The branch, v3-3-test has been updated
via 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033 (commit)
via cb5e8f60ac3313aec726c01687a040e6e0e42c10 (commit)
from c572d537e088a3fffb057181cad9a3692e40b815 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033
Author: coffeedude <[EMAIL PROTECTED]>
Date: Tue May 13 12:58:52 2008 -0500
libwbclient: Abstract the DS_XXX flags for DsGetDcName().
The wbcLookupDomainController() call supports a set of flags
defined in wbclient.h. Add a mapping function between these
flags and the original DS_XXX flags in order to prevent having
to include the generated RPC headers in wbclient.h.
commit cb5e8f60ac3313aec726c01687a040e6e0e42c10
Author: coffeedude <[EMAIL PROTECTED]>
Date: Tue May 13 12:52:20 2008 -0500
libwbclient: Add wbcLogoffUser() and wbcLookupDomainController().
Add new APIs calls for WINBINDD_PAM_LOGOFF and WINBINDD_DSGETDCNAME
ops.
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/libwbclient/wbc_pam.c | 52 ++++++++++++++++++++++++++
source/nsswitch/libwbclient/wbc_util.c | 62 ++++++++++++++++++++++++++++++-
source/nsswitch/libwbclient/wbclient.c | 4 ++
source/nsswitch/libwbclient/wbclient.h | 44 ++++++++++++++++++++++-
source/winbindd/winbindd.h | 1 +
source/winbindd/winbindd_locator.c | 46 +++++++++++++++++++++++-
6 files changed, 205 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/libwbclient/wbc_pam.c
b/source/nsswitch/libwbclient/wbc_pam.c
index a0e91fa..a3fb212 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
done:
return wbc_status;
}
+
+/** @brief Trigger a logoff notification to Winbind for a specific user
+ *
+ * @param username Name of user to remove from Winbind's list of
+ * logged on users.
+ * @param uid Uid assigned to the username
+ * @param ccfilename Absolute path to the Krb5 credentials cache to
+ * be removed
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcLogoffUser(const char *username,
+ uid_t uid,
+ const char *ccfilename)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct passwd *pw = NULL;
+
+ /* validate input */
+
+ if (!username) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.logoff.user, username,
+ sizeof(request.data.logoff.user)-1);
+ request.data.logoff.uid = uid;
+
+ if (ccfilename) {
+ strncpy(request.data.logoff.krb5ccname, ccfilename,
+ sizeof(request.data.logoff.krb5ccname)-1);
+ }
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF,
+ &request,
+ &response);
+
+ /* Take the response above and return it to the caller */
+
+ done:
+ return wbc_status;
+}
diff --git a/source/nsswitch/libwbclient/wbc_util.c
b/source/nsswitch/libwbclient/wbc_util.c
index 3afd8a2..24568f9 100644
--- a/source/nsswitch/libwbclient/wbc_util.c
+++ b/source/nsswitch/libwbclient/wbc_util.c
@@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name)
/**
*/
-static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
+static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
struct wbcDomainInfo *info,
char *info_string)
{
@@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t
*num_domains)
p = (char *)response.extra_data.data;
if (strlen(p) == 0) {
- /* We should always at least get back our
+ /* We should always at least get back our
own SAM domain */
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
@@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
size_t *num_domains)
return wbc_status;
}
+
+/** @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param domain Name of the domain to query for a DC
+ * @flags Bit flags used to control the domain location query
+ * @param *dc_info Pointer to the returned domain controller information
+ *
+ * @return #wbcErr
+ *
+ **/
+
+
+
+wbcErr wbcLookupDomainController(const char *domain,
+ uint32_t flags,
+ struct wbcDomainControllerInfo **dc_info)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ struct wbcDomainControllerInfo *dc = NULL;
+
+ /* validate input params */
+
+ if (!domain || !dc_info) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.domain_name, domain, sizeof(request.domain_name)-1);
+
+ request.flags = flags;
+
+ dc = talloc(NULL, struct wbcDomainControllerInfo);
+ BAIL_ON_PTR_ERROR(dc, wbc_status);
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ dc->dc_name = talloc_strdup(dc, response.data.dc_name);
+ BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
+
+ *dc_info = dc;
+
+done:
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ talloc_free(dc);
+ }
+
+ return wbc_status;
+}
diff --git a/source/nsswitch/libwbclient/wbclient.c
b/source/nsswitch/libwbclient/wbclient.c
index 9383fd5..6403c15 100644
--- a/source/nsswitch/libwbclient/wbclient.c
+++ b/source/nsswitch/libwbclient/wbclient.c
@@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error)
return "WBC_ERR_INVALID_RESPONSE";
case WBC_ERR_NSS_ERROR:
return "WBC_ERR_NSS_ERROR";
+ case WBC_ERR_UNKNOWN_USER:
+ return "WBC_ERR_UNKNOWN_USER";
+ case WBC_ERR_UNKNOWN_GROUP:
+ return "WBC_ERR_UNKNOWN_GROUP";
case WBC_ERR_AUTH_ERROR:
return "WBC_ERR_AUTH_ERROR";
}
diff --git a/source/nsswitch/libwbclient/wbclient.h
b/source/nsswitch/libwbclient/wbclient.h
index f236c43..da466b4 100644
--- a/source/nsswitch/libwbclient/wbclient.h
+++ b/source/nsswitch/libwbclient/wbclient.h
@@ -42,7 +42,9 @@ enum _wbcErrType {
WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot
be found **/
WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid
response **/
WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
- WBC_ERR_AUTH_ERROR /**< Authentication failed **/
+ WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
+ WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
+ WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */
};
typedef enum _wbcErrType wbcErr;
@@ -290,6 +292,15 @@ struct wbcAuthErrorInfo {
};
/*
+ * DomainControllerInfo struct
+ */
+struct wbcDomainControllerInfo {
+ char *dc_name;
+};
+
+
+
+/*
* Memory Management
*/
@@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain,
wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
size_t *num_domains);
+/* Flags for wbcLookupDomainController */
+
+#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
+#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
+#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
+#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
+#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
+#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
+#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
+#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
+#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
+#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
+#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
+#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
+#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
+#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
+#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
+#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
+#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
+#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
+#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
+
+wbcErr wbcLookupDomainController(const char *domain,
+ uint32_t flags,
+ struct wbcDomainControllerInfo **dc_info);
/*
* Athenticate functions
@@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct
wbcAuthUserParams *params,
struct wbcAuthUserInfo **info,
struct wbcAuthErrorInfo **error);
+wbcErr wbcLogoffUser(const char *username,
+ uid_t uid,
+ const char *ccfilename);
+
+
/*
* Resolve functions
*/
@@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name);
wbcErr wbcCheckTrustCredentials(const char *domain,
struct wbcAuthErrorInfo **error);
+
#endif /* _WBCLIENT_H */
diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h
index 0840e58..301d877 100644
--- a/source/winbindd/winbindd.h
+++ b/source/winbindd/winbindd.h
@@ -24,6 +24,7 @@
#define _WINBINDD_H
#include "nsswitch/winbind_struct_protocol.h"
+#include "nsswitch/libwbclient/wbclient.h"
#ifdef HAVE_LIBNSCD
#include <libnscd.h>
diff --git a/source/winbindd/winbindd_locator.c
b/source/winbindd/winbindd_locator.c
index 709fbcc..b2a8bd7 100644
--- a/source/winbindd/winbindd_locator.c
+++ b/source/winbindd/winbindd_locator.c
@@ -54,12 +54,54 @@ void winbindd_dsgetdcname(struct winbindd_cli_state *state)
sendto_child(state, locator_child());
}
+struct wbc_flag_map {
+ uint32_t wbc_dc_flag;
+ uint32_t ds_dc_flags;
+};
+
+static uint32_t get_dsgetdc_flags(uint32_t wbc_flags)
+{
+ struct wbc_flag_map lookup_dc_flags[] = {
+ { WBC_LOOKUP_DC_FORCE_REDISCOVERY, DS_FORCE_REDISCOVERY },
+ { WBC_LOOKUP_DC_DS_REQUIRED, DS_DIRECTORY_SERVICE_REQUIRED },
+ { WBC_LOOKUP_DC_DS_PREFERRED, DS_DIRECTORY_SERVICE_PREFERRED},
+ { WBC_LOOKUP_DC_GC_SERVER_REQUIRED, DS_GC_SERVER_REQUIRED },
+ { WBC_LOOKUP_DC_PDC_REQUIRED, DS_PDC_REQUIRED},
+ { WBC_LOOKUP_DC_BACKGROUND_ONLY, DS_BACKGROUND_ONLY },
+ { WBC_LOOKUP_DC_IP_REQUIRED, DS_IP_REQUIRED },
+ { WBC_LOOKUP_DC_KDC_REQUIRED, DS_KDC_REQUIRED },
+ { WBC_LOOKUP_DC_TIMESERV_REQUIRED, DS_TIMESERV_REQUIRED },
+ { WBC_LOOKUP_DC_WRITABLE_REQUIRED, DS_WRITABLE_REQUIRED },
+ { WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED,
DS_GOOD_TIMESERV_PREFERRED },
+ { WBC_LOOKUP_DC_AVOID_SELF, DS_AVOID_SELF },
+ { WBC_LOOKUP_DC_ONLY_LDAP_NEEDED, DS_ONLY_LDAP_NEEDED },
+ { WBC_LOOKUP_DC_IS_FLAT_NAME, DS_IS_FLAT_NAME },
+ { WBC_LOOKUP_DC_IS_DNS_NAME, DS_IS_DNS_NAME },
+ { WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE, DS_TRY_NEXTCLOSEST_SITE },
+ { WBC_LOOKUP_DC_DS_6_REQUIRED, DS_DIRECTORY_SERVICE_6_REQUIRED
},
+ { WBC_LOOKUP_DC_RETURN_DNS_NAME, DS_RETURN_DNS_NAME },
+ { WBC_LOOKUP_DC_RETURN_FLAT_NAME, DS_RETURN_FLAT_NAME }
+ };
+ uint32_t ds_flags = 0;
+ int i = 0 ;
+ int num_entries = sizeof(lookup_dc_flags) / sizeof(struct wbc_flag_map);
+
+ for (i=0; i<num_entries; i++) {
+ if (wbc_flags & lookup_dc_flags[i].wbc_dc_flag)
+ ds_flags |= lookup_dc_flags[i].ds_dc_flags;
+ }
+
+ return ds_flags;
+}
+
+
static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
NTSTATUS result;
struct netr_DsRGetDCNameInfo *info = NULL;
const char *dc = NULL;
+ uint32_t ds_flags = 0;
state->request.domain_name
[sizeof(state->request.domain_name)-1] = '\0';
@@ -67,9 +109,11 @@ static enum winbindd_result dual_dsgetdcname(struct
winbindd_domain *domain,
DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid,
state->request.domain_name));
+ ds_flags = get_dsgetdc_flags(state->request.flags);
+
result = dsgetdcname(state->mem_ctx, winbind_messaging_context(),
state->request.domain_name,
- NULL, NULL, state->request.flags, &info);
+ NULL, NULL, ds_flags, &info);
if (!NT_STATUS_IS_OK(result)) {
return WINBINDD_ERROR;
--
Samba Shared Repository
