam_logon_state *state; - struct composite_context *csubreq; - - req = tevent_req_create(mem_ctx, &state, - struct wb_sam_logon_state); - if (req == NULL) { - return NULL; - } - state->ev = ev; - state->req = _req; - - csubreq = wb_sid2domain_send(state, service, service->primary_sid); - if (tevent_req_nomem(csubreq, req)) { - return tevent_req_post(req, ev); - } - csubreq->async.fn = wb_sam_logon_recv_domain; - csubreq->async.private_data = req; - - return req; -} - -/* - Having finished making the connection to the DC - Send of a SamLogon request to authenticate a user. -*/ -static void wb_sam_logon_recv_domain(struct composite_context *csubreq) -{ - struct tevent_req *req = - talloc_get_type_abort(csubreq->async.private_data, - struct tevent_req); - struct wb_sam_logon_state *state = - tevent_req_data(req, - struct wb_sam_logon_state); - NTSTATUS status; - struct tevent_queue_entry *e; - - status = wb_sid2domain_recv(csubreq, &state->domain); - if (tevent_req_nterror(req, status)) { - return; - } - - /* - * Because of the netlogon_creds behavior we have to - * queue the netr_LogonSamLogon() calls - */ - e = tevent_queue_add_entry(state->domain->netlogon_queue, - state->ev, - req, - wb_sam_logon_queue_trigger, - NULL); - state->queue_entry = e; -} - -static void wb_sam_logon_queue_trigger(struct tevent_req *req, void *priv) -{ - struct wb_sam_logon_state *state = - tevent_req_data(req, - struct wb_sam_logon_state); - struct wbsrv_domain *domain = state->domain; - struct tevent_req *subreq; - - state->creds_state = cli_credentials_get_netlogon_creds(domain->libnet_ctx->cred); - netlogon_creds_client_authenticator(state->creds_state, &state->auth1); - - state->r.in.server_name = talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(domain->netlogon_pipe)); - if (tevent_req_nomem(state->r.in.server_name, req)) { - return; - } - - state->r.in.computer_name = cli_credentials_get_workstation(domain->libnet_ctx->cred); - state->r.in.credential = &state->auth1; - state->r.in.return_authenticator = &state->auth2; - state->r.in.logon_level = state->req->in.logon_level; - state->r.in.logon = &state->req->in.logon; - state->r.in.validation_level = state->req->in.validation_level; - state->r.out.return_authenticator = NULL; - state->r.out.validation = talloc(state, union netr_Validation); - if (tevent_req_nomem(state->r.out.validation, req)) { - return; - } - state->r.out.authoritative = talloc(state, uint8_t); - if (tevent_req_nomem(state->r.out.authoritative, req)) { - return; - } - - /* - * use a new talloc context for the LogonSamLogon call - * because then we can just to a talloc_steal on this context - * in the final _recv() function to give the caller all the content of - * the state->r.out.validation - */ - state->r_mem_ctx = talloc_new(state); - if (tevent_req_nomem(state->r_mem_ctx, req)) { - return; - } - - subreq = dcerpc_netr_LogonSamLogon_r_send(state, - state->ev, - domain->netlogon_pipe->binding_handle, - &state->r); - if (tevent_req_nomem(subreq, req)) { - return; - } - tevent_req_set_callback(subreq, wb_sam_logon_recv_samlogon, req); -} - -/* - NTLM Authentication - - Check the SamLogon reply and decrypt the session keys -*/ -static void wb_sam_logon_recv_samlogon(struct tevent_req *subreq) -{ - struct tevent_req *req = - tevent_req_callback_data(subreq, - struct tevent_req); - struct wb_sam_logon_state *state = - tevent_req_data(req, - struct wb_sam_logon_state); - NTSTATUS status; - bool ok; - - status = dcerpc_netr_LogonSamLogon_r_recv(subreq, state->r_mem_ctx); - TALLOC_FREE(subreq); - if (tevent_req_nterror(req, status)) { - return; - } - - if (tevent_req_nterror(req, state->r.out.result)) { - return; - } - - if (state->r.out.return_authenticator == NULL) { - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return; - } - - ok = netlogon_creds_client_check(state->creds_state, - &state->r.out.return_authenticator->cred); - if (!ok) { - DEBUG(0, ("Credentials check failed!\n")); - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return; - } - - /* Decrypt the session keys before we reform the info3, so the - * person on the other end of winbindd pipe doesn't have to. - * They won't have the encryption key anyway */ - netlogon_creds_decrypt_samlogon_validation(state->creds_state, - state->r.in.validation_level, - state->r.out.validation); - - /* - * we do not need the netlogon_creds lock anymore - */ - TALLOC_FREE(state->queue_entry); - - tevent_req_done(req); -} - -NTSTATUS wb_sam_logon_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct winbind_SamLogon *_req) -{ - struct wb_sam_logon_state *state = - tevent_req_data(req, - struct wb_sam_logon_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { - tevent_req_received(req); - return status; - } - - talloc_steal(mem_ctx, state->r_mem_ctx); - _req->out.validation = *state->r.out.validation; - _req->out.authoritative = 1; - - tevent_req_received(req); - return NT_STATUS_OK; -} diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c deleted file mode 100644 index 4c4033df574..00000000000 --- a/source4/winbind/wb_samba3_cmd.c +++ /dev/null @@ -1,1619 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main winbindd samba3 server routines - - Copyright (C) Stefan Metzmacher 2005 - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 - Copyright (C) Kai Blin 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "winbind/wb_server.h" -#include "param/param.h" -#include "winbind/wb_helper.h" -#include "libcli/composite/composite.h" -#include "version.h" -#include "librpc/gen_ndr/ndr_netlogon.h" -#include "libcli/security/security.h" -#include "../libcli/auth/pam_errors.h" -#include "auth/credentials/credentials.h" -#include "smbd/service_task.h" - -/* - support the old Samba3 TXT form of the info3 - */ -static NTSTATUS wb_samba3_append_info3_as_txt(TALLOC_CTX *mem_ctx, - struct wbsrv_samba3_call *s3call, - DATA_BLOB info3b) -{ - struct netr_SamInfo3 *info3; - char *ex; - uint32_t i; - enum ndr_err_code ndr_err; - - info3 = talloc(mem_ctx, struct netr_SamInfo3); - NT_STATUS_HAVE_NO_MEMORY(info3); - - /* The Samba3 protocol has a redundant 4 bytes at the start */ - info3b.data += 4; - info3b.length -= 4; - - ndr_err = ndr_pull_struct_blob(&info3b, - mem_ctx, - info3, - (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return ndr_map_error2ntstatus(ndr_err); - } - - s3call->response->data.auth.info3.logon_time = - nt_time_to_unix(info3->base.logon_time); - s3call->response->data.auth.info3.logoff_time = - nt_time_to_unix(info3->base.logoff_time); - s3call->response->data.auth.info3.kickoff_time = - nt_time_to_unix(info3->base.kickoff_time); - s3call->response->data.auth.info3.pass_last_set_time = - nt_time_to_unix(info3->base.last_password_change); - s3call->response->data.auth.info3.pass_can_change_time = - nt_time_to_unix(info3->base.allow_password_change); - s3call->response->data.auth.info3.pass_must_change_time = - nt_time_to_unix(info3->base.force_password_change); - - s3call->response->data.auth.info3.logon_count = info3->base.logon_count; - s3call->response->data.auth.info3.bad_pw_count = info3->base.bad_password_count; - - s3call->response->data.auth.info3.user_rid = info3->base.rid; - s3call->response->data.auth.info3.group_rid = info3->base.primary_gid; - fstrcpy(s3call->response->data.auth.info3.dom_sid, dom_sid_string(mem_ctx, info3->base.domain_sid)); - - s3call->response->data.auth.info3.num_groups = info3->base.groups.count; - s3call->response->data.auth.info3.user_flgs = info3->base.user_flags; - - s3call->response->data.auth.info3.acct_flags = info3->base.acct_flags; - s3call->response->data.auth.info3.num_other_sids = info3->sidcount; - - fstrcpy(s3call->response->data.auth.info3.user_name, - info3->base.account_name.string); - fstrcpy(s3call->response->data.auth.info3.full_name, - info3->base.full_name.string); - fstrcpy(s3call->response->data.auth.info3.logon_script, - info3->base.logon_script.string); - fstrcpy(s3call->response->data.auth.info3.profile_path, - info3->base.profile_path.string); - fstrcpy(s3call->response->data.auth.info3.home_dir, - info3->base.home_directory.string); - fstrcpy(s3call->response->data.auth.info3.dir_drive, - info3->base.home_drive.string); - - fstrcpy(s3call->response->data.auth.info3.logon_srv, - info3->base.logon_server.string); - fstrcpy(s3call->response->data.auth.info3.logon_dom, - info3->base.logon_domain.string); - - ex = talloc_strdup(mem_ctx, ""); - NT_STATUS_HAVE_NO_MEMORY(ex); - - for (i=0; i < info3->base.groups.count; i++) { - ex = talloc_asprintf_append_buffer(ex, "0x%08X:0x%08X\n", - info3->base.groups.rids[i].rid, - info3->base.groups.rids[i].attributes); - NT_STATUS_HAVE_NO_MEMORY(ex); - } - - for (i=0; i < info3->sidcount; i++) { - char *sid; - - sid = dom_sid_string(mem_ctx, info3->sids[i].sid); - NT_STATUS_HAVE_NO_MEMORY(sid); - - ex = talloc_asprintf_append_buffer(ex, "%s:0x%08X\n", - sid, - info3->sids[i].attributes); - NT_STATUS_HAVE_NO_MEMORY(ex); - - talloc_free(sid); - } - - s3call->response->extra_data.data = ex; - s3call->response->length += talloc_get_size(ex); - - return NT_STATUS_OK; -} - -/* - Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors. -*/ - -static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status, - struct wbsrv_samba3_call *s3call) -{ - struct winbindd_response *resp = s3call->response; - if (!NT_STATUS_IS_OK(status)) { - resp->result = WINBINDD_ERROR; - } else { - resp->result = WINBINDD_OK; - } - - WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, - nt_errstr(status)); - WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, - get_friendly_nt_error_msg(status)); - - resp->data.auth.pam_error = nt_status_to_pam(status); - resp->data.auth.nt_status = NT_STATUS_V(status); - - wbsrv_samba3_send_reply(s3call); -} - -/* - Send of a generic reply to a Samba3 query -*/ - -static void wbsrv_samba3_async_epilogue(NTSTATUS status, - struct wbsrv_samba3_call *s3call) -{ - struct winbindd_response *resp = s3call->response; - if (NT_STATUS_IS_OK(status)) { - resp->result = WINBINDD_OK; - } else { - resp->result = WINBINDD_ERROR; - } - - wbsrv_samba3_send_reply(s3call); -} - -/* - Boilerplate commands, simple queries without network traffic -*/ - -NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call) -{ - DEBUG(3, ("request interface version (version = %d)\n", WINBIND_INTERFACE_VERSION)); - - s3call->response->result = WINBINDD_OK; - s3call->response->data.interface_version = WINBIND_INTERFACE_VERSION; - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call) -{ - s3call->response->result = WINBINDD_OK; - s3call->response->data.info.winbind_separator = *lpcfg_winbind_separator(s3call->wbconn->lp_ctx); - WBSRV_SAMBA3_SET_STRING(s3call->response->data.info.samba_version, - SAMBA_VERSION_STRING); - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call) -{ - s3call->response->result = WINBINDD_OK; - WBSRV_SAMBA3_SET_STRING(s3call->response->data.domain_name, - lpcfg_workgroup(s3call->wbconn->lp_ctx)); - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call) -{ - s3call->response->result = WINBINDD_OK; - WBSRV_SAMBA3_SET_STRING(s3call->response->data.netbios_name, - lpcfg_netbios_name(s3call->wbconn->lp_ctx)); - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call) -{ - struct loadparm_context *lp_ctx = s3call->wbconn->listen_socket->service->task->lp_ctx; - const char *priv_socket_dir = lpcfg_winbindd_privileged_socket_directory(lp_ctx); - - s3call->response->result = WINBINDD_OK; - s3call->response->extra_data.data = discard_const(priv_socket_dir); - - s3call->response->length += strlen(priv_socket_dir) + 1; - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call) -{ - s3call->response->result = WINBINDD_OK; - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_domain_info(struct wbsrv_samba3_call *s3call) -{ - DEBUG(5, ("wbsrv_samba3_domain_info called, stub\n")); - s3call->response->result = WINBINDD_OK; - fstrcpy(s3call->response->data.domain_info.name, - s3call->request->domain_name); - fstrcpy(s3call->response->data.domain_info.alt_name, - s3call->request->domain_name); - fstrcpy(s3call->response->data.domain_info.sid, "S-1-2-3-4"); - s3call->response->data.domain_info.native_mode = false; - s3call->response->data.domain_info.active_directory = false; - s3call->response->data.domain_info.primary = false; - - return NT_STATUS_OK; -} - -/* Plaintext authentication - - This interface is used by ntlm_auth in it's 'basic' authentication - mode, as well as by pam_winbind to authenticate users where we are - given a plaintext password. -*/ - -static void check_machacc_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call) -{ - NTSTATUS status; - struct cli_credentials *creds; - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - /* Create a credentials structure */ - creds = cli_credentials_init(s3call); - if (creds == NULL) { - return NT_STATUS_NO_MEMORY; - } - - cli_credentials_set_conf(creds, service->task->lp_ctx); - - /* Connect the machine account to the credentials */ - status = cli_credentials_set_machine_account(creds, service->task->lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(creds); - return status; - } - - ctx = wb_cmd_pam_auth_send(s3call, service, creds); - - if (!ctx) { - talloc_free(creds); - return NT_STATUS_NO_MEMORY; - } - - ctx->async.fn = check_machacc_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void check_machacc_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - - status = wb_cmd_pam_auth_recv(ctx, s3call, NULL, NULL, NULL, NULL); - - if (!NT_STATUS_IS_OK(status)) goto done; - - done: - wbsrv_samba3_async_auth_epilogue(status, s3call); -} - -/* - Find the name of a suitable domain controller, by query on the - netlogon pipe to the DC. -*/ - -static void getdcname_recv_dc(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getdcname(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getdcname called\n")); - - ctx = wb_cmd_getdcname_send(s3call, service, - s3call->request->domain_name); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getdcname_recv_dc; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getdcname_recv_dc(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - const char *dcname; - NTSTATUS status; - - status = wb_cmd_getdcname_recv(ctx, s3call, &dcname); - if (!NT_STATUS_IS_OK(status)) goto done; - - s3call->response->result = WINBINDD_OK; - WBSRV_SAMBA3_SET_STRING(s3call->response->data.dc_name, dcname); - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* - Lookup a user's domain groups -*/ - -static void userdomgroups_recv_groups(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_userdomgroups(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct dom_sid *sid; - - DEBUG(5, ("wbsrv_samba3_userdomgroups called\n")); - - sid = dom_sid_parse_talloc(s3call, s3call->request->data.sid); - if (sid == NULL) { - DEBUG(5, ("Could not parse sid %s\n", - s3call->request->data.sid)); - return NT_STATUS_NO_MEMORY; - } - - ctx = wb_cmd_userdomgroups_send( - s3call, s3call->wbconn->listen_socket->service, sid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = userdomgroups_recv_groups; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void userdomgroups_recv_groups(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - uint32_t i, num_sids; - struct dom_sid **sids; - char *sids_string; - NTSTATUS status; - - status = wb_cmd_userdomgroups_recv(ctx, s3call, &num_sids, &sids); - if (!NT_STATUS_IS_OK(status)) goto done; - - sids_string = talloc_strdup(s3call, ""); - if (sids_string == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<num_sids; i++) { - sids_string = talloc_asprintf_append_buffer( - sids_string, "%s\n", dom_sid_string(s3call, sids[i])); - } - - if (sids_string == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - s3call->response->result = WINBINDD_OK; - s3call->response->extra_data.data = sids_string; - s3call->response->length += strlen(sids_string)+1; - s3call->response->data.num_entries = num_sids; - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* - Lookup the list of SIDs for a user -*/ -static void usersids_recv_sids(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_usersids(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct dom_sid *sid; - - DEBUG(5, ("wbsrv_samba3_usersids called\n")); - - sid = dom_sid_parse_talloc(s3call, s3call->request->data.sid); - if (sid == NULL) { - DEBUG(5, ("Could not parse sid %s\n", - s3call->request->data.sid)); - return NT_STATUS_NO_MEMORY; - } - - ctx = wb_cmd_usersids_send( - s3call, s3call->wbconn->listen_socket->service, sid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = usersids_recv_sids; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void usersids_recv_sids(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - uint32_t i, num_sids; - struct dom_sid **sids; - char *sids_string; - NTSTATUS status; - - status = wb_cmd_usersids_recv(ctx, s3call, &num_sids, &sids); - if (!NT_STATUS_IS_OK(status)) goto done; - - sids_string = talloc_strdup(s3call, ""); - if (sids_string == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<num_sids; i++) { - sids_string = talloc_asprintf_append_buffer( - sids_string, "%s\n", dom_sid_string(s3call, sids[i])); - if (sids_string == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - } - - s3call->response->result = WINBINDD_OK; - s3call->response->extra_data.data = sids_string; - s3call->response->length += strlen(sids_string); - s3call->response->data.num_entries = num_sids; - - /* Hmmmm. Nasty protocol -- who invented the zeros between the - * SIDs? Hmmm. Could have been me -- vl */ - - while (*sids_string != '\0') { - if ((*sids_string) == '\n') { - *sids_string = '\0'; - } - sids_string += 1; - } - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* - Lookup a DOMAIN\\user style name, and return a SID -*/ - -static void lookupname_recv_sid(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_lookupname(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_lookupname called\n")); - - ctx = wb_cmd_lookupname_send(s3call, service, - s3call->request->data.name.dom_name, - s3call->request->data.name.name); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - /* setup the callbacks */ - ctx->async.fn = lookupname_recv_sid; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void lookupname_recv_sid(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - struct wb_sid_object *sid; - NTSTATUS status; - - status = wb_cmd_lookupname_recv(ctx, s3call, &sid); - if (!NT_STATUS_IS_OK(status)) goto done; - - s3call->response->result = WINBINDD_OK; - s3call->response->data.sid.type = sid->type; - WBSRV_SAMBA3_SET_STRING(s3call->response->data.sid.sid, - dom_sid_string(s3call, sid->sid)); - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* - Lookup a SID, and return a DOMAIN\\user style name -*/ - -static void lookupsid_recv_name(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_lookupsid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - struct dom_sid *sid; - - DEBUG(5, ("wbsrv_samba3_lookupsid called\n")); - - sid = dom_sid_parse_talloc(s3call, s3call->request->data.sid); - if (sid == NULL) { - DEBUG(5, ("Could not parse sid %s\n", - s3call->request->data.sid)); - return NT_STATUS_NO_MEMORY; - } - - ctx = wb_cmd_lookupsid_send(s3call, service, sid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - /* setup the callbacks */ - ctx->async.fn = lookupsid_recv_name; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void lookupsid_recv_name(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - struct wb_sid_object *sid; - NTSTATUS status; - - status = wb_cmd_lookupsid_recv(ctx, s3call, &sid); - if (!NT_STATUS_IS_OK(status)) goto done; - - s3call->response->result = WINBINDD_OK; - s3call->response->data.name.type = sid->type; - WBSRV_SAMBA3_SET_STRING(s3call->response->data.name.dom_name, - sid->domain); - WBSRV_SAMBA3_SET_STRING(s3call->response->data.name.name, sid->name); - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* - This is a stub function in order to limit error message in the pam_winbind module -*/ -NTSTATUS wbsrv_samba3_pam_logoff(struct wbsrv_samba3_call *s3call) -{ - NTSTATUS status; - struct winbindd_response *resp = s3call->response; - - status = NT_STATUS_OK; - - DEBUG(5, ("wbsrv_samba3_pam_logoff called\n")); - DEBUG(10, ("Winbind logoff not implemented\n")); - resp->result = WINBINDD_OK; - - WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, - nt_errstr(status)); - WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, - get_friendly_nt_error_msg(status)); - - resp->data.auth.pam_error = nt_status_to_pam(status); - resp->data.auth.nt_status = NT_STATUS_V(status); - DEBUG(5, ("wbsrv_samba3_pam_logoff called\n")); - - return NT_STATUS_OK; -} - -/* - Challenge-response authentication. This interface is used by - ntlm_auth and the smbd auth subsystem to pass NTLM authentication - requests along a common pipe to the domain controller. - - The return value (in the async reply) may include the 'info3' - (effectivly most things you would want to know about the user), or - the NT and LM session keys separated. -*/ - -static void pam_auth_crap_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - DATA_BLOB chal, nt_resp, lm_resp; - - DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n")); - if (s3call->request->flags & WBFLAG_PAM_AUTH_PAC) { - DEBUG(3, ("PAC validation not supported in this winbind implementation\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - chal.data = s3call->request->data.auth_crap.chal; - chal.length = sizeof(s3call->request->data.auth_crap.chal); - nt_resp.data = (uint8_t *)s3call->request->data.auth_crap.nt_resp; - nt_resp.length = s3call->request->data.auth_crap.nt_resp_len; - lm_resp.data = (uint8_t *)s3call->request->data.auth_crap.lm_resp; - lm_resp.length = s3call->request->data.auth_crap.lm_resp_len; - - ctx = wb_cmd_pam_auth_crap_send( - s3call, service, - s3call->request->data.auth_crap.logon_parameters, - s3call->request->data.auth_crap.domain, - s3call->request->data.auth_crap.user, - s3call->request->data.auth_crap.workstation, - chal, nt_resp, lm_resp); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = pam_auth_crap_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void pam_auth_crap_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - DATA_BLOB info3; - struct netr_UserSessionKey user_session_key; - struct netr_LMSessionKey lm_key; - char *unix_username; - - status = wb_cmd_pam_auth_crap_recv(ctx, s3call, &info3, - &user_session_key, &lm_key, &unix_username); - if (!NT_STATUS_IS_OK(status)) goto done; - - if (s3call->request->flags & WBFLAG_PAM_USER_SESSION_KEY) { - memcpy(s3call->response->data.auth.user_session_key, - &user_session_key.key, - sizeof(s3call->response->data.auth.user_session_key)); - } - - if (s3call->request->flags & WBFLAG_PAM_INFO3_TEXT) { - status = wb_samba3_append_info3_as_txt(ctx, s3call, info3); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("Failed to append INFO3 (TXT): %s\n", - nt_errstr(status))); - goto done; - } - } - - if (s3call->request->flags & WBFLAG_PAM_INFO3_NDR) { - s3call->response->extra_data.data = info3.data; - s3call->response->length += info3.length; - } - - if (s3call->request->flags & WBFLAG_PAM_LMKEY) { - memcpy(s3call->response->data.auth.first_8_lm_hash, - lm_key.key, - sizeof(s3call->response->data.auth.first_8_lm_hash)); - } - - if (s3call->request->flags & WBFLAG_PAM_UNIX_NAME) { - WBSRV_SAMBA3_SET_STRING(s3call->response->data.auth.unix_username,unix_username); - } - - done: - wbsrv_samba3_async_auth_epilogue(status, s3call); -} - -/* Plaintext authentication - - This interface is used by ntlm_auth in it's 'basic' authentication - mode, as well as by pam_winbind to authenticate users where we are - given a plaintext password. -*/ - -static void pam_auth_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - struct cli_credentials *credentials; - char *user, *domain; - - if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx, - s3call->request->data.auth.user, - &domain, &user)) { - return NT_STATUS_NO_SUCH_USER; - } - - credentials = cli_credentials_init(s3call); - if (!credentials) { - return NT_STATUS_NO_MEMORY; - } - cli_credentials_set_conf(credentials, service->task->lp_ctx); - cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); - cli_credentials_set_username(credentials, user, CRED_SPECIFIED); - - cli_credentials_set_password(credentials, s3call->request->data.auth.pass, CRED_SPECIFIED); - - ctx = wb_cmd_pam_auth_send(s3call, service, credentials); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = pam_auth_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void pam_auth_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - DATA_BLOB info3; - struct netr_UserSessionKey user_session_key; - struct netr_LMSessionKey lm_key; - char *unix_username; - - status = wb_cmd_pam_auth_recv(ctx, s3call, &info3, - &user_session_key, &lm_key, &unix_username); - - if (!NT_STATUS_IS_OK(status)) goto done; - - if (s3call->request->flags & WBFLAG_PAM_USER_SESSION_KEY) { - memcpy(s3call->response->data.auth.user_session_key, - &user_session_key.key, - sizeof(s3call->response->data.auth.user_session_key)); - } - - if (s3call->request->flags & WBFLAG_PAM_INFO3_TEXT) { - status = wb_samba3_append_info3_as_txt(ctx, s3call, info3); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("Failed to append INFO3 (TXT): %s\n", - nt_errstr(status))); - goto done; - } - } - - if (s3call->request->flags & WBFLAG_PAM_INFO3_NDR) { - s3call->response->extra_data.data = info3.data; - s3call->response->length += info3.length; - } - - if (s3call->request->flags & WBFLAG_PAM_LMKEY) { - memcpy(s3call->response->data.auth.first_8_lm_hash, - lm_key.key, - sizeof(s3call->response->data.auth.first_8_lm_hash)); - } - - if (s3call->request->flags & WBFLAG_PAM_UNIX_NAME) { - WBSRV_SAMBA3_SET_STRING(s3call->response->data.auth.unix_username,unix_username); - } - - - done: - wbsrv_samba3_async_auth_epilogue(status, s3call); -} - -/* - List trusted domains -*/ - -static void list_trustdom_recv_doms(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_list_trustdom(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_list_trustdom called\n")); - - ctx = wb_cmd_list_trustdoms_send(s3call, service); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = list_trustdom_recv_doms; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void list_trustdom_recv_doms(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - uint32_t i, num_domains; - struct wb_dom_info **domains; - NTSTATUS status; - char *result; - - status = wb_cmd_list_trustdoms_recv(ctx, s3call, &num_domains, - &domains); - if (!NT_STATUS_IS_OK(status)) goto done; - - result = talloc_strdup(s3call, ""); - if (result == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<num_domains; i++) { - result = talloc_asprintf_append_buffer( - result, "%s\\%s\\%s", - domains[i]->name, domains[i]->name, - dom_sid_string(s3call, domains[i]->sid)); - } - - if (result == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - s3call->response->result = WINBINDD_OK; - if (num_domains > 0) { - s3call->response->extra_data.data = result; - s3call->response->length += strlen(result)+1; - s3call->response->data.num_entries = num_domains; - } - - done: - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* list groups */ -static void list_groups_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_list_groups(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba4_list_groups called\n")); - - ctx = wb_cmd_list_groups_send(s3call, service, - s3call->request->domain_name); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = list_groups_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void list_groups_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = talloc_get_type_abort( - ctx->async.private_data, - struct wbsrv_samba3_call); - uint32_t extra_data_len; - char *extra_data; - uint32_t num_groups; - NTSTATUS status; - - DEBUG(5, ("list_groups_recv called\n")); - - status = wb_cmd_list_groups_recv(ctx, s3call, &extra_data_len, - &extra_data, &num_groups); - - if (NT_STATUS_IS_OK(status)) { - s3call->response->extra_data.data = extra_data; - s3call->response->length += extra_data_len; - if (extra_data) { - s3call->response->length += 1; - s3call->response->data.num_entries = num_groups; - } - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* List users */ - -static void list_users_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_list_users(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_list_users called\n")); - - ctx = wb_cmd_list_users_send(s3call, service, - s3call->request->domain_name); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = list_users_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void list_users_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - uint32_t extra_data_len; - char *extra_data; - uint32_t num_users; - NTSTATUS status; - - DEBUG(5, ("list_users_recv called\n")); - - status = wb_cmd_list_users_recv(ctx, s3call, &extra_data_len, - &extra_data, &num_users); - - if (NT_STATUS_IS_OK(status)) { - s3call->response->extra_data.data = extra_data; - s3call->response->length += extra_data_len; - if (extra_data) { - s3call->response->length += 1; - s3call->response->data.num_entries = num_users; - } - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -/* NSS calls */ - -static void getpwnam_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getpwnam(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getpwnam called\n")); - - ctx = wb_cmd_getpwnam_send(s3call, service, - s3call->request->data.username); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getpwnam_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getpwnam_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_pw *pw; - - DEBUG(5, ("getpwnam_recv called\n")); - - status = wb_cmd_getpwnam_recv(ctx, s3call, &pw); - if(NT_STATUS_IS_OK(status)) - s3call->response->data.pw = *pw; - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void getpwuid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getpwuid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getpwuid called\n")); - - ctx = wb_cmd_getpwuid_send(s3call, service, - s3call->request->data.uid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getpwuid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getpwuid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_pw *pw; - - DEBUG(5, ("getpwuid_recv called\n")); - - status = wb_cmd_getpwuid_recv(ctx, s3call, &pw); - if (NT_STATUS_IS_OK(status)) - s3call->response->data.pw = *pw; - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void setpwent_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_setpwent(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_setpwent called\n")); - - ctx = wb_cmd_setpwent_send(s3call, service); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = setpwent_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void setpwent_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct wbsrv_pwent *pwent; - - DEBUG(5, ("setpwent_recv called\n")); - - status = wb_cmd_setpwent_recv(ctx, s3call->wbconn, &pwent); - if (NT_STATUS_IS_OK(status)) { - s3call->wbconn->protocol_private_data = pwent; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void getpwent_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getpwent(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - struct wbsrv_pwent *pwent; - - DEBUG(5, ("wbsrv_samba3_getpwent called\n")); - - NT_STATUS_HAVE_NO_MEMORY(s3call->wbconn->protocol_private_data); - - pwent = talloc_get_type(s3call->wbconn->protocol_private_data, - struct wbsrv_pwent); - NT_STATUS_HAVE_NO_MEMORY(pwent); - - ctx = wb_cmd_getpwent_send(s3call, service, pwent, - s3call->request->data.num_entries); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getpwent_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getpwent_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_pw *pw; - uint32_t num_users; - - DEBUG(5, ("getpwent_recv called\n")); - - status = wb_cmd_getpwent_recv(ctx, s3call, &pw, &num_users); - if (NT_STATUS_IS_OK(status)) { - uint32_t extra_len = sizeof(struct winbindd_pw) * num_users; - - s3call->response->data.num_entries = num_users; - s3call->response->extra_data.data = pw; - s3call->response->length += extra_len; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -NTSTATUS wbsrv_samba3_endpwent(struct wbsrv_samba3_call *s3call) -{ - struct wbsrv_pwent *pwent = - talloc_get_type(s3call->wbconn->protocol_private_data, - struct wbsrv_pwent); - DEBUG(5, ("wbsrv_samba3_endpwent called\n")); - - talloc_free(pwent); - - s3call->wbconn->protocol_private_data = NULL; - s3call->response->result = WINBINDD_OK; - return NT_STATUS_OK; -} - - -static void getgrnam_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getgrnam(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getgrnam called\n")); - - ctx = wb_cmd_getgrnam_send(s3call, service, - s3call->request->data.groupname); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getgrnam_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getgrnam_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_gr *gr; - - DEBUG(5, ("getgrnam_recv called\n")); - - status = wb_cmd_getgrnam_recv(ctx, s3call, &gr); - if(NT_STATUS_IS_OK(status)) - s3call->response->data.gr = *gr; - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void getgrgid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getgrgid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getgrgid called\n")); - - ctx = wb_cmd_getgrgid_send(s3call, service, - s3call->request->data.gid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getgrgid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getgrgid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_gr *gr; - - DEBUG(5, ("getgrgid_recv called\n")); - - status = wb_cmd_getgrgid_recv(ctx, s3call, &gr); - if (NT_STATUS_IS_OK(status)) - s3call->response->data.gr = *gr; - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void getgroups_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getgroups(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_getgroups called\n")); - /* S3 code do the same so why not ... */ - s3call->request->data.username[sizeof(s3call->request->data.username)-1]='\0'; - ctx = wb_cmd_getgroups_send(s3call, service, s3call->request->data.username); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getgroups_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getgroups_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - gid_t *gids; - uint32_t num_groups; - NTSTATUS status; - DEBUG(5, ("getgroups_recv called\n")); - - status = wb_cmd_getgroups_recv(ctx, s3call, &gids, &num_groups); - if (NT_STATUS_IS_OK(status)) { - uint32_t extra_len = sizeof(gid_t) * num_groups; - - s3call->response->data.num_entries = num_groups; - s3call->response->extra_data.data = gids; - s3call->response->length += extra_len; - } else { - s3call->response->result = WINBINDD_ERROR; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void setgrent_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_setgrent(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_setgrent called\n")); - - ctx = wb_cmd_setgrent_send(s3call, service); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = setgrent_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void setgrent_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct wbsrv_grent *grent; - - DEBUG(5, ("setpwent_recv called\n")); - - status = wb_cmd_setgrent_recv(ctx, s3call->wbconn, &grent); - if (NT_STATUS_IS_OK(status)) { - s3call->wbconn->protocol_private_data = grent; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void getgrent_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_getgrent(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = s3call->wbconn->listen_socket->service; - struct wbsrv_grent *grent; - - DEBUG(5, ("wbsrv_samba3_getgrent called\n")); - - NT_STATUS_HAVE_NO_MEMORY(s3call->wbconn->protocol_private_data); - - grent = talloc_get_type(s3call->wbconn->protocol_private_data, - struct wbsrv_grent); - NT_STATUS_HAVE_NO_MEMORY(grent); - - ctx = wb_cmd_getgrent_send(s3call, service, grent, - s3call->request->data.num_entries); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = getgrent_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} - -static void getgrent_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct winbindd_gr *gr; - uint32_t num_groups; - - DEBUG(5, ("getgrent_recv called\n")); - - status = wb_cmd_getgrent_recv(ctx, s3call, &gr, &num_groups); - if (NT_STATUS_IS_OK(status)) { - uint32_t extra_len = sizeof(struct winbindd_gr) * num_groups; - - s3call->response->data.num_entries = num_groups; - s3call->response->extra_data.data = gr; - s3call->response->length += extra_len; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -NTSTATUS wbsrv_samba3_endgrent(struct wbsrv_samba3_call *s3call) -{ - DEBUG(5, ("wbsrv_samba3_endgrent called\n")); - s3call->response->result = WINBINDD_OK; - return NT_STATUS_OK; -} - -static void sid2uid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_sid2uid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - struct dom_sid *sid; - - DEBUG(5, ("wbsrv_samba3_sid2uid called\n")); - - sid = dom_sid_parse_talloc(s3call, s3call->request->data.sid); - NT_STATUS_HAVE_NO_MEMORY(sid); - - ctx = wb_sid2uid_send(s3call, service, sid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = sid2uid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; - -} - -static void sid2uid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - - DEBUG(5, ("sid2uid_recv called\n")); - - status = wb_sid2uid_recv(ctx, &s3call->response->data.uid); - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void sid2gid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_sid2gid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - struct dom_sid *sid; - - DEBUG(5, ("wbsrv_samba3_sid2gid called\n")); - - sid = dom_sid_parse_talloc(s3call, s3call->request->data.sid); - NT_STATUS_HAVE_NO_MEMORY(sid); - - ctx = wb_sid2gid_send(s3call, service, sid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = sid2gid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; - -} - -static void sid2gid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - - DEBUG(5, ("sid2gid_recv called\n")); - - status = wb_sid2gid_recv(ctx, &s3call->response->data.gid); - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void uid2sid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_uid2sid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_uid2sid called\n")); - - ctx = wb_uid2sid_send(s3call, service, s3call->request->data.uid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = uid2sid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; - -} - -static void uid2sid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct dom_sid *sid; - char *sid_str; - - DEBUG(5, ("uid2sid_recv called\n")); - - status = wb_uid2sid_recv(ctx, s3call, &sid); - if(NT_STATUS_IS_OK(status)) { - sid_str = dom_sid_string(s3call, sid); - - /* If the conversion failed, bail out with a failure. */ - if (sid_str == NULL) - wbsrv_samba3_async_epilogue(NT_STATUS_NO_MEMORY,s3call); - - /* But we assume this worked, so we'll set the string. Work - * done. */ - WBSRV_SAMBA3_SET_STRING(s3call->response->data.sid.sid, sid_str); - s3call->response->data.sid.type = SID_NAME_USER; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void gid2sid_recv(struct composite_context *ctx); - -NTSTATUS wbsrv_samba3_gid2sid(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - - DEBUG(5, ("wbsrv_samba3_gid2sid called\n")); - - ctx = wb_gid2sid_send(s3call, service, s3call->request->data.gid); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = gid2sid_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; - -} - -static void gid2sid_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct dom_sid *sid; - char *sid_str; - - DEBUG(5, ("gid2sid_recv called\n")); - - status = wb_gid2sid_recv(ctx, s3call, &sid); - if(NT_STATUS_IS_OK(status)) { - sid_str = dom_sid_string(s3call, sid); - - if (sid_str == NULL) - wbsrv_samba3_async_epilogue(NT_STATUS_NO_MEMORY,s3call); - - WBSRV_SAMBA3_SET_STRING(s3call->response->data.sid.sid, sid_str); - s3call->response->data.sid.type = SID_NAME_DOMAIN; - } - - wbsrv_samba3_async_epilogue(status, s3call); -} - -static void sids2xids_recv(struct composite_context *ctx) -{ - struct wbsrv_samba3_call *s3call = - talloc_get_type(ctx->async.private_data, - struct wbsrv_samba3_call); - NTSTATUS status; - struct id_map *ids; - unsigned i, count; - struct winbindd_response *resp = s3call->response; - - DEBUG(5, ("sids2xids_recv called\n")); - - status = wb_sids2xids_recv(ctx, &ids, &count); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - /* fill in extra_data with the list of IDs. Each is prefixed - * by 'U' or 'G' for user and group, and followed by a - * newline */ - resp->extra_data.data = talloc_strdup(resp, ""); - if (resp->extra_data.data == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - for (i=0; i<count; i++) { - char type_char = '*'; - if (ids[i].status != ID_MAPPED) { - resp->extra_data.data = talloc_asprintf_append_buffer(resp->extra_data.data, "\n"); - if (resp->extra_data.data == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - continue; - } - switch (ids[i].xid.type) { - case ID_TYPE_UID: - type_char = 'U'; - break; - case ID_TYPE_GID: - type_char = 'G'; - break; - case ID_TYPE_BOTH: - type_char = 'B'; - break; - case ID_TYPE_NOT_SPECIFIED: - type_char = 'N'; - break; - } - resp->extra_data.data = talloc_asprintf_append_buffer(resp->extra_data.data, "%c%u\n", - type_char, (unsigned)ids[i].xid.id); - if (resp->extra_data.data == NULL) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - } - resp->length += strlen(resp->extra_data.data) + 1; - -done: - wbsrv_samba3_async_epilogue(status, s3call); -} - - -NTSTATUS wbsrv_samba3_sids2xids(struct wbsrv_samba3_call *s3call) -{ - struct composite_context *ctx; - struct wbsrv_service *service = - s3call->wbconn->listen_socket->service; - struct id_map *ids = NULL; - unsigned count = 0; - char *saveptr = NULL; - char *sidstr; - - DEBUG(5, ("wbsrv_samba3_sids2xids called\n")); - - for (sidstr = strtok_r(s3call->request->extra_data.data, "\n", &saveptr); - sidstr; - sidstr = strtok_r(NULL, "\n", &saveptr)) { - count += 1; - ids = talloc_realloc(s3call, ids, struct id_map, count); - NT_STATUS_HAVE_NO_MEMORY(ids); - ids[count-1].sid = dom_sid_parse_talloc(ids, sidstr); - NT_STATUS_HAVE_NO_MEMORY(ids->sid); - } - - ctx = wb_sids2xids_send(s3call, service, count, ids); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->async.fn = sids2xids_recv; - ctx->async.private_data = s3call; - s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; - return NT_STATUS_OK; -} diff --git a/source4/winbind/wb_samba3_protocol.c b/source4/winbind/wb_samba3_protocol.c deleted file mode 100644 index 1b78c99c1f9..00000000000 --- a/source4/winbind/wb_samba3_protocol.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main winbindd samba3 server routines - - Copyright (C) Stefan Metzmacher 2005 - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "winbind/wb_server.h" -#include "smbd/service_stream.h" -#include "lib/stream/packet.h" -#include "lib/tsocket/tsocket.h" - -/* - work out if a packet is complete for protocols that use a 32 bit host byte - order length -*/ -NTSTATUS wbsrv_samba3_packet_full_request(void *private_data, DATA_BLOB blob, size_t *size) -{ - uint32_t *len; - struct winbindd_request *req; - - if (blob.length < 4) { - return STATUS_MORE_ENTRIES; - } - len = (uint32_t *)blob.data; - *size = (*len); - if (*size > blob.length) { - return STATUS_MORE_ENTRIES; - } - if (*size < sizeof(req)) { - /* its not a valid winbind packet. We need to accept - it here, and wbsrv_samba3_pull_request() will throw - it away */ - return NT_STATUS_OK; - } - - /* now we need to cope with possible extra_data, which is - stuck on the end with no length prefix! This is a very very - stupid protocol */ - req = (struct winbindd_request *)blob.data; - *size = (*len) + req->extra_len; - if (*size > blob.length) { - return STATUS_MORE_ENTRIES; - } - return NT_STATUS_OK; -} - - -NTSTATUS wbsrv_samba3_pull_request(struct wbsrv_samba3_call *call) -{ - if (call->in.length < sizeof(*call->request)) { - DEBUG(0,("wbsrv_samba3_pull_request: invalid blob length %lu should be %lu\n" - " make sure you use the correct winbind client tools!\n", - (long)call->in.length, (long)sizeof(*call->request))); - return NT_STATUS_INVALID_PARAMETER; - } - - call->request = talloc_zero(call, struct winbindd_request); - NT_STATUS_HAVE_NO_MEMORY(call->request); - - /* the packet layout is the same as the in memory layout of the request, so just copy it */ - memcpy(call->request, call->in.data, sizeof(*call->request)); - - if (call->in.length != sizeof(*call->request) + call->request->extra_len) { - DEBUG(0,(__location__ " : invalid extra_len %u should be %u\n", - call->request->extra_len, (unsigned)(call->in.length - sizeof(*call->request)))); - return NT_STATUS_INVALID_PARAMETER; - } - - /* there may be extra data */ - if (call->request->extra_len != 0) { - call->request->extra_data.data = talloc_size(call->request, call->request->extra_len+1); - NT_STATUS_HAVE_NO_MEMORY(call->request->extra_data.data); - /* guarantee a nul termination, as many of the uses of - this field is for strings */ - memcpy(call->request->extra_data.data, call->in.data + sizeof(*call->request), - call->request->extra_len); - call->request->extra_data.data[call->request->extra_len] = 0; - } else { - call->request->extra_data.data = NULL; - } - - return NT_STATUS_OK; -} - -NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call) -{ - DEBUG(10, ("Got winbind samba3 request %d\n", s3call->request->cmd)); - - s3call->response = talloc_zero(s3call, struct winbindd_response); - NT_STATUS_HAVE_NO_MEMORY(s3call->request); - - s3call->response->length = sizeof(*s3call->response); - - switch(s3call->request->cmd) { - case WINBINDD_INTERFACE_VERSION: - return wbsrv_samba3_interface_version(s3call); - - case WINBINDD_CHECK_MACHACC: - return wbsrv_samba3_check_machacc(s3call); - - case WINBINDD_PING: - return wbsrv_samba3_ping(s3call); - - case WINBINDD_INFO: - return wbsrv_samba3_info(s3call); - - case WINBINDD_DOMAIN_NAME: - return wbsrv_samba3_domain_name(s3call); - - case WINBINDD_NETBIOS_NAME: - return wbsrv_samba3_netbios_name(s3call); - - case WINBINDD_PRIV_PIPE_DIR: - return wbsrv_samba3_priv_pipe_dir(s3call); - - case WINBINDD_LOOKUPNAME: - return wbsrv_samba3_lookupname(s3call); - - case WINBINDD_LOOKUPSID: - return wbsrv_samba3_lookupsid(s3call); - - case WINBINDD_PAM_AUTH: - return wbsrv_samba3_pam_auth(s3call); - - case WINBINDD_PAM_AUTH_CRAP: - return wbsrv_samba3_pam_auth_crap(s3call); - - case WINBINDD_GETDCNAME: - return wbsrv_samba3_getdcname(s3call); - - case WINBINDD_GETUSERDOMGROUPS: - return wbsrv_samba3_userdomgroups(s3call); - - case WINBINDD_GETUSERSIDS: - return wbsrv_samba3_usersids(s3call); - - case WINBINDD_LIST_GROUPS: - return wbsrv_samba3_list_groups(s3call); - - case WINBINDD_LIST_TRUSTDOM: - return wbsrv_samba3_list_trustdom(s3call); - - case WINBINDD_LIST_USERS: - return wbsrv_samba3_list_users(s3call); - - case WINBINDD_GETPWNAM: - return wbsrv_samba3_getpwnam(s3call); - - case WINBINDD_GETPWUID: - return wbsrv_samba3_getpwuid(s3call); - - case WINBINDD_SETPWENT: - return wbsrv_samba3_setpwent(s3call); - - case WINBINDD_GETPWENT: - return wbsrv_samba3_getpwent(s3call); - - case WINBINDD_ENDPWENT: - return wbsrv_samba3_endpwent(s3call); - - case WINBINDD_GETGRNAM: - return wbsrv_samba3_getgrnam(s3call); - - case WINBINDD_GETGRGID: - return wbsrv_samba3_getgrgid(s3call); - - case WINBINDD_GETGROUPS: - return wbsrv_samba3_getgroups(s3call); - - case WINBINDD_SETGRENT: - return wbsrv_samba3_setgrent(s3call); - - case WINBINDD_GETGRENT: - return wbsrv_samba3_getgrent(s3call); - - case WINBINDD_ENDGRENT: - return wbsrv_samba3_endgrent(s3call); - - case WINBINDD_SID_TO_UID: - case WINBINDD_DUAL_SID2UID: - return wbsrv_samba3_sid2uid(s3call); - - case WINBINDD_SID_TO_GID: - case WINBINDD_DUAL_SID2GID: - return wbsrv_samba3_sid2gid(s3call); - - case WINBINDD_UID_TO_SID: - case WINBINDD_DUAL_UID2SID: - return wbsrv_samba3_uid2sid(s3call); - - case WINBINDD_GID_TO_SID: - case WINBINDD_DUAL_GID2SID: - return wbsrv_samba3_gid2sid(s3call); - - case WINBINDD_DOMAIN_INFO: - return wbsrv_samba3_domain_info(s3call); - - case WINBINDD_PAM_LOGOFF: - return wbsrv_samba3_pam_logoff(s3call); - - case WINBINDD_SIDS_TO_XIDS: - return wbsrv_samba3_sids2xids(s3call); - - /* Unimplemented commands */ - case WINBINDD_GETPWSID: - case WINBINDD_PAM_CHAUTHTOK: - case WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP: - case WINBINDD_LOOKUPRIDS: - case WINBINDD_LOOKUPSIDS: - case WINBINDD_ALLOCATE_UID: - case WINBINDD_ALLOCATE_GID: - case WINBINDD_SHOW_SEQUENCE: - case WINBINDD_WINS_BYIP: - case WINBINDD_WINS_BYNAME: - case WINBINDD_GETGRLST: - case WINBINDD_GETSIDALIASES: - case WINBINDD_DSGETDCNAME: - case WINBINDD_INIT_CONNECTION: - case WINBINDD_DUAL_SIDS2XIDS: - case WINBINDD_DUAL_USERINFO: - case WINBINDD_DUAL_GETSIDALIASES: - case WINBINDD_DUAL_NDRCMD: - case WINBINDD_CCACHE_NTLMAUTH: - case WINBINDD_NUM_CMDS: - case WINBINDD_CHANGE_MACHACC: - case WINBINDD_PING_DC: - case WINBINDD_DC_INFO: - case WINBINDD_CCACHE_SAVE: - DEBUG(10, ("Unimplemented winbind samba3 request %d\n", - s3call->request->cmd)); - break; - } - - s3call->response->result = WINBINDD_ERROR; - return NT_STATUS_OK; -} - -static NTSTATUS wbsrv_samba3_push_reply(struct wbsrv_samba3_call *call) -{ - uint8_t *extra_data; - size_t extra_data_len = 0; - - extra_data = (uint8_t *)call->response->extra_data.data; - if (extra_data != NULL) { - extra_data_len = call->response->length - - sizeof(*call->response); - } - - call->out = data_blob_talloc(call, NULL, call->response->length); - NT_STATUS_HAVE_NO_MEMORY(call->out.data); - - /* don't push real pointer values into sockets */ - if (extra_data) { - call->response->extra_data.data = (void *)0xFFFFFFFF; - } - - memcpy(call->out.data, call->response, sizeof(*call->response)); - /* set back the pointer */ - call->response->extra_data.data = extra_data; - - if (extra_data) { - memcpy(call->out.data + sizeof(*call->response), - extra_data, - extra_data_len); - } - - return NT_STATUS_OK; -} - -static void wbsrv_samba3_send_reply_done(struct tevent_req *subreq); - -/* - * queue a wbsrv_call reply on a wbsrv_connection - * NOTE: that this implies talloc_free(call), - * use talloc_reference(call) if you need it after - * calling wbsrv_queue_reply - */ -NTSTATUS wbsrv_samba3_send_reply(struct wbsrv_samba3_call *call) -{ - struct wbsrv_connection *wbsrv_conn = call->wbconn; - struct tevent_req *subreq; - NTSTATUS status; - - call->wbconn->pending_calls--; - - status = wbsrv_samba3_push_reply(call); - NT_STATUS_NOT_OK_RETURN(status); - - call->out_iov[0].iov_base = (char *) call->out.data; - call->out_iov[0].iov_len = call->out.length; - - subreq = tstream_writev_queue_send(call, - wbsrv_conn->conn->event.ctx, - wbsrv_conn->tstream, - wbsrv_conn->send_queue, - call->out_iov, 1); - if (subreq == NULL) { - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: " - "no memory for tstream_writev_queue_send"); - return NT_STATUS_NO_MEMORY; - } - tevent_req_set_callback(subreq, wbsrv_samba3_send_reply_done, call); - - return status; -} - -static void wbsrv_samba3_send_reply_done(struct tevent_req *subreq) -{ - struct wbsrv_samba3_call *call = tevent_req_callback_data(subreq, - struct wbsrv_samba3_call); - int sys_errno; - int rc; - - rc = tstream_writev_queue_recv(subreq, &sys_errno); - TALLOC_FREE(subreq); - if (rc == -1) { - const char *reason; - - reason = talloc_asprintf(call, "wbsrv_samba3_send_reply_done: " - "tstream_writev_queue_recv() - %d:%s", - sys_errno, strerror(sys_errno)); - if (reason == NULL) { - reason = "wbsrv_samba3_send_reply_done: " - "tstream_writev_queue_recv() failed"; - } - - wbsrv_terminate_connection(call->wbconn, reason); - return; - } - - talloc_free(call); -} - -NTSTATUS wbsrv_samba3_process(struct wbsrv_samba3_call *call) -{ - NTSTATUS status; - - status = wbsrv_samba3_pull_request(call); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - call->wbconn->pending_calls++; - - status = wbsrv_samba3_handle_call(call); - - if (!NT_STATUS_IS_OK(status)) { - call->wbconn->pending_calls--; - talloc_free(call); - return status; - } - - if (call->flags & WBSRV_CALL_FLAGS_REPLY_ASYNC) { - return NT_STATUS_OK; - } - - status = wbsrv_samba3_send_reply(call); - return status; -} - diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c deleted file mode 100644 index 2801968cbec..00000000000 --- a/source4/winbind/wb_server.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main winbindd server routines - - Copyright (C) Stefan Metzmacher 2005-2008 - Copyright (C) Andrew Tridgell 2005 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "smbd/process_model.h" -#include "winbind/wb_server.h" -#include "lib/stream/packet.h" -#include "lib/tsocket/tsocket.h" -#include "libcli/util/tstream.h" -#include "param/param.h" -#include "param/secrets.h" -#include "lib/util/dlinklist.h" - -void wbsrv_terminate_connection(struct wbsrv_connection *wbconn, const char *reason) -{ - struct wbsrv_service *service = wbconn->listen_socket->service; - - if (wbconn->pending_calls == 0) { - char *full_reason = talloc_asprintf(wbconn, "wbsrv: %s", reason); - - DLIST_REMOVE(service->broken_connections, wbconn); - stream_terminate_connection(wbconn->conn, full_reason ? full_reason : reason); - return; - } - - if (wbconn->terminate != NULL) { - return; - } - - DEBUG(3,("wbsrv: terminating connection due to '%s' defered due to %d pending calls\n", - reason, wbconn->pending_calls)); - wbconn->terminate = talloc_strdup(wbconn, reason); - if (wbconn->terminate == NULL) { - wbconn->terminate = "wbsrv: defered terminating connection - no memory"; - } - DLIST_ADD_END(service->broken_connections, wbconn, NULL); -} - -static void wbsrv_cleanup_broken_connections(struct wbsrv_service *s) -{ - struct wbsrv_connection *cur, *next; - - next = s->broken_connections; - while (next != NULL) { - cur = next; - next = cur->next; - - wbsrv_terminate_connection(cur, cur->terminate); - } -} - -static void wbsrv_call_loop(struct tevent_req *subreq) -{ - struct wbsrv_connection *wbsrv_conn = tevent_req_callback_data(subreq, - struct wbsrv_connection); - struct wbsrv_service *service = wbsrv_conn->listen_socket->service; - struct wbsrv_samba3_call *call; - NTSTATUS status; - - if (wbsrv_conn->terminate) { - /* - * if the current connection is broken - * we need to clean it up before any other connection - */ - wbsrv_terminate_connection(wbsrv_conn, wbsrv_conn->terminate); - wbsrv_cleanup_broken_connections(service); - return; - } - - wbsrv_cleanup_broken_connections(service); - - call = talloc_zero(wbsrv_conn, struct wbsrv_samba3_call); - if (call == NULL) { - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: " - "no memory for wbsrv_samba3_call"); - return; - } - call->wbconn = wbsrv_conn; - - status = tstream_read_pdu_blob_recv(subreq, - call, - &call->in); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - const char *reason; - - reason = talloc_asprintf(wbsrv_conn, "wbsrv_call_loop: " - "tstream_read_pdu_blob_recv() - %s", - nt_errstr(status)); - if (!reason) { - reason = nt_errstr(status); - } - - wbsrv_terminate_connection(wbsrv_conn, reason); - return; - } - - DEBUG(10,("Received winbind TCP packet of length %lu from %s\n", - (long) call->in.length, - tsocket_address_string(wbsrv_conn->conn->remote_address, call))); - - status = wbsrv_samba3_process(call); - if (!NT_STATUS_IS_OK(status)) { - const char *reason; - - reason = talloc_asprintf(wbsrv_conn, "wbsrv_call_loop: " - "tstream_read_pdu_blob_recv() - %s", - nt_errstr(status)); - if (!reason) { - reason = nt_errstr(status); - } - - wbsrv_terminate_connection(wbsrv_conn, reason); - return; - } - - /* - * The winbind pdu's has the length as 4 byte (initial_read_size), - * wbsrv_samba3_packet_full_request provides the pdu length then. - */ - subreq = tstream_read_pdu_blob_send(wbsrv_conn, - wbsrv_conn->conn->event.ctx, - wbsrv_conn->tstream, - 4, /* initial_read_size */ - wbsrv_samba3_packet_full_request, - wbsrv_conn); - if (subreq == NULL) { - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: " - "no memory for tstream_read_pdu_blob_send"); - return; - } - tevent_req_set_callback(subreq, wbsrv_call_loop, wbsrv_conn); -} - -static void wbsrv_accept(struct stream_connection *conn) -{ - struct wbsrv_listen_socket *wbsrv_socket = talloc_get_type(conn->private_data, - struct wbsrv_listen_socket); - struct wbsrv_connection *wbsrv_conn; - struct tevent_req *subreq; - int rc; - - wbsrv_cleanup_broken_connections(wbsrv_socket->service); - - wbsrv_conn = talloc_zero(conn, struct wbsrv_connection); - if (wbsrv_conn == NULL) { - stream_terminate_connection(conn, "wbsrv_accept: out of memory"); - return; - } - - wbsrv_conn->send_queue = tevent_queue_create(conn, "wbsrv_accept"); - if (wbsrv_conn->send_queue == NULL) { - stream_terminate_connection(conn, - "wbsrv_accept: out of memory"); - return; - } - - TALLOC_FREE(conn->event.fde); - - rc = tstream_bsd_existing_socket(wbsrv_conn, - socket_get_fd(conn->socket), - &wbsrv_conn->tstream); - if (rc < 0) { - stream_terminate_connection(conn, - "wbsrv_accept: out of memory"); - return; - } - - wbsrv_conn->conn = conn; - wbsrv_conn->listen_socket = wbsrv_socket; - wbsrv_conn->lp_ctx = wbsrv_socket->service->task->lp_ctx; - conn->private_data = wbsrv_conn; - - /* - * The winbind pdu's has the length as 4 byte (initial_read_size), - * wbsrv_samba3_packet_full_request provides the pdu length then. - */ - subreq = tstream_read_pdu_blob_send(wbsrv_conn, - wbsrv_conn->conn->event.ctx, - wbsrv_conn->tstream, - 4, /* initial_read_size */ - wbsrv_samba3_packet_full_request, - wbsrv_conn); - if (subreq == NULL) { - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_accept: " - "no memory for tstream_read_pdu_blob_send"); - return; - } - tevent_req_set_callback(subreq, wbsrv_call_loop, wbsrv_conn); -} - -/* - called on a tcp recv -*/ -static void wbsrv_recv(struct stream_connection *conn, uint16_t flags) -{ - struct wbsrv_connection *wbsrv_conn = talloc_get_type(conn->private_data, - struct wbsrv_connection); - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_recv: called"); -} - -/* - called when we can write to a connection -*/ -static void wbsrv_send(struct stream_connection *conn, uint16_t flags) -{ - struct wbsrv_connection *wbsrv_conn = talloc_get_type(conn->private_data, - struct wbsrv_connection); - /* this should never be triggered! */ - wbsrv_terminate_connection(wbsrv_conn, "wbsrv_send: called"); -} - -static const struct stream_server_ops wbsrv_ops = { - .name = "winbind samba3 protocol", - .accept_connection = wbsrv_accept, - .recv_handler = wbsrv_recv, - .send_handler = wbsrv_send -}; - -/* - startup the winbind task -*/ -static void winbind_task_init(struct task_server *task) -{ - uint16_t port = 1; - const struct model_ops *model_ops; - NTSTATUS status; - struct wbsrv_service *service; - struct wbsrv_listen_socket *listen_socket; - char *errstring; - struct dom_sid *primary_sid = NULL; - bool ok; - - task_server_set_title(task, "task[winbind]"); - - /* within the winbind task we want to be a single process, so - ask for the single process model ops and pass these to the - stream_setup_socket() call. */ - model_ops = process_model_startup("single"); - if (!model_ops) { - task_server_terminate(task, - "Can't find 'single' process model_ops", true); - return; - } - - /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ - ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx), - geteuid(), 0755); - if (!ok) { - task_server_terminate(task, - "Cannot create winbindd pipe directory", true); - return; - } - - /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ - ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx), - geteuid(), 0750); - if (!ok) { - task_server_terminate(task, - "Cannot create winbindd privileged pipe directory", true); - return; - } - - service = talloc_zero(task, struct wbsrv_service); - if (!service) goto nomem; - service->task = task; - - - /* Find the primary SID, depending if we are a standalone - * server (what good is winbind in this case, but anyway...), - * or are in a domain as a member or a DC */ - switch (lpcfg_server_role(service->task->lp_ctx)) { - case ROLE_STANDALONE: - primary_sid = secrets_get_domain_sid(service, - service->task->lp_ctx, - lpcfg_netbios_name(service->task->lp_ctx), - &service->sec_channel_type, - &errstring); - if (!primary_sid) { - char *message = talloc_asprintf(task, - "Cannot start Winbind (standalone configuration): %s: " - "Have you provisioned this server (%s) or changed it's name?", - errstring, lpcfg_netbios_name(service->task->lp_ctx)); - task_server_terminate(task, message, true); - return; - } - break; - case ROLE_DOMAIN_MEMBER: - primary_sid = secrets_get_domain_sid(service, - service->task->lp_ctx, - lpcfg_workgroup(service->task->lp_ctx), - &service->sec_channel_type, - &errstring); - if (!primary_sid) { - char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: " - "Have you joined the %s domain?", - errstring, lpcfg_workgroup(service->task->lp_ctx)); - task_server_terminate(task, message, true); - return; - } - break; - case ROLE_ACTIVE_DIRECTORY_DC: - primary_sid = secrets_get_domain_sid(service, - service->task->lp_ctx, - lpcfg_workgroup(service->task->lp_ctx), - &service->sec_channel_type, - &errstring); - if (!primary_sid) { - char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: " - "Have you provisioned the %s domain?", - errstring, lpcfg_workgroup(service->task->lp_ctx)); - task_server_terminate(task, message, true); - return; - } - break; - case ROLE_DOMAIN_PDC: - case ROLE_DOMAIN_BDC: - task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true); - return; - } - service->primary_sid = primary_sid; - - service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx); - if (service->idmap_ctx == NULL) { - task_server_terminate(task, "Failed to load idmap database", true); - return; - } - - service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx); - service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx); - - /* setup the unprivileged samba3 socket */ - listen_socket = talloc(service, struct wbsrv_listen_socket); - if (!listen_socket) goto nomem; - listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", - service->pipe_dir, - WINBINDD_SOCKET_NAME); - if (!listen_socket->socket_path) goto nomem; - listen_socket->service = service; - listen_socket->privileged = false; - status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, - &wbsrv_ops, "unix", - listen_socket->socket_path, &port, - lpcfg_socket_options(task->lp_ctx), - listen_socket); - if (!NT_STATUS_IS_OK(status)) goto listen_failed; - - /* setup the privileged samba3 socket */ - listen_socket = talloc(service, struct wbsrv_listen_socket); - if (!listen_socket) goto nomem; - listen_socket->socket_path - = talloc_asprintf(listen_socket, "%s/%s", - service->priv_pipe_dir, - WINBINDD_SOCKET_NAME); - if (!listen_socket->socket_path) goto nomem; - listen_socket->service = service; - listen_socket->privileged = true; - status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, - &wbsrv_ops, "unix", - listen_socket->socket_path, &port, - lpcfg_socket_options(task->lp_ctx), - listen_socket); - if (!NT_STATUS_IS_OK(status)) goto listen_failed; - - status = wbsrv_init_irpc(service); - if (!NT_STATUS_IS_OK(status)) goto irpc_failed; - - return; - -listen_failed: - DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n", - listen_socket->socket_path, nt_errstr(status))); - task_server_terminate(task, nt_errstr(status), true); - return; -irpc_failed: - DEBUG(0,("wbsrv_init_irpc() failed - %s\n", - nt_errstr(status))); - task_server_terminate(task, nt_errstr(status), true); - return; -nomem: - task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true); - return; -} - -/* - register ourselves as a available server -*/ -NTSTATUS server_service_winbind_init(void) -{ - return register_server_service("winbind", winbind_task_init); -} diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h deleted file mode 100644 index ea93de60c83..00000000000 --- a/source4/winbind/wb_server.h +++ /dev/null @@ -1,194 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main winbindd server routines - - Copyright (C) Stefan Metzmacher 2005 - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbind_struct_protocol.h" -#include "winbind/idmap.h" -#include "libnet/libnet.h" - -/* this struct stores global data for the winbind task */ -struct wbsrv_service { - struct task_server *task; - - const struct dom_sid *primary_sid; - enum netr_SchannelType sec_channel_type; - struct wbsrv_domain *domains; - struct idmap_context *idmap_ctx; - const char *priv_pipe_dir; - const char *pipe_dir; - - struct wbsrv_connection *broken_connections; -}; - -struct wbsrv_samconn { - struct wbsrv_domain *domain; - void *private_data; - - struct composite_context (*seqnum_send)(struct wbsrv_samconn *); - NTSTATUS (*seqnum_recv)(struct composite_context *, uint64_t *); -}; - -struct wb_dom_info { - const char *name; - const char *dns_name; - const struct dom_sid *sid; - struct nbt_dc_name *dc; -}; - -struct wbsrv_domain { - struct wbsrv_domain *next, *prev; - - struct wbsrv_service *service; - - struct wb_dom_info *info; - - /* Details for the server we are currently talking to */ - const char *dc_address; - const char *dc_name; - - struct libnet_context *libnet_ctx; - - struct dcerpc_binding *lsa_binding; - - struct dcerpc_binding *samr_binding; - - struct dcerpc_pipe *netlogon_pipe; - struct dcerpc_binding *netlogon_binding; - /* netlogon_creds usage needs to be queued */ - struct tevent_queue *netlogon_queue; -}; - -/* - state of a listen socket and it's protocol information -*/ -struct wbsrv_listen_socket { - const char *socket_path; - struct wbsrv_service *service; - bool privileged; -}; - -/* - state of an open winbind connection -*/ -struct wbsrv_connection { - /* for the broken_connections DLIST */ - struct wbsrv_connection *prev, *next; - - /* stream connection we belong to */ - struct stream_connection *conn; - - /* the listening socket we belong to, it holds protocol hooks */ - struct wbsrv_listen_socket *listen_socket; - - /* storage for protocol specific data */ - void *protocol_private_data; - - /* how many calls are pending (do not terminate the connection with calls pending a reply) */ - uint32_t pending_calls; - - /* is this connection pending termination? If so, why? */ - const char *terminate; - - struct tstream_context *tstream; - - struct tevent_queue *send_queue; - - struct loadparm_context *lp_ctx; -}; - -#define WBSRV_SAMBA3_SET_STRING(dest, src) do { \ - memset(dest, 0, sizeof(dest));\ - strlcpy((dest), (src) ? (src) : "", sizeof(dest));\ -} while(0) - -/* - state of a pwent query -*/ -struct wbsrv_pwent { - /* Current UserList structure, contains 1+ user structs */ - struct libnet_UserList *user_list; - - /* Index of the next user struct in the current UserList struct */ - uint32_t page_index; - - /* The libnet_ctx to use for the libnet_UserList call */ - struct libnet_context *libnet_ctx; -}; -/* - state of a grent query -*/ -struct wbsrv_grent { - /* Current UserList structure, contains 1+ user structs */ - struct libnet_GroupList *group_list; - - /* Index of the next user struct in the current UserList struct */ - uint32_t page_index; - - /* The libnet_ctx to use for the libnet_UserList call */ - struct libnet_context *libnet_ctx; -}; - -/* - state of one request - - NOTE about async replies: - if the backend wants to reply later: - - - it should set the WBSRV_CALL_FLAGS_REPLY_ASYNC flag, and may set a - talloc_destructor on the this structure or on the private_data (if it's a - talloc child of this structure), so that wbsrv_terminate_connection - called by another call clean up the whole connection correct. - - When the backend is ready to reply it should call wbsrv_send_reply(call), - wbsrv_send_reply implies talloc_free(call), so the backend should use - talloc_reference(call), if it needs it later. - - If wbsrv_send_reply doesn't return NT_STATUS_OK, the backend function - should call, wbsrv_terminate_connection(call->wbconn, nt_errstr(status)); - return; - -*/ -struct wbsrv_samba3_call { -#define WBSRV_CALL_FLAGS_REPLY_ASYNC 0x00000001 - uint32_t flags; - - /* the connection the call belongs to */ - struct wbsrv_connection *wbconn; - - /* here the backend can store stuff like composite_context's ... */ - void *private_data; - - /* the request structure of the samba3 protocol */ - struct winbindd_request *request; - - /* the response structure of the samba3 protocol*/ - struct winbindd_response *response; - - DATA_BLOB in; - DATA_BLOB out; - struct iovec out_iov[1]; -}; - -struct netr_LMSessionKey; -struct netr_UserSessionKey; -struct winbind_SamLogon; -struct winbind_DsrUpdateReadOnlyServerDnsRecords; - -#include "winbind/wb_async_helpers.h" -#include "winbind/wb_proto.h" diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c deleted file mode 100644 index 172a6d0a09a..00000000000 --- a/source4/winbind/wb_sid2domain.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Find and init a domain struct for a SID - - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include <tevent.h> -#include "../lib/util/tevent_ntstatus.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" -#include "../lib/util/dlinklist.h" -#include "param/param.h" - -static struct wbsrv_domain *find_domain_from_sid(struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct wbsrv_domain *domain; - - for (domain = service->domains; domain!=NULL; domain = domain->next) { - if (dom_sid_equal(domain->info->sid, sid)) { - break; - } - if (dom_sid_in_domain(domain->info->sid, sid)) { - break; - } - } - return domain; -} - -struct wb_sid2domain_state { - struct wbsrv_service *service; - struct dom_sid sid; - - struct wbsrv_domain *domain; -}; - -static void wb_sid2domain_recv_dom_info(struct composite_context *ctx); -static void wb_sid2domain_recv_name(struct composite_context *ctx); -static void wb_sid2domain_recv_trusted_dom_info(struct composite_context *ctx); -static void wb_sid2domain_recv_init(struct composite_context *ctx); - -static struct tevent_req *_wb_sid2domain_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct tevent_req *req; - struct wb_sid2domain_state *state; - struct composite_context *ctx; - - DEBUG(5, ("wb_sid2domain_send called\n")); - - req = tevent_req_create(mem_ctx, &state, - struct wb_sid2domain_state); - if (req == NULL) { - return NULL; - } - - state->service = service; - state->sid = *sid; - - state->domain = find_domain_from_sid(service, sid); - if (state->domain != NULL) { - tevent_req_done(req); - return tevent_req_post(req, ev); - } - - if (dom_sid_equal(service->primary_sid, sid) || - dom_sid_in_domain(service->primary_sid, sid)) { - ctx = wb_get_dom_info_send(state, service, - lpcfg_workgroup(service->task->lp_ctx), - lpcfg_realm(service->task->lp_ctx), - service->primary_sid); - if (tevent_req_nomem(ctx, req)) { - return tevent_req_post(req, ev); - } - ctx->async.fn = wb_sid2domain_recv_dom_info; - ctx->async.private_data = req; - - return req; - } - - if (dom_sid_equal(&global_sid_Builtin, sid) || - dom_sid_in_domain(&global_sid_Builtin, sid)) { - ctx = wb_get_dom_info_send(state, service, - "BUILTIN", NULL, - &global_sid_Builtin); - if (tevent_req_nomem(ctx, req)) { - return tevent_req_post(req, ev); - } - ctx->async.fn = wb_sid2domain_recv_dom_info; - ctx->async.private_data = req; - - return req; - } - - ctx = wb_cmd_lookupsid_send(state, service, &state->sid); - if (tevent_req_nomem(ctx, req)) { - return tevent_req_post(req, ev); - } - ctx->async.fn = wb_sid2domain_recv_name; - ctx->async.private_data = req; - - return req; -} - -static void wb_sid2domain_recv_dom_info(struct composite_context *ctx) -{ - struct tevent_req *req = - talloc_get_type_abort(ctx->async.private_data, - struct tevent_req); - struct wb_sid2domain_state *state = - tevent_req_data(req, - struct wb_sid2domain_state); - struct wb_dom_info *info; - NTSTATUS status; - - status = wb_get_dom_info_recv(ctx, state, &info); - if (tevent_req_nterror(req, status)) { - return; - } - - ctx = wb_init_domain_send(state, state->service, info); - if (tevent_req_nomem(ctx, req)) { - return; - } - ctx->async.fn = wb_sid2domain_recv_init; - ctx->async.private_data = req; -} - -static void wb_sid2domain_recv_name(struct composite_context *ctx) -{ - struct tevent_req *req = - talloc_get_type_abort(ctx->async.private_data, - struct tevent_req); - struct wb_sid2domain_state *state = - tevent_req_data(req, - struct wb_sid2domain_state); - struct wb_sid_object *name; - NTSTATUS status; - - status = wb_cmd_lookupsid_recv(ctx, state, &name); - if (tevent_req_nterror(req, status)) { - return; - } - - if (name->type == SID_NAME_UNKNOWN) { - tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); - return; - } - - if (name->type != SID_NAME_DOMAIN) { - state->sid.num_auths -= 1; - } - - ctx = wb_trusted_dom_info_send(state, state->service, name->domain, - &state->sid); - if (tevent_req_nomem(ctx, req)) { - return; - } - ctx->async.fn = wb_sid2domain_recv_trusted_dom_info; - ctx->async.private_data = req; -} - -static void wb_sid2domain_recv_trusted_dom_info(struct composite_context *ctx) -{ - struct tevent_req *req = - talloc_get_type_abort(ctx->async.private_data, - struct tevent_req); - struct wb_sid2domain_state *state = - tevent_req_data(req, - struct wb_sid2domain_state); - struct wb_dom_info *info; - NTSTATUS status; - - status = wb_trusted_dom_info_recv(ctx, state, &info); - if (tevent_req_nterror(req, status)) { - return; - } - - ctx = wb_init_domain_send(state, state->service, info); - if (tevent_req_nomem(ctx, req)) { - return; - } - ctx->async.fn = wb_sid2domain_recv_init; - ctx->async.private_data = req; -} - -static void wb_sid2domain_recv_init(struct composite_context *ctx) -{ - struct tevent_req *req = - talloc_get_type_abort(ctx->async.private_data, - struct tevent_req); - struct wb_sid2domain_state *state = - tevent_req_data(req, - struct wb_sid2domain_state); - struct wbsrv_domain *existing; - NTSTATUS status; - - status = wb_init_domain_recv(ctx, state, &state->domain); - if (tevent_req_nterror(req, status)) { - DEBUG(10, ("Could not init domain\n")); - return; - } - - existing = find_domain_from_sid(state->service, &state->sid); - if (existing != NULL) { - DEBUG(5, ("Initialized domain twice, dropping second one\n")); - talloc_free(state->domain); - state->domain = existing; - } else { - talloc_steal(state->service, state->domain); - DLIST_ADD(state->service->domains, state->domain); - } - - tevent_req_done(req); -} - -static NTSTATUS _wb_sid2domain_recv(struct tevent_req *req, - struct wbsrv_domain **result) -{ - struct wb_sid2domain_state *state = - tevent_req_data(req, - struct wb_sid2domain_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { - tevent_req_received(req); - return status; - } - - *result = state->domain; - tevent_req_received(req); - return NT_STATUS_OK; -} - -struct sid2domain_state { - struct composite_context *ctx; - struct wbsrv_domain *domain; -}; - -static void sid2domain_recv_domain(struct tevent_req *subreq); - -struct composite_context *wb_sid2domain_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - const struct dom_sid *sid) -{ - struct composite_context *result; - struct sid2domain_state *state; - struct tevent_req *subreq; - - DEBUG(5, ("wb_sid2domain_send called\n")); - result = composite_create(mem_ctx, service->task->event_ctx); - if (result == NULL) goto failed; - - state = talloc(result, struct sid2domain_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - - subreq = _wb_sid2domain_send(state, - result->event_ctx, - service, sid); - if (subreq == NULL) goto failed; - tevent_req_set_callback(subreq, sid2domain_recv_domain, state); - - return result; - - failed: - talloc_free(result); - return NULL; - -} - -static void sid2domain_recv_domain(struct tevent_req *subreq) -{ - struct sid2domain_state *state = - tevent_req_callback_data(subreq, - struct sid2domain_state); - - state->ctx->status = _wb_sid2domain_recv(subreq, &state->domain); - TALLOC_FREE(subreq); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - -NTSTATUS wb_sid2domain_recv(struct composite_context *ctx, - struct wbsrv_domain **result) -{ - NTSTATUS status = composite_wait(ctx); - if (NT_STATUS_IS_OK(status)) { - struct sid2domain_state *state = - talloc_get_type(ctx->private_data, - struct sid2domain_state); - *result = state->domain; - } - talloc_free(ctx); - return status; -} - -NTSTATUS wb_sid2domain(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - const struct dom_sid *sid, - struct wbsrv_domain **result) -{ - struct composite_context *c = wb_sid2domain_send(mem_ctx, service, - sid); - return wb_sid2domain_recv(c, result); -} diff --git a/source4/winbind/wb_sid2gid.c b/source4/winbind/wb_sid2gid.c deleted file mode 100644 index e1061544d24..00000000000 --- a/source4/winbind/wb_sid2gid.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Map a SID to a gid - - Copyright (C) 2007-2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" - -struct sid2gid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - gid_t gid; -}; - -static void sid2gid_recv_gid(struct composite_context *ctx); - -struct composite_context *wb_sid2gid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct sid2gid_state *state; - struct id_map *ids; - - DEBUG(5, ("wb_sid2gid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct sid2gid_state); - if(composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - ids = talloc(result, struct id_map); - if (composite_nomem(ids, result)) return result; - - ids->sid = dom_sid_dup(result, sid); - if (composite_nomem(ids->sid, result)) return result; - - ctx = wb_sids2xids_send(result, service, 1, ids); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, sid2gid_recv_gid, state); - return result; -} - -static void sid2gid_recv_gid(struct composite_context *ctx) -{ - struct sid2gid_state *state = talloc_get_type(ctx->async.private_data, - struct sid2gid_state); - - struct id_map *ids = NULL; - - state->ctx->status = wb_sids2xids_recv(ctx, &ids, NULL); - if (!composite_is_ok(state->ctx)) return; - - if (ids->status != ID_MAPPED) { - composite_error(state->ctx, NT_STATUS_UNSUCCESSFUL); - return; - } - - if (ids->xid.type == ID_TYPE_BOTH || - ids->xid.type == ID_TYPE_GID) { - state->gid = ids->xid.id; - composite_done(state->ctx); - return; - } else { - composite_error(state->ctx, NT_STATUS_INVALID_SID); - return; - } -} - -NTSTATUS wb_sid2gid_recv(struct composite_context *ctx, gid_t *gid) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_sid2gid_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct sid2gid_state *state = - talloc_get_type(ctx->private_data, - struct sid2gid_state); - *gid = state->gid; - } - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_sid2uid.c b/source4/winbind/wb_sid2uid.c deleted file mode 100644 index 2b5fec53810..00000000000 --- a/source4/winbind/wb_sid2uid.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Map a SID to a uid - - Copyright (C) 2007-2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "libcli/security/security.h" - -struct sid2uid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - uid_t uid; -}; - -static void sid2uid_recv_uid(struct composite_context *ctx); - -struct composite_context *wb_sid2uid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, const struct dom_sid *sid) -{ - struct composite_context *result, *ctx; - struct sid2uid_state *state; - struct id_map *ids; - - DEBUG(5, ("wb_sid2uid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct sid2uid_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - ids = talloc(result, struct id_map); - if (composite_nomem(ids, result)) return result; - - ids->sid = dom_sid_dup(result, sid); - if (composite_nomem(ids->sid, result)) return result; - - ctx = wb_sids2xids_send(result, service, 1, ids); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, sid2uid_recv_uid, state); - return result; -} - -static void sid2uid_recv_uid(struct composite_context *ctx) -{ - struct sid2uid_state *state = talloc_get_type(ctx->async.private_data, - struct sid2uid_state); - - struct id_map *ids = NULL; - - state->ctx->status = wb_sids2xids_recv(ctx, &ids, NULL); - if (!composite_is_ok(state->ctx)) return; - - if (ids->status != ID_MAPPED) { - composite_error(state->ctx, NT_STATUS_UNSUCCESSFUL); - return; - } - - if (ids->xid.type == ID_TYPE_BOTH || - ids->xid.type == ID_TYPE_UID) { - state->uid = ids->xid.id; - composite_done(state->ctx); - return; - } else { - composite_error(state->ctx, NT_STATUS_INVALID_SID); - return; - } -} - -NTSTATUS wb_sid2uid_recv(struct composite_context *ctx, uid_t *uid) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_sid2uid_recv called\n")); - - if (NT_STATUS_IS_OK(status)) { - struct sid2uid_state *state = - talloc_get_type(ctx->private_data, - struct sid2uid_state); - *uid = state->uid; - } - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_sids2xids.c b/source4/winbind/wb_sids2xids.c deleted file mode 100644 index 01ad64580b6..00000000000 --- a/source4/winbind/wb_sids2xids.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Map SIDs to unixids. - - Copyright (C) 2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct sids2xids_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct id_map *ids; - int count; -}; - -struct composite_context *wb_sids2xids_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - unsigned int count, struct id_map *ids) -{ - struct composite_context *result; - struct sids2xids_state *state; - struct id_map **pointer_array; - unsigned int i; - - DEBUG(5, ("wb_sids2xids_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct sids2xids_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->count = count; - state->ids = ids; - - /* We need to convert between calling conventions here - the - * values are filled in by reference, so we just need to - * provide pointers to them */ - pointer_array = talloc_array(state, struct id_map *, count+1); - if (composite_nomem(pointer_array, result)) return result; - - for (i=0; i < count; i++) { - pointer_array[i] = &ids[i]; - } - pointer_array[i] = NULL; - - state->ctx->status = idmap_sids_to_xids(service->idmap_ctx, mem_ctx, - pointer_array); - if (!composite_is_ok(state->ctx)) return result; - - composite_done(state->ctx); - return result; -} - -NTSTATUS wb_sids2xids_recv(struct composite_context *ctx, - struct id_map **ids, unsigned *count) -{ - NTSTATUS status = composite_wait(ctx); - struct sids2xids_state *state = talloc_get_type(ctx->private_data, - struct sids2xids_state); - - DEBUG(5, ("wb_sids2xids_recv called\n")); - - /* We don't have to mess with pointer_array on the way out, as - * the results are filled into the pointers the caller - * supplied */ - *ids = state->ids; - if (count != NULL) { - *count = state->count; - } - - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_uid2sid.c b/source4/winbind/wb_uid2sid.c deleted file mode 100644 index 61b7704167e..00000000000 --- a/source4/winbind/wb_uid2sid.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Command backend for wbinfo -U - - Copyright (C) 2007-2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct uid2sid_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct dom_sid *sid; -}; - -static void uid2sid_recv_sid(struct composite_context *ctx); - -struct composite_context *wb_uid2sid_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, uid_t uid) -{ - struct composite_context *result, *ctx; - struct uid2sid_state *state; - struct id_map *ids; - - DEBUG(5, ("wb_uid2sid_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(result, struct uid2sid_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - - ids = talloc(result, struct id_map); - if (composite_nomem(ids, result)) return result; - ids->sid = NULL; - ids->xid.id = uid; - ids->xid.type = ID_TYPE_UID; - - ctx = wb_xids2sids_send(result, service, 1, ids); - if (composite_nomem(ctx, result)) return result; - - composite_continue(result, ctx, uid2sid_recv_sid, state); - return result; -} - -static void uid2sid_recv_sid(struct composite_context *ctx) -{ - struct uid2sid_state *state = talloc_get_type(ctx->async.private_data, - struct uid2sid_state); - struct id_map *ids = NULL; - - state->ctx->status = wb_xids2sids_recv(ctx, &ids); - if (!composite_is_ok(state->ctx)) return; - - if (ids->status != ID_MAPPED) { - composite_error(state->ctx, NT_STATUS_UNSUCCESSFUL); - return; - } - - state->sid = ids->sid; - - composite_done(state->ctx); -} - -NTSTATUS wb_uid2sid_recv(struct composite_context *ctx, TALLOC_CTX *mem_ctx, - struct dom_sid **sid) -{ - NTSTATUS status = composite_wait(ctx); - - DEBUG(5, ("wb_uid2sid_recv called.\n")); - - if (NT_STATUS_IS_OK(status)) { - struct uid2sid_state *state = - talloc_get_type(ctx->private_data, - struct uid2sid_state); - *sid = talloc_steal(mem_ctx, state->sid); - } - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/wb_update_rodc_dns.c b/source4/winbind/wb_update_rodc_dns.c deleted file mode 100644 index bd29d7865c1..00000000000 --- a/source4/winbind/wb_update_rodc_dns.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Do a netr_DsrUpdateReadOnlyServerDnsRecords to a remote DC - - Copyright (C) Andrew Bartlett 2010 - Copyright (C) Andrew Tridgell 2010 - - based heavily on wb_sam_logon.c which is copyright: - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Andrew Bartlett 2005 - Copyright (C) Stefan Metzmacher 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include <tevent.h> -#include "../lib/util/tevent_ntstatus.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" -#include "auth/credentials/credentials.h" -#include "libcli/auth/libcli_auth.h" -#include "librpc/gen_ndr/ndr_netlogon_c.h" -#include "librpc/gen_ndr/winbind.h" - -struct wb_update_rodc_dns_state { - struct tevent_context *ev; - - struct winbind_DsrUpdateReadOnlyServerDnsRecords *req; - - struct wbsrv_domain *domain; - struct tevent_queue_entry *queue_entry; - struct netlogon_creds_CredentialState *creds_state; - struct netr_Authenticator auth1, auth2; - - TALLOC_CTX *r_mem_ctx; - struct netr_DsrUpdateReadOnlyServerDnsRecords r; -}; - -static void wb_update_rodc_dns_recv_domain(struct composite_context *csubreq); -static void wb_sam_logon_queue_trigger(struct tevent_req *req, void *priv); -static void wb_update_rodc_dns_recv_response(struct tevent_req *subreq); - -/* - Find the connection to the DC (or find an existing connection) -*/ -struct tevent_req *wb_update_rodc_dns_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct wbsrv_service *service, - struct winbind_DsrUpdateReadOnlyServerDnsRecords *_req) -{ - struct tevent_req *req; - struct wb_update_rodc_dns_state *state; - struct composite_context *csubreq; - - req = tevent_req_create(mem_ctx, &state, - struct wb_update_rodc_dns_state); - if (req == NULL) { - return NULL; - } - state->ev = ev; - state->req = _req; - - csubreq = wb_sid2domain_send(state, service, service->primary_sid); - if (tevent_req_nomem(csubreq, req)) { - return tevent_req_post(req, ev); - } - csubreq->async.fn = wb_update_rodc_dns_recv_domain; - csubreq->async.private_data = req; - - return req; -} - -/* - Having finished making the connection to the DC - Send of a DsrUpdateReadOnlyServerDnsRecords request to authenticate a user. -*/ -static void wb_update_rodc_dns_recv_domain(struct composite_context *csubreq) -{ - struct tevent_req *req = - talloc_get_type_abort(csubreq->async.private_data, - struct tevent_req); - struct wb_update_rodc_dns_state *state = - tevent_req_data(req, - struct wb_update_rodc_dns_state); - NTSTATUS status; - struct tevent_queue_entry *e; - - status = wb_sid2domain_recv(csubreq, &state->domain); - if (tevent_req_nterror(req, status)) { - return; - } - - /* - * Because of the netlogon_creds behavior we have to - * queue the netr_LogonSamLogon() calls - */ - e = tevent_queue_add_entry(state->domain->netlogon_queue, - state->ev, - req, - wb_sam_logon_queue_trigger, - NULL); - state->queue_entry = e; -} - -static void wb_sam_logon_queue_trigger(struct tevent_req *req, void *priv) -{ - struct wb_update_rodc_dns_state *state = - tevent_req_data(req, - struct wb_update_rodc_dns_state); - struct wbsrv_domain *domain = state->domain; - struct tevent_req *subreq; - - state->creds_state = cli_credentials_get_netlogon_creds(domain->libnet_ctx->cred); - netlogon_creds_client_authenticator(state->creds_state, &state->auth1); - - state->r.in.server_name = talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(domain->netlogon_pipe)); - if (tevent_req_nomem(state->r.in.server_name, req)) { - return; - } - - state->r.in.computer_name = cli_credentials_get_workstation(domain->libnet_ctx->cred); - state->r.in.credential = &state->auth1; - state->r.out.return_authenticator = &state->auth2; - state->r.in.site_name = state->req->in.site_name; - state->r.in.dns_ttl = state->req->in.dns_ttl; - state->r.in.dns_names = state->req->in.dns_names; - state->r.out.dns_names = state->req->in.dns_names; - - /* - * use a new talloc context for the DsrUpdateReadOnlyServerDnsRecords call - * because then we can just to a talloc_steal on this context - * in the final _recv() function to give the caller all the content of - * the s->r.out.dns_names - */ - state->r_mem_ctx = talloc_new(state); - if (tevent_req_nomem(state->r_mem_ctx, req)) { - return; - } - - subreq = dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords_r_send(state, - state->ev, - domain->netlogon_pipe->binding_handle, - &state->r); - if (tevent_req_nomem(subreq, req)) { - return; - } - tevent_req_set_callback(subreq, wb_update_rodc_dns_recv_response, req); -} - -/* - NTLM Authentication - - Check the DsrUpdateReadOnlyServerDnsRecords reply and decrypt the session keys -*/ -static void wb_update_rodc_dns_recv_response(struct tevent_req *subreq) -{ - struct tevent_req *req = - tevent_req_callback_data(subreq, - struct tevent_req); - struct wb_update_rodc_dns_state *state = - tevent_req_data(req, - struct wb_update_rodc_dns_state); - NTSTATUS status; - bool ok; - - status = dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords_r_recv(subreq, - state->r_mem_ctx); - TALLOC_FREE(subreq); - if (tevent_req_nterror(req, status)) { - return; - } - - if (tevent_req_nterror(req, state->r.out.result)) { - return; - } - - if (state->r.out.return_authenticator == NULL) { - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return; - } - - ok = netlogon_creds_client_check(state->creds_state, - &state->r.out.return_authenticator->cred); - if (!ok) { - DEBUG(0, ("Credentials check failed!\n")); - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return; - } - - /* - * we do not need the netlogon_creds lock anymore - */ - TALLOC_FREE(state->queue_entry); - - tevent_req_done(req); -} - -NTSTATUS wb_update_rodc_dns_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct winbind_DsrUpdateReadOnlyServerDnsRecords *_req) -{ - struct wb_update_rodc_dns_state *state = - tevent_req_data(req, - struct wb_update_rodc_dns_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { - tevent_req_received(req); - return status; - } - - talloc_steal(mem_ctx, state->r_mem_ctx); - _req->out.dns_names = state->r.out.dns_names; - - tevent_req_received(req); - return NT_STATUS_OK; -} diff --git a/source4/winbind/wb_xids2sids.c b/source4/winbind/wb_xids2sids.c deleted file mode 100644 index aeec2ee5be6..00000000000 --- a/source4/winbind/wb_xids2sids.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Convet an unixid struct to a SID - - Copyright (C) 2008 Kai Blin - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/composite/composite.h" -#include "winbind/wb_server.h" -#include "smbd/service_task.h" - -struct xids2sids_state { - struct composite_context *ctx; - struct wbsrv_service *service; - struct id_map *ids; - int count; -}; - -struct composite_context *wb_xids2sids_send(TALLOC_CTX *mem_ctx, - struct wbsrv_service *service, - unsigned int count, struct id_map *ids) -{ - struct composite_context *result; - struct xids2sids_state *state; - struct id_map **pointer_array; - unsigned int i; - - DEBUG(5, ("wb_xids2sids_send called\n")); - - result = composite_create(mem_ctx, service->task->event_ctx); - if (!result) return NULL; - - state = talloc(mem_ctx, struct xids2sids_state); - if (composite_nomem(state, result)) return result; - - state->ctx = result; - result->private_data = state; - state->service = service; - state->count = count; - state->ids = ids; - - /* We need to convert between calling conventions here - the - * values are filled in by reference, so we just need to - * provide pointers to them */ - pointer_array = talloc_array(state, struct id_map *, count+1); - if (composite_nomem(pointer_array, result)) return result; - - for (i=0; i < count; i++) { - pointer_array[i] = &ids[i]; - } - pointer_array[i] = NULL; - - state->ctx->status = idmap_xids_to_sids(service->idmap_ctx, mem_ctx, - pointer_array); - if (!composite_is_ok(state->ctx)) return result; - - composite_done(state->ctx); - return result; -} - -NTSTATUS wb_xids2sids_recv(struct composite_context *ctx, - struct id_map **ids) -{ - NTSTATUS status = composite_wait(ctx); - struct xids2sids_state *state = talloc_get_type(ctx->private_data, - struct xids2sids_state); - - DEBUG(5, ("wb_xids2sids_recv called.\n")); - - /* We don't have to mess with pointer_array on the way out, as - * the results are filled into the pointers the caller - * supplied */ - *ids = state->ids; - - talloc_free(ctx); - return status; -} - diff --git a/source4/winbind/winbindd.c b/source4/winbind/winbindd.c index d8b79eeb73a..80abd7a3105 100644 --- a/source4/winbind/winbindd.c +++ b/source4/winbind/winbindd.c @@ -90,5 +90,9 @@ NTSTATUS server_service_winbindd_init(void); NTSTATUS server_service_winbindd_init(void) { - return register_server_service("winbindd", winbindd_task_init); + NTSTATUS status = register_server_service("winbindd", winbindd_task_init); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + return register_server_service("winbind", winbindd_task_init); } diff --git a/source4/winbind/wscript_build b/source4/winbind/wscript_build index e6710ceb2e3..e242a6abcb7 100644 --- a/source4/winbind/wscript_build +++ b/source4/winbind/wscript_build @@ -1,15 +1,6 @@ #!/usr/bin/env python -bld.SAMBA_MODULE('service_winbind', - source='wb_server.c wb_irpc.c wb_samba3_protocol.c wb_samba3_cmd.c wb_init_domain.c wb_dom_info.c wb_dom_info_trusted.c wb_sid2domain.c wb_name2domain.c wb_sids2xids.c wb_xids2sids.c wb_gid2sid.c wb_sid2uid.c wb_sid2gid.c wb_uid2sid.c wb_connect_lsa.c wb_connect_sam.c wb_cmd_lookupname.c wb_cmd_lookupsid.c wb_cmd_getdcname.c wb_cmd_getgrnam.c wb_cmd_getgrgid.c wb_cmd_getpwnam.c wb_cmd_getpwuid.c wb_cmd_userdomgroups.c wb_cmd_usersids.c wb_cmd_list_groups.c wb_cmd_list_trustdom.c wb_cmd_list_users.c wb_cmd_setpwent.c wb_cmd_getpwent.c wb_cmd_getgrent.c wb_cmd_setgrent.c wb_cmd_getgroups.c wb_pam_auth.c wb_sam_logon.c wb_update_rodc_dns.c', - autoproto='wb_proto.h', - subsystem='service', - init_function='server_service_winbind_init', - deps='WB_HELPER IDMAP NDR_WINBIND process_model RPC_NDR_LSA dcerpc-samr PAM_ERRORS cli-ldap samba-net LIBSAMBA_TSOCKET', - internal_module=False, - ) - bld.SAMBA_MODULE('service_winbindd', source='winbindd.c', subsystem='service', |