The branch, v3-3-test has been updated via 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033 (commit) via cb5e8f60ac3313aec726c01687a040e6e0e42c10 (commit) from c572d537e088a3fffb057181cad9a3692e40b815 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033 Author: coffeedude <[EMAIL PROTECTED]> Date: Tue May 13 12:58:52 2008 -0500 libwbclient: Abstract the DS_XXX flags for DsGetDcName(). The wbcLookupDomainController() call supports a set of flags defined in wbclient.h. Add a mapping function between these flags and the original DS_XXX flags in order to prevent having to include the generated RPC headers in wbclient.h. commit cb5e8f60ac3313aec726c01687a040e6e0e42c10 Author: coffeedude <[EMAIL PROTECTED]> Date: Tue May 13 12:52:20 2008 -0500 libwbclient: Add wbcLogoffUser() and wbcLookupDomainController(). Add new APIs calls for WINBINDD_PAM_LOGOFF and WINBINDD_DSGETDCNAME ops. ----------------------------------------------------------------------- Summary of changes: source/nsswitch/libwbclient/wbc_pam.c | 52 ++++++++++++++++++++++++++ source/nsswitch/libwbclient/wbc_util.c | 62 ++++++++++++++++++++++++++++++- source/nsswitch/libwbclient/wbclient.c | 4 ++ source/nsswitch/libwbclient/wbclient.h | 44 ++++++++++++++++++++++- source/winbindd/winbindd.h | 1 + source/winbindd/winbindd_locator.c | 46 +++++++++++++++++++++++- 6 files changed, 205 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c index a0e91fa..a3fb212 100644 --- a/source/nsswitch/libwbclient/wbc_pam.c +++ b/source/nsswitch/libwbclient/wbc_pam.c @@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain, done: return wbc_status; } + +/** @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + * + **/ + +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct passwd *pw = NULL; + + /* validate input */ + + if (!username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, username, + sizeof(request.data.logoff.user)-1); + request.data.logoff.uid = uid; + + if (ccfilename) { + strncpy(request.data.logoff.krb5ccname, ccfilename, + sizeof(request.data.logoff.krb5ccname)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + + done: + return wbc_status; +} diff --git a/source/nsswitch/libwbclient/wbc_util.c b/source/nsswitch/libwbclient/wbc_util.c index 3afd8a2..24568f9 100644 --- a/source/nsswitch/libwbclient/wbc_util.c +++ b/source/nsswitch/libwbclient/wbc_util.c @@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name) /** */ -static wbcErr process_domain_info_string(TALLOC_CTX *ctx, +static wbcErr process_domain_info_string(TALLOC_CTX *ctx, struct wbcDomainInfo *info, char *info_string) { @@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) p = (char *)response.extra_data.data; if (strlen(p) == 0) { - /* We should always at least get back our + /* We should always at least get back our own SAM domain */ wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; @@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) return wbc_status; } + +/** @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + * + **/ + + + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + struct wbcDomainControllerInfo *dc = NULL; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.domain_name, domain, sizeof(request.domain_name)-1); + + request.flags = flags; + + dc = talloc(NULL, struct wbcDomainControllerInfo); + BAIL_ON_PTR_ERROR(dc, wbc_status); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + dc->dc_name = talloc_strdup(dc, response.data.dc_name); + BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status); + + *dc_info = dc; + +done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(dc); + } + + return wbc_status; +} diff --git a/source/nsswitch/libwbclient/wbclient.c b/source/nsswitch/libwbclient/wbclient.c index 9383fd5..6403c15 100644 --- a/source/nsswitch/libwbclient/wbclient.c +++ b/source/nsswitch/libwbclient/wbclient.c @@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error) return "WBC_ERR_INVALID_RESPONSE"; case WBC_ERR_NSS_ERROR: return "WBC_ERR_NSS_ERROR"; + case WBC_ERR_UNKNOWN_USER: + return "WBC_ERR_UNKNOWN_USER"; + case WBC_ERR_UNKNOWN_GROUP: + return "WBC_ERR_UNKNOWN_GROUP"; case WBC_ERR_AUTH_ERROR: return "WBC_ERR_AUTH_ERROR"; } diff --git a/source/nsswitch/libwbclient/wbclient.h b/source/nsswitch/libwbclient/wbclient.h index f236c43..da466b4 100644 --- a/source/nsswitch/libwbclient/wbclient.h +++ b/source/nsswitch/libwbclient/wbclient.h @@ -42,7 +42,9 @@ enum _wbcErrType { WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ - WBC_ERR_AUTH_ERROR /**< Authentication failed **/ + WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ + WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ + WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */ }; typedef enum _wbcErrType wbcErr; @@ -290,6 +292,15 @@ struct wbcAuthErrorInfo { }; /* + * DomainControllerInfo struct + */ +struct wbcDomainControllerInfo { + char *dc_name; +}; + + + +/* * Memory Management */ @@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain, wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains); +/* Flags for wbcLookupDomainController */ + +#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001 +#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010 +#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020 +#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040 +#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080 +#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100 +#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200 +#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400 +#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800 +#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000 +#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000 +#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000 +#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000 +#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000 +#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000 +#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000 +#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000 +#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 +#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info); /* * Athenticate functions @@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename); + + /* * Resolve functions */ @@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); + #endif /* _WBCLIENT_H */ diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h index 0840e58..301d877 100644 --- a/source/winbindd/winbindd.h +++ b/source/winbindd/winbindd.h @@ -24,6 +24,7 @@ #define _WINBINDD_H #include "nsswitch/winbind_struct_protocol.h" +#include "nsswitch/libwbclient/wbclient.h" #ifdef HAVE_LIBNSCD #include <libnscd.h> diff --git a/source/winbindd/winbindd_locator.c b/source/winbindd/winbindd_locator.c index 709fbcc..b2a8bd7 100644 --- a/source/winbindd/winbindd_locator.c +++ b/source/winbindd/winbindd_locator.c @@ -54,12 +54,54 @@ void winbindd_dsgetdcname(struct winbindd_cli_state *state) sendto_child(state, locator_child()); } +struct wbc_flag_map { + uint32_t wbc_dc_flag; + uint32_t ds_dc_flags; +}; + +static uint32_t get_dsgetdc_flags(uint32_t wbc_flags) +{ + struct wbc_flag_map lookup_dc_flags[] = { + { WBC_LOOKUP_DC_FORCE_REDISCOVERY, DS_FORCE_REDISCOVERY }, + { WBC_LOOKUP_DC_DS_REQUIRED, DS_DIRECTORY_SERVICE_REQUIRED }, + { WBC_LOOKUP_DC_DS_PREFERRED, DS_DIRECTORY_SERVICE_PREFERRED}, + { WBC_LOOKUP_DC_GC_SERVER_REQUIRED, DS_GC_SERVER_REQUIRED }, + { WBC_LOOKUP_DC_PDC_REQUIRED, DS_PDC_REQUIRED}, + { WBC_LOOKUP_DC_BACKGROUND_ONLY, DS_BACKGROUND_ONLY }, + { WBC_LOOKUP_DC_IP_REQUIRED, DS_IP_REQUIRED }, + { WBC_LOOKUP_DC_KDC_REQUIRED, DS_KDC_REQUIRED }, + { WBC_LOOKUP_DC_TIMESERV_REQUIRED, DS_TIMESERV_REQUIRED }, + { WBC_LOOKUP_DC_WRITABLE_REQUIRED, DS_WRITABLE_REQUIRED }, + { WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED, DS_GOOD_TIMESERV_PREFERRED }, + { WBC_LOOKUP_DC_AVOID_SELF, DS_AVOID_SELF }, + { WBC_LOOKUP_DC_ONLY_LDAP_NEEDED, DS_ONLY_LDAP_NEEDED }, + { WBC_LOOKUP_DC_IS_FLAT_NAME, DS_IS_FLAT_NAME }, + { WBC_LOOKUP_DC_IS_DNS_NAME, DS_IS_DNS_NAME }, + { WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE, DS_TRY_NEXTCLOSEST_SITE }, + { WBC_LOOKUP_DC_DS_6_REQUIRED, DS_DIRECTORY_SERVICE_6_REQUIRED }, + { WBC_LOOKUP_DC_RETURN_DNS_NAME, DS_RETURN_DNS_NAME }, + { WBC_LOOKUP_DC_RETURN_FLAT_NAME, DS_RETURN_FLAT_NAME } + }; + uint32_t ds_flags = 0; + int i = 0 ; + int num_entries = sizeof(lookup_dc_flags) / sizeof(struct wbc_flag_map); + + for (i=0; i<num_entries; i++) { + if (wbc_flags & lookup_dc_flags[i].wbc_dc_flag) + ds_flags |= lookup_dc_flags[i].ds_dc_flags; + } + + return ds_flags; +} + + static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain, struct winbindd_cli_state *state) { NTSTATUS result; struct netr_DsRGetDCNameInfo *info = NULL; const char *dc = NULL; + uint32_t ds_flags = 0; state->request.domain_name [sizeof(state->request.domain_name)-1] = '\0'; @@ -67,9 +109,11 @@ static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain, DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid, state->request.domain_name)); + ds_flags = get_dsgetdc_flags(state->request.flags); + result = dsgetdcname(state->mem_ctx, winbind_messaging_context(), state->request.domain_name, - NULL, NULL, state->request.flags, &info); + NULL, NULL, ds_flags, &info); if (!NT_STATUS_IS_OK(result)) { return WINBINDD_ERROR; -- Samba Shared Repository