From 31202ad025bcdeb2585d18dc3f4641b5cf9c0ec4 Mon Sep 17 00:00:00 2001 From: Ivo De Decker Date: Fri, 10 May 2013 13:33:02 +0200 Subject: Imported Upstream version 4.0.0+dfsg1 --- nsswitch/libwbclient/ABI/wbclient-0.10.sigs | 76 ++++++++++++++ nsswitch/libwbclient/ABI/wbclient-0.11.sigs | 76 ++++++++++++++ nsswitch/libwbclient/ABI/wbclient-0.9.sigs | 75 +++++++++++++ nsswitch/libwbclient/tests/wbclient.c | 156 ++++++++++++++++------------ nsswitch/libwbclient/wbc_idmap.c | 8 +- nsswitch/libwbclient/wbc_pam.c | 43 +++++++- nsswitch/libwbclient/wbc_sid.c | 2 +- nsswitch/libwbclient/wbc_util.c | 16 +-- nsswitch/libwbclient/wbclient.h | 65 ++++++++---- nsswitch/libwbclient/wbclient.pc.in | 11 ++ nsswitch/libwbclient/wscript | 45 ++++++++ nsswitch/libwbclient/wscript_build | 8 -- nsswitch/nsstest.c | 10 +- nsswitch/pam_winbind.c | 43 ++++---- nsswitch/tests/test_wbinfo.sh | 6 +- nsswitch/wb_common.c | 20 ++-- nsswitch/wbinfo.c | 28 +++-- nsswitch/winbind_nss_config.h | 8 +- nsswitch/winbind_nss_linux.c | 2 +- nsswitch/winbind_nss_solaris.c | 6 ++ nsswitch/winbind_nss_solaris.h | 1 + nsswitch/winbind_struct_protocol.h | 1 + nsswitch/wins.c | 29 +++--- nsswitch/wscript_build | 85 +++++++++++++-- nsswitch/wscript_configure | 16 +++ 25 files changed, 651 insertions(+), 185 deletions(-) create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.10.sigs create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.11.sigs create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.9.sigs create mode 100644 nsswitch/libwbclient/wbclient.pc.in create mode 100644 nsswitch/libwbclient/wscript delete mode 100644 nsswitch/libwbclient/wscript_build (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/ABI/wbclient-0.10.sigs b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs new file mode 100644 index 0000000000..eda96f467d --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs @@ -0,0 +1,76 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.11.sigs b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs new file mode 100644 index 0000000000..eda96f467d --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs @@ -0,0 +1,76 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.9.sigs b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs new file mode 100644 index 0000000000..ec25e76b9c --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs @@ -0,0 +1,75 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index c6ee531481..cd44d69262 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -28,27 +28,27 @@ #include "lib/util/util_net.h" #include "lib/util/charset/charset.h" #include "libcli/auth/libcli_auth.h" -#include "source4/param/param.h" -#include "lib/util/util.h" +#include "lib/param/param.h" +#include "lib/util/samba_util.h" #include "lib/crypto/arcfour.h" #define WBC_ERROR_EQUAL(x,y) (x == y) -#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt) \ +#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \ do { wbcErr __got = got, __expected = expected; \ if (!WBC_ERROR_EQUAL(__got, __expected)) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", wbcErrorString(__got), wbcErrorString(__expected), cmt); \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \ return false; \ } \ } while (0) -#define torture_assert_wbc_ok(torture_ctx,expr,cmt) \ - torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt) +#define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \ + torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg) static bool test_wbc_ping(struct torture_context *tctx) { torture_assert_wbc_ok(tctx, wbcPing(), - "wbcPing failed"); + "%s", "wbcPing failed"); return true; } @@ -56,9 +56,22 @@ static bool test_wbc_ping(struct torture_context *tctx) static bool test_wbc_pingdc(struct torture_context *tctx) { torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_NOT_IMPLEMENTED, - "wbcPingDc failed"); + "%s", "wbcPingDc failed"); torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL), - "wbcPingDc failed"); + "%s", "wbcPingDc failed"); + + return true; +} + +static bool test_wbc_pingdc2(struct torture_context *tctx) +{ + char *name = NULL; + + torture_assert_wbc_equal(tctx, wbcPingDc2("random_string", NULL, &name), + WBC_ERR_NOT_IMPLEMENTED, "%s", + "wbcPingDc2 failed"); + torture_assert_wbc_ok(tctx, wbcPingDc2(NULL, NULL, &name), "%s", + "wbcPingDc2 failed"); return true; } @@ -68,7 +81,7 @@ static bool test_wbc_library_details(struct torture_context *tctx) struct wbcLibraryDetails *details; torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details), - "wbcLibraryDetails failed"); + "%s", "wbcLibraryDetails failed"); torture_assert(tctx, details, "wbcLibraryDetails returned NULL pointer"); @@ -82,9 +95,9 @@ static bool test_wbc_interface_details(struct torture_context *tctx) struct wbcInterfaceDetails *details; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); torture_assert(tctx, details, - "wbcInterfaceDetails returned NULL pointer"); + "wbcInterfaceDetails returned NULL pointer"); wbcFreeMemory(details); @@ -112,7 +125,7 @@ static bool test_wbc_sidtypestring(struct torture_context *tctx) torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN), "SID_UNKNOWN", "SID_UNKNOWN failed"); torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER), - "SID_COMPUTER", "SID_COMPUTER failed"); + "SID_COMPUTER", "SID_COMPUTER failed"); return true; } @@ -123,9 +136,9 @@ static bool test_wbc_sidtostring(struct torture_context *tctx) char *sid_string2; torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid), - "wbcStringToSid failed"); + "wbcStringToSid of %s failed", sid_string); torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2), - "wbcSidToString failed"); + "wbcSidToString of %s failed", sid_string); torture_assert_str_equal(tctx, sid_string, sid_string2, "sid strings differ"); wbcFreeMemory(sid_string2); @@ -140,11 +153,11 @@ static bool test_wbc_guidtostring(struct torture_context *tctx) char *guid_string2; torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid), - "wbcStringToGuid failed"); + "wbcStringToGuid of %s failed", guid_string); torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2), - "wbcGuidToString failed"); + "wbcGuidToString of %s failed", guid_string); torture_assert_str_equal(tctx, guid_string, guid_string2, - "guid strings differ"); + "guid strings differ"); wbcFreeMemory(guid_string2); return true; @@ -156,10 +169,10 @@ static bool test_wbc_domain_info(struct torture_context *tctx) struct wbcInterfaceDetails *details; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); torture_assert_wbc_ok( tctx, wbcDomainInfo(details->netbios_domain, &info), - "wbcDomainInfo failed"); + "%s", "wbcDomainInfo failed"); wbcFreeMemory(details); torture_assert(tctx, info, @@ -178,13 +191,13 @@ static bool test_wbc_users(struct torture_context *tctx) struct wbcInterfaceDetails *details; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); domain_name = talloc_strdup(tctx, details->netbios_domain); wbcFreeMemory(details); torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users), - "wbcListUsers failed"); + "%s", "wbcListUsers failed"); torture_assert(tctx, !(num_users > 0 && !users), "wbcListUsers returned invalid results"); @@ -194,29 +207,32 @@ static bool test_wbc_users(struct torture_context *tctx) enum wbcSidType name_type; char *domain; char *name; + char *sid_string; uint32_t num_sids; torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type), - "wbcLookupName failed"); + "wbcLookupName of %s failed", users[i]); torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER, - "wbcLookupName expected WBC_SID_NAME_USER"); + "wbcLookupName expected WBC_SID_NAME_USER"); + wbcSidToString(&sid, &sid_string); torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), - "wbcLookupSid failed"); + "wbcLookupSid of %s failed", sid_string); torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER, - "wbcLookupSid expected WBC_SID_NAME_USER"); + "wbcLookupSid of expected WBC_SID_NAME_USER"); torture_assert(tctx, name, "wbcLookupSid returned no name"); wbcFreeMemory(domain); wbcFreeMemory(name); torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids), - "wbcLookupUserSids failed"); + "wbcLookupUserSids of %s failed", sid_string); torture_assert_wbc_ok( tctx, wbcGetDisplayName(&sid, &domain, &name, &name_type), - "wbcGetDisplayName failed"); + "wbcGetDisplayName of %s failed", sid_string); wbcFreeMemory(domain); wbcFreeMemory(name); wbcFreeMemory(sids); + wbcFreeMemory(sid_string); } wbcFreeMemory(users); @@ -232,15 +248,15 @@ static bool test_wbc_groups(struct torture_context *tctx) struct wbcInterfaceDetails *details; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); domain_name = talloc_strdup(tctx, details->netbios_domain); wbcFreeMemory(details); torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups), - "wbcListGroups failed"); + "wbcListGroups in %s failed", domain_name); torture_assert(tctx, !(num_groups > 0 && !groups), - "wbcListGroups returned invalid results"); + "wbcListGroups returned invalid results"); for (i=0; i < MIN(num_groups,100); i++) { @@ -248,11 +264,14 @@ static bool test_wbc_groups(struct torture_context *tctx) enum wbcSidType name_type; char *domain; char *name; + char *sid_string; torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type), - "wbcLookupName failed"); + "wbcLookupName for %s failed", domain_name); + wbcSidToString(&sid, &sid_string); torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), - "wbcLookupSid failed"); + "wbcLookupSid of %s failed", sid_string); + wbcFreeMemory(sid_string); torture_assert(tctx, name, "wbcLookupSid returned no name"); } @@ -268,7 +287,7 @@ static bool test_wbc_trusts(struct torture_context *tctx) int i; torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains), - "wbcListTrusts failed"); + "%s", "wbcListTrusts failed"); torture_assert(tctx, !(num_domains > 0 && !domains), "wbcListTrusts returned invalid results"); @@ -282,7 +301,7 @@ static bool test_wbc_trusts(struct torture_context *tctx) char *name; */ torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error), - "wbcCheckTrustCredentials failed"); + "%s", "wbcCheckTrustCredentials failed"); /* torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type), "wbcLookupName failed"); @@ -308,13 +327,13 @@ static bool test_wbc_lookupdc(struct torture_context *tctx) struct wbcDomainControllerInfo *dc_info; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); domain_name = talloc_strdup(tctx, details->netbios_domain); wbcFreeMemory(details); torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info), - "wbcLookupDomainController failed"); + "wbcLookupDomainController for %s failed", domain_name); wbcFreeMemory(dc_info); return true; @@ -327,13 +346,13 @@ static bool test_wbc_lookupdcex(struct torture_context *tctx) struct wbcDomainControllerInfoEx *dc_info; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); domain_name = talloc_strdup(tctx, details->netbios_domain); wbcFreeMemory(details); torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info), - "wbcLookupDomainControllerEx failed"); + "wbcLookupDomainControllerEx for %s failed", domain_name); wbcFreeMemory(dc_info); return true; @@ -350,9 +369,9 @@ static bool test_wbc_resolve_winsbyname(struct torture_context *tctx) ret = wbcResolveWinsByName(name, &ip); if (is_ipaddress(name)) { - torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName failed"); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name); } else { - torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName failed"); + torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name); } return true; @@ -368,7 +387,7 @@ static bool test_wbc_resolve_winsbyip(struct torture_context *tctx) ret = wbcResolveWinsByIP(ip, &name); - torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP failed"); + torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip); wbcFreeMemory(name); @@ -387,7 +406,7 @@ static bool test_wbc_lookup_rids(struct torture_context *tctx) ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names, &types); - torture_assert_wbc_ok(tctx, ret, "wbcLookupRids failed"); + torture_assert_wbc_ok(tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed"); torture_assert_str_equal( tctx, names[0], "Administrators", @@ -395,7 +414,7 @@ static bool test_wbc_lookup_rids(struct torture_context *tctx) torture_assert_str_equal( tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'"); - wbcFreeMemory((char *)domain_name); + wbcFreeMemory(discard_const_p(char ,domain_name)); wbcFreeMemory(names); wbcFreeMemory(types); @@ -413,10 +432,10 @@ static bool test_wbc_get_sidaliases(struct torture_context *tctx) wbcErr ret; torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); torture_assert_wbc_ok( tctx, wbcDomainInfo(details->netbios_domain, &info), - "wbcDomainInfo failed"); + "wbcDomainInfo of %s failed", details->netbios_domain); wbcFreeMemory(details); sids[0] = info->sid; @@ -427,10 +446,10 @@ static bool test_wbc_get_sidaliases(struct torture_context *tctx) torture_assert_wbc_ok( tctx, wbcStringToSid("S-1-5-32", &builtin), - "wbcStringToSid failed"); + "wbcStringToSid of %s failed", "S-1-5-32"); ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids); - torture_assert_wbc_ok(tctx, ret, "wbcGetSidAliases failed"); + torture_assert_wbc_ok(tctx, ret, "%s", "wbcGetSidAliases failed"); wbcFreeMemory(rids); @@ -447,7 +466,7 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx, ret = wbcAuthenticateUser(getenv("USERNAME"), correct_password); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAuthenticateUser failed"); + "wbcAuthenticateUser of %s failed", getenv("USERNAME")); ZERO_STRUCT(params); params.account_name = getenv("USERNAME"); @@ -456,7 +475,7 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx, ret = wbcAuthenticateUserEx(¶ms, &info, &error); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAuthenticateUserEx failed"); + "wbcAuthenticateUserEx of %s failed", params.account_name); wbcFreeMemory(info); info = NULL; @@ -466,8 +485,8 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx, params.password.plaintext = "wrong"; ret = wbcAuthenticateUserEx(¶ms, &info, &error); torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, - "wbcAuthenticateUserEx succeeded where it " - "should have failed"); + "wbcAuthenticateUserEx for %s succeeded where it " + "should have failed", params.account_name); wbcFreeMemory(info); info = NULL; @@ -555,7 +574,7 @@ static bool test_wbc_change_password(struct torture_context *tctx) ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcChangeUserPassword failed"); + "wbcChangeUserPassword for %s failed", params.account_name); if (!test_wbc_authenticate_user_int(tctx, "Koo8irei")) { return false; @@ -564,7 +583,7 @@ static bool test_wbc_change_password(struct torture_context *tctx) ret = wbcChangeUserPassword(getenv("USERNAME"), "Koo8irei", getenv("PASSWORD")); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcChangeUserPassword failed"); + "wbcChangeUserPassword for %s failed", params.account_name); return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD")); } @@ -585,7 +604,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx) ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM, - "wbcLogonUser succeeded where it should " + "%s", "wbcLogonUser succeeded for NULL where it should " "have failed"); params.username = getenv("USERNAME"); @@ -594,11 +613,11 @@ static bool test_wbc_logon_user(struct torture_context *tctx) ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, "foo", 0, discard_const_p(uint8_t, "bar"), 4); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAddNamedBlob failed"); + "%s", "wbcAddNamedBlob failed"); ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcLogonUser failed"); + "wbcLogonUser for %s failed", params.username); wbcFreeMemory(info); info = NULL; wbcFreeMemory(error); error = NULL; wbcFreeMemory(policy); policy = NULL; @@ -607,8 +626,8 @@ static bool test_wbc_logon_user(struct torture_context *tctx) ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, - "wbcLogonUser should have failed with " - "WBC_ERR_AUTH_ERROR"); + "wbcLogonUser for %s should have failed with " + "WBC_ERR_AUTH_ERROR", params.username); wbcFreeMemory(info); info = NULL; wbcFreeMemory(error); error = NULL; wbcFreeMemory(policy); policy = NULL; @@ -618,12 +637,12 @@ static bool test_wbc_logon_user(struct torture_context *tctx) discard_const_p(uint8_t, "S-1-2-3-4"), strlen("S-1-2-3-4")+1); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAddNamedBlob failed"); + "%s", "wbcAddNamedBlob failed"); params.password = getenv("PASSWORD"); ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, - "wbcLogonUser should have failed with " - "WBC_ERR_AUTH_ERROR"); + "wbcLogonUser for %s should have failed with " + "WBC_ERR_AUTH_ERROR", params.username); wbcFreeMemory(info); info = NULL; wbcFreeMemory(error); error = NULL; wbcFreeMemory(policy); policy = NULL; @@ -632,28 +651,28 @@ static bool test_wbc_logon_user(struct torture_context *tctx) ret = wbcInterfaceDetails(&iface); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcInterfaceDetails failed"); + "%s", "wbcInterfaceDetails failed"); ret = wbcLookupName(iface->netbios_domain, getenv("USERNAME"), &sid, &sidtype); wbcFreeMemory(iface); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcLookupName failed"); + "wbcLookupName for %s failed", getenv("USERNAME")); ret = wbcSidToString(&sid, &sidstr); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcSidToString failed"); + "%s", "wbcSidToString failed"); ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, "membership_of", 0, (uint8_t *)sidstr, strlen(sidstr)+1); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAddNamedBlob failed"); + "%s", "wbcAddNamedBlob failed"); wbcFreeMemory(sidstr); params.password = getenv("PASSWORD"); ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcLogonUser failed"); + "wbcLogonUser for %s failed", params.username); wbcFreeMemory(info); info = NULL; wbcFreeMemory(error); error = NULL; wbcFreeMemory(policy); policy = NULL; @@ -671,7 +690,7 @@ static bool test_wbc_getgroups(struct torture_context *tctx) ret = wbcGetGroups(getenv("USERNAME"), &num_groups, &groups); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcGetGroups failed"); + "wbcGetGroups for %s failed", getenv("USERNAME")); wbcFreeMemory(groups); return true; } @@ -682,6 +701,7 @@ struct torture_suite *torture_wbclient(void) torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping); torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc); + torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc); torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details); torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details); torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring); diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c index ad3cfe6770..04e7d02995 100644 --- a/nsswitch/libwbclient/wbc_idmap.c +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -370,12 +370,16 @@ wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids, id->type = WBC_ID_TYPE_GID; id->id.gid = strtoul(p+1, &q, 10); break; + case 'B': + id->type = WBC_ID_TYPE_BOTH; + id->id.uid = strtoul(p+1, &q, 10); + break; default: id->type = WBC_ID_TYPE_NOT_SPECIFIED; - q = p; + q = strchr(p, '\n'); break; }; - if (q[0] != '\n') { + if (q == NULL || q[0] != '\n') { goto wbc_err_invalid; } p = q+1; diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 21f2c5d050..f183cc61b1 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -23,6 +23,7 @@ /* Required Headers */ +#define UID_WRAPPER_NOT_REPLACE #include "replace.h" #include "libwbclient.h" #include "../winbind_client.h" @@ -363,7 +364,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, BAIL_ON_WBC_ERROR(wbc_status); } - if (!params->account_name) { + if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) { wbc_status = WBC_ERR_INVALID_PARAM; BAIL_ON_WBC_ERROR(wbc_status); } @@ -490,6 +491,20 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.nt_resp_len); } break; + + case WBC_AUTH_USER_LEVEL_PAC: + cmd = WINBINDD_PAM_AUTH_CRAP; + request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT; + request.extra_data.data = malloc(params->password.pac.length); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, params->password.pac.data, + params->password.pac.length); + request.extra_len = params->password.pac.length; + break; + default: break; } @@ -610,6 +625,16 @@ wbcErr wbcChangeTrustCredentials(const char *domain, * wbcCheckTrustCredentials */ wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error) +{ + return wbcPingDc2(domain, error, NULL); +} + +/* + * Trigger a no-op NETLOGON call. Lightweight version of + * wbcCheckTrustCredentials, optionally return attempted DC + */ +wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error, + char **dcname) { struct winbindd_request request; struct winbindd_response response; @@ -632,6 +657,17 @@ wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error) wbc_status = wbcRequestResponse(WINBINDD_PING_DC, &request, &response); + + if (dcname && response.extra_data.data) { + size_t len; + + len = response.length - sizeof(struct winbindd_response); + *dcname = wbcAllocateMemory(1, len, NULL); + BAIL_ON_PTR_ERROR(*dcname, wbc_status); + + strlcpy(*dcname, response.extra_data.data, len); + } + if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(&response, @@ -1160,9 +1196,8 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, ZERO_STRUCT(request); ZERO_STRUCT(response); - if (info != NULL) { - *info = NULL; - } + *info = NULL; + if (error != NULL) { *error = NULL; } diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index 6df8a3c375..bab6933108 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -295,7 +295,7 @@ static void wbcTranslatedNamesDestructor(void *ptr) struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr; while (n->name != NULL) { - free(n->name); + wbcFreeMemory(n->name); n += 1; } } diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c index d783ba36d8..af134ba7e5 100644 --- a/nsswitch/libwbclient/wbc_util.c +++ b/nsswitch/libwbclient/wbc_util.c @@ -623,13 +623,13 @@ static void wbcDomainControllerInfoExDestructor(void *ptr) { struct wbcDomainControllerInfoEx *i = (struct wbcDomainControllerInfoEx *)ptr; - free((char *)(i->dc_unc)); - free((char *)(i->dc_address)); - free((char *)(i->domain_guid)); - free((char *)(i->domain_name)); - free((char *)(i->forest_name)); - free((char *)(i->dc_site_name)); - free((char *)(i->client_site_name)); + free(discard_const_p(char, i->dc_unc)); + free(discard_const_p(char, i->dc_address)); + free(discard_const_p(char, i->domain_guid)); + free(discard_const_p(char, i->domain_name)); + free(discard_const_p(char, i->forest_name)); + free(discard_const_p(char, i->dc_site_name)); + free(discard_const_p(char, i->client_site_name)); } static wbcErr wbc_create_domain_controller_info_ex(const struct winbindd_response *resp, @@ -758,7 +758,7 @@ static void wbcNamedBlobDestructor(void *ptr) struct wbcNamedBlob *b = (struct wbcNamedBlob *)ptr; while (b->name != NULL) { - free((char *)(b->name)); + free(discard_const_p(char, b->name)); free(b->blob.data); b += 1; } diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index c5f3b77ed8..a72d09e1d3 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -68,9 +68,12 @@ const char *wbcErrorString(wbcErr error); * 0.6: Made struct wbcInterfaceDetails char* members non-const * 0.7: Added wbcSidToStringBuf() * 0.8: Added wbcSidsToUnixIds() and wbcLookupSids() + * 0.9: Added support for WBC_ID_TYPE_BOTH + * 0.10: Added wbcPingDc2() + * 0.11: Extended wbcAuthenticateUserEx to provide PAC parsing **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 8 +#define WBCLIENT_MINOR_VERSION 11 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; @@ -194,6 +197,25 @@ struct wbcDomainInfo { #define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002 #define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003 +/** + * @brief Generic Blob + **/ + +struct wbcBlob { + uint8_t *data; + size_t length; +}; + +/** + * @brief Named Blob + **/ + +struct wbcNamedBlob { + const char *name; + uint32_t flags; + struct wbcBlob blob; +}; + /** * @brief Auth User Parameters **/ @@ -210,7 +232,8 @@ struct wbcAuthUserParams { enum wbcAuthUserLevel { WBC_AUTH_USER_LEVEL_PLAIN = 1, WBC_AUTH_USER_LEVEL_HASH = 2, - WBC_AUTH_USER_LEVEL_RESPONSE = 3 + WBC_AUTH_USER_LEVEL_RESPONSE = 3, + WBC_AUTH_USER_LEVEL_PAC = 4 } level; union { const char *plaintext; @@ -225,28 +248,10 @@ struct wbcAuthUserParams { uint32_t lm_length; uint8_t *lm_data; } response; + struct wbcBlob pac; } password; }; -/** - * @brief Generic Blob - **/ - -struct wbcBlob { - uint8_t *data; - size_t length; -}; - -/** - * @brief Named Blob - **/ - -struct wbcNamedBlob { - const char *name; - uint32_t flags; - struct wbcBlob blob; -}; - /** * @brief Logon User Parameters **/ @@ -796,7 +801,8 @@ wbcErr wbcQueryGidToSid(gid_t gid, enum wbcIdType { WBC_ID_TYPE_NOT_SPECIFIED, WBC_ID_TYPE_UID, - WBC_ID_TYPE_GID + WBC_ID_TYPE_GID, + WBC_ID_TYPE_BOTH }; union wbcUnixIdContainer { @@ -1325,6 +1331,21 @@ wbcErr wbcChangeTrustCredentials(const char *domain, **/ wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error); +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * @param dcname DC that was attempted to ping + * + * @return #wbcErr + **/ +wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error, + char **dcname); + /********************************************************** * Helper functions **********************************************************/ diff --git a/nsswitch/libwbclient/wbclient.pc.in b/nsswitch/libwbclient/wbclient.pc.in new file mode 100644 index 0000000000..c7b199b4c0 --- /dev/null +++ b/nsswitch/libwbclient/wbclient.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +modulesdir=${prefix}/modules/gensec + +Name: wbclient +Description: Winbind client +Version: @PACKAGE_VERSION@ +Libs: @LIB_RPATH@ -L${libdir} -lwbclient +Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript new file mode 100644 index 0000000000..9c4da16720 --- /dev/null +++ b/nsswitch/libwbclient/wscript @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +import Options, Logs + +# Remember to also update wbclient.h +VERSION="0.11" + +# It may be useful at some point to allow Samba to build against a +# system libwbclient, such as the one provided by Likewise. To to +# this, not only must the check below be activated but this must only +# be activated with an off-by-default option to disable the internal +# build of both winbindd implementations, and all the internal +# references to libwbclient.h will need to be fixed to point at the +# system libwbclient. Finally, as a system libwbclient would probably +# not use the same version scheme as Samba, so this would need to +# reference Likewise version numbers instead. +# +#def configure(conf): +# if conf.CHECK_BUNDLED_SYSTEM_PKG('wbclient', minversion=VERSION): +# conf.define('USING_SYSTEM_LIBWBCLIENT', 1) +# + +def build(bld): +# if bld.CONFIG_SET('USING_SYSTEM_LIBWBCLIENT'): +# Logs.info("\tSelected system libwbclient build") +# return +# +# Logs.info("\tSelected embedded libwbclient build") + + abi_match = 'wbc*' + bld.SAMBA_LIBRARY('wbclient', + source=''' + wbc_guid.c + wbc_idmap.c + wbclient.c + wbc_pam.c + wbc_pwd.c + wbc_sid.c + wbc_util.c''', + deps='winbind-client', + pc_files='wbclient.pc', + public_headers='wbclient.h', + abi_directory='ABI', + abi_match=abi_match, + vnum=VERSION) diff --git a/nsswitch/libwbclient/wscript_build b/nsswitch/libwbclient/wscript_build deleted file mode 100644 index d9255159d0..0000000000 --- a/nsswitch/libwbclient/wscript_build +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env python - -bld.SAMBA_LIBRARY('wbclient', - source='wbc_guid.c wbc_idmap.c wbclient.c wbc_pam.c wbc_pwd.c wbc_sid.c wbc_util.c', - deps='winbind-client', - public_headers='wbclient.h', - vnum='0' - ) diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c index d84e028513..39d03424fa 100644 --- a/nsswitch/nsstest.c +++ b/nsswitch/nsstest.c @@ -370,7 +370,7 @@ static void nss_test_initgroups(char *name, gid_t gid) int i; NSS_STATUS status; - groups = (gid_t *)malloc(size); + groups = (gid_t *)malloc(sizeof(gid_t) * size); groups[0] = gid; status = nss_initgroups(name, gid, &groups, &start, &size); @@ -451,25 +451,25 @@ static void nss_test_errors(void) pwd = getpwnam("nosuchname"); if (pwd || last_error != NSS_STATUS_NOTFOUND) { total_errors++; - printf("ERROR Non existant user gave error %d\n", last_error); + printf("ERROR Non existent user gave error %d\n", last_error); } pwd = getpwuid(0xFFF0); if (pwd || last_error != NSS_STATUS_NOTFOUND) { total_errors++; - printf("ERROR Non existant uid gave error %d\n", last_error); + printf("ERROR Non existent uid gave error %d\n", last_error); } grp = getgrnam("nosuchgroup"); if (grp || last_error != NSS_STATUS_NOTFOUND) { total_errors++; - printf("ERROR Non existant group gave error %d\n", last_error); + printf("ERROR Non existent group gave error %d\n", last_error); } grp = getgrgid(0xFFF0); if (grp || last_error != NSS_STATUS_NOTFOUND) { total_errors++; - printf("ERROR Non existant gid gave error %d\n", last_error); + printf("ERROR Non existent gid gave error %d\n", last_error); } } diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index d1264943a7..29d6f7c7bc 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -10,9 +10,9 @@ (see copyright below for full details) */ -#include "pam_winbind.h" -#define CONST_DISCARD(type,ptr) ((type)(void *)ptr) +#define UID_WRAPPER_NOT_REPLACE +#include "pam_winbind.h" static int wbc_error_to_pam_error(wbcErr status) { @@ -412,51 +412,51 @@ static int _pam_parse(const pam_handle_t *pamh, config_file = PAM_WINBIND_CONFIG_FILE; } - d = iniparser_load(CONST_DISCARD(char *, config_file)); + d = iniparser_load(discard_const_p(char, config_file)); if (d == NULL) { goto config_from_pam; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:debug"), false)) { ctrl |= WINBIND_DEBUG_ARG; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug_state"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:debug_state"), false)) { ctrl |= WINBIND_DEBUG_STATE; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:cached_login"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:cached_login"), false)) { ctrl |= WINBIND_CACHED_LOGIN; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:krb5_auth"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:krb5_auth"), false)) { ctrl |= WINBIND_KRB5_AUTH; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:silent"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:silent"), false)) { ctrl |= WINBIND_SILENT; } - if (iniparser_getstring(d, CONST_DISCARD(char *, "global:krb5_ccache_type"), NULL) != NULL) { + if (iniparser_getstring(d, discard_const_p(char, "global:krb5_ccache_type"), NULL) != NULL) { ctrl |= WINBIND_KRB5_CCACHE_TYPE; } - if ((iniparser_getstring(d, CONST_DISCARD(char *, "global:require-membership-of"), NULL) + if ((iniparser_getstring(d, discard_const_p(char, "global:require-membership-of"), NULL) != NULL) || - (iniparser_getstring(d, CONST_DISCARD(char *, "global:require_membership_of"), NULL) + (iniparser_getstring(d, discard_const_p(char, "global:require_membership_of"), NULL) != NULL)) { ctrl |= WINBIND_REQUIRED_MEMBERSHIP; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:try_first_pass"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:try_first_pass"), false)) { ctrl |= WINBIND_TRY_FIRST_PASS_ARG; } - if (iniparser_getint(d, CONST_DISCARD(char *, "global:warn_pwd_expire"), 0)) { + if (iniparser_getint(d, discard_const_p(char, "global:warn_pwd_expire"), 0)) { ctrl |= WINBIND_WARN_PWD_EXPIRE; } - if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:mkhomedir"), false)) { + if (iniparser_getboolean(d, discard_const_p(char, "global:mkhomedir"), false)) { ctrl |= WINBIND_MKHOMEDIR; } @@ -538,7 +538,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, textdomain_init(); #endif - r = TALLOC_ZERO_P(NULL, struct pwb_context); + r = talloc_zero(NULL, struct pwb_context); if (!r) { return PAM_BUF_ERR; } @@ -1214,7 +1214,7 @@ out: static void _pam_setup_krb5_env(struct pwb_context *ctx, struct wbcLogonUserInfo *info) { - char var[PATH_MAX]; + char *var = NULL; int ret; uint32_t i; const char *krb5ccname = NULL; @@ -1241,7 +1241,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx, _pam_log_debug(ctx, LOG_DEBUG, "request returned KRB5CCNAME: %s", krb5ccname); - if (snprintf(var, sizeof(var), "KRB5CCNAME=%s", krb5ccname) == -1) { + if (asprintf(&var, "KRB5CCNAME=%s", krb5ccname) == -1) { return; } @@ -1251,6 +1251,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx, "failed to set KRB5CCNAME to %s: %s", var, pam_strerror(ctx->pamh, ret)); } + free(var); } /** @@ -1764,7 +1765,7 @@ static int winbind_auth_request(struct pwb_context *ctx, &logon.blobs, "krb5_cc_type", 0, - (uint8_t *)cctype, + discard_const_p(uint8_t, cctype), strlen(cctype)+1); if (!WBC_ERROR_IS_OK(wbc_status)) { goto done; @@ -1945,7 +1946,7 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, } params.account_name = user; - params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.level = WBC_CHANGE_PASSWORD_LEVEL_PLAIN; params.old_password.plaintext = oldpass; params.new_password.plaintext = newpass; params.flags = flags; @@ -2448,7 +2449,7 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, return NULL; } - return talloc_asprintf(ctx, "%s%c%s", domain, sep, name); + return talloc_asprintf(ctx, "%s\\%s", domain, name); } static int _pam_delete_cred(pam_handle_t *pamh, int flags, @@ -2517,7 +2518,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, &logoff.blobs, "ccfilename", 0, - (uint8_t *)ccname, + discard_const_p(uint8_t, ccname), strlen(ccname)+1); if (!WBC_ERROR_IS_OK(wbc_status)) { goto out; diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh index b344f718c5..461d7801c2 100755 --- a/nsswitch/tests/test_wbinfo.sh +++ b/nsswitch/tests/test_wbinfo.sh @@ -14,8 +14,8 @@ TARGET=$4 shift 4 failed=0 -samba4bindir="$BUILDDIR/bin" -wbinfo="$VALGRIND $samba4bindir/wbinfo$EXEEXT" +samba4bindir="$BINDIR" +wbinfo="$VALGRIND $samba4bindir/wbinfo" . `dirname $0`/../../testprogs/blackbox/subunit.sh @@ -185,6 +185,8 @@ else failed=`expr $failed + 1` fi +testfail "wbinfo --group-info against $TARGET with $USERNAME" $wbinfo --group-info $USERNAME && failed=`expr $failed + 1` + gid=`echo $rawgid | sed 's/.*:\([0-9][0-9]*\):/\1/'` testit "wbinfo --gid-info against $TARGET" $wbinfo --gid-info $gid || failed=`expr $failed + 1` diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c index dcfc8a5156..c56a76f826 100644 --- a/nsswitch/wb_common.c +++ b/nsswitch/wb_common.c @@ -22,6 +22,8 @@ along with this program. If not, see . */ +#define UID_WRAPPER_NOT_REPLACE + #include "replace.h" #include "system/select.h" #include "winbind_client.h" @@ -369,13 +371,14 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) static int winbind_write_sock(void *buffer, int count, int recursing, int need_priv) { - int result, nwritten; + int fd, result, nwritten; /* Open connection to winbind daemon */ restart: - if (winbind_open_pipe_sock(recursing, need_priv) == -1) { + fd = winbind_open_pipe_sock(recursing, need_priv); + if (fd == -1) { errno = ENOENT; return -1; } @@ -391,7 +394,7 @@ static int winbind_write_sock(void *buffer, int count, int recursing, /* Catch pipe close on other end by checking if a read() call would not block by calling poll(). */ - pfd.fd = winbindd_fd; + pfd.fd = fd; pfd.events = POLLIN|POLLHUP; ret = poll(&pfd, 1, 0); @@ -412,8 +415,7 @@ static int winbind_write_sock(void *buffer, int count, int recursing, /* Do the write */ - result = write(winbindd_fd, - (char *)buffer + nwritten, + result = write(fd, (char *)buffer + nwritten, count - nwritten); if ((result == -1) || (result == 0)) { @@ -434,10 +436,12 @@ static int winbind_write_sock(void *buffer, int count, int recursing, static int winbind_read_sock(void *buffer, int count) { + int fd; int nread = 0; int total_time = 0; - if (winbindd_fd == -1) { + fd = winbind_open_pipe_sock(false, false); + if (fd == -1) { return -1; } @@ -449,7 +453,7 @@ static int winbind_read_sock(void *buffer, int count) /* Catch pipe close on other end by checking if a read() call would not block by calling poll(). */ - pfd.fd = winbindd_fd; + pfd.fd = fd; pfd.events = POLLIN|POLLHUP; /* Wait for 5 seconds for a reply. May need to parameterise this... */ @@ -475,7 +479,7 @@ static int winbind_read_sock(void *buffer, int count) /* Do the Read */ - int result = read(winbindd_fd, (char *)buffer + nread, + int result = read(fd, (char *)buffer + nread, count - nread); if ((result == -1) || (result == 0)) { diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 9d25f59b8c..aee4004e57 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -22,13 +22,14 @@ */ #include "includes.h" -#include "popt_common.h" #include "winbind_client.h" #include "libwbclient/wbclient.h" #include "lib/popt/popt.h" #include "../libcli/auth/libcli_auth.h" #if (_SAMBA_BUILD_) >= 4 #include "lib/cmdline/popt_common.h" +#else +#include "popt_common.h" #endif #ifdef DBGC_CLASS @@ -134,7 +135,6 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, fstrcpy(user, p+1); fstrcpy(domain, domuser); domain[PTR_DIFF(p, domuser)] = 0; - strupper_m(domain); return true; } @@ -519,7 +519,7 @@ static bool wbinfo_list_domains(bool list_all_domains, bool verbose) } if (print_all) { - d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n", + d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n", "Domain Name", "DNS Domain", "Trust Type", "Transitive", "In", "Out"); } @@ -533,7 +533,7 @@ static bool wbinfo_list_domains(bool list_all_domains, bool verbose) continue; } - d_printf("%-24s", domain_list[i].dns_name); + d_printf("%-65s", domain_list[i].dns_name); switch(domain_list[i].trust_type) { case WBC_DOMINFO_TRUSTTYPE_NONE: @@ -831,16 +831,19 @@ static bool wbinfo_ping_dc(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcAuthErrorInfo *error = NULL; + char *dcname = NULL; - wbc_status = wbcPingDc(NULL, &error); + wbc_status = wbcPingDc2(NULL, &error, &dcname); - d_printf("checking the NETLOGON dc connection %s\n", + d_printf("checking the NETLOGON dc connection to \"%s\" %s\n", + dcname ? dcname : "", WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); if (wbc_status == WBC_ERR_AUTH_ERROR) { d_fprintf(stderr, "error code was %s (0x%x)\n", error->nt_string, error->nt_status); wbcFreeMemory(error); + return false; } if (!WBC_ERROR_IS_OK(wbc_status)) { d_fprintf(stderr, "failed to call wbcPingDc: %s\n", @@ -1019,6 +1022,9 @@ static bool wbinfo_sids_to_unix_ids(const char *arg) case WBC_ID_TYPE_GID: d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid); break; + case WBC_ID_TYPE_BOTH: + d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid); + break; default: d_printf("%s -> unmapped\n", sidstr); break; @@ -1386,6 +1392,8 @@ static bool wbinfo_lookup_sids(const char *arg) domains[names[i].domain_index].short_name, names[i].name, names[i].type); } + wbcFreeMemory(names); + wbcFreeMemory(domains); return true; } @@ -1728,7 +1736,7 @@ static bool wbinfo_pam_logon(char *username) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcLogonUserParams params; - struct wbcAuthErrorInfo *error = NULL; + struct wbcAuthErrorInfo *error; char *s = NULL; char *p = NULL; TALLOC_CTX *frame = talloc_tos(); @@ -1779,15 +1787,16 @@ static bool wbinfo_pam_logon(char *username) d_printf("plaintext password authentication %s\n", WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); - if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) { + if (!WBC_ERROR_IS_OK(wbc_status)) { d_fprintf(stderr, "error code was %s (0x%x)\nerror message was: %s\n", error->nt_string, (int)error->nt_status, error->display_string); wbcFreeMemory(error); + return false; } - return WBC_ERROR_IS_OK(wbc_status); + return true; } /* Save creds with winbind */ @@ -2365,7 +2374,6 @@ int main(int argc, char **argv, char **envp) break; case 'P': if (!wbinfo_ping_dc()) { - d_fprintf(stderr, "Could not ping our DC\n"); goto done; } break; diff --git a/nsswitch/winbind_nss_config.h b/nsswitch/winbind_nss_config.h index 3e2ce68252..e1ad3f6463 100644 --- a/nsswitch/winbind_nss_config.h +++ b/nsswitch/winbind_nss_config.h @@ -54,7 +54,13 @@ #ifndef FSTRING_LEN #define FSTRING_LEN 256 typedef char fstring[FSTRING_LEN]; -#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#ifndef fstrcpy +#define fstrcpy(d,s) \ +do { \ + const char *_fstrcpy_src = (const char *)(s); \ + strlcpy((d),_fstrcpy_src ? _fstrcpy_src : "",sizeof(fstring)); \ +} while (0) +#endif #endif /* Some systems (SCO) treat UNIX domain sockets as FIFOs */ diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index 7b16752043..8d66a740a6 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -322,7 +322,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr, /* Group membership */ - if ((gr->num_gr_mem < 0) || !gr_mem) { + if (!gr_mem) { gr->num_gr_mem = 0; } diff --git a/nsswitch/winbind_nss_solaris.c b/nsswitch/winbind_nss_solaris.c index 5fb37643ce..92da8591b7 100644 --- a/nsswitch/winbind_nss_solaris.c +++ b/nsswitch/winbind_nss_solaris.c @@ -26,6 +26,7 @@ #undef DEVELOPER + #include "winbind_client.h" #include #include @@ -34,6 +35,7 @@ #include #include "includes.h" #include + #if !defined(HPUX) #include #endif /*hpux*/ @@ -48,6 +50,10 @@ #define NSS_DEBUG(str) ; #endif +#if !defined(SMB_MALLOC_P) +#define SMB_MALLOC_P(type) (type *)malloc(sizeof(type)) +#endif + #define NSS_ARGS(args) ((nss_XbyY_args_t *)args) #ifdef HPUX diff --git a/nsswitch/winbind_nss_solaris.h b/nsswitch/winbind_nss_solaris.h index 011330576d..f0cc099cf2 100644 --- a/nsswitch/winbind_nss_solaris.h +++ b/nsswitch/winbind_nss_solaris.h @@ -25,6 +25,7 @@ #include #include #include +#include "system/passwd.h" typedef nss_status_t NSS_STATUS; diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index e5ed8e1b3a..c1704c8e0b 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -218,6 +218,7 @@ typedef struct winbindd_gr { #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000 #define WBFLAG_PAM_CACHED_LOGIN 0x00004000 #define WBFLAG_PAM_GET_PWD_POLICY 0x00008000 +#define WBFLAG_PAM_AUTH_PAC 0x00010000 /* generic request flags */ #define WBFLAG_QUERY_ONLY 0x00000020 /* not used */ diff --git a/nsswitch/wins.c b/nsswitch/wins.c index f5fd7a775e..d63968b2bc 100644 --- a/nsswitch/wins.c +++ b/nsswitch/wins.c @@ -59,8 +59,10 @@ static void nss_wins_init(void) static struct in_addr *lookup_byname_backend(const char *name, int *count) { - struct ip_service *address = NULL; + TALLOC_CTX *frame = talloc_stackframe(); + struct sockaddr_storage *address = NULL; struct in_addr *ret = NULL; + NTSTATUS status; int j; if (!initialised) { @@ -70,19 +72,21 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) *count = 0; /* always try with wins first */ - if (NT_STATUS_IS_OK(resolve_wins(name,0x00,&address,count))) { + status = resolve_wins(name, 0x00, talloc_tos(), + &address, count); + if (NT_STATUS_IS_OK(status)) { if ( (ret = SMB_MALLOC_P(struct in_addr)) == NULL ) { - free( address ); + TALLOC_FREE(frame); return NULL; } - if (address[0].ss.ss_family != AF_INET) { - free(address); + if (address[0].ss_family != AF_INET) { free(ret); + TALLOC_FREE(frame); return NULL; } - *ret = ((struct sockaddr_in *)(void *)&address[0].ss) + *ret = ((struct sockaddr_in *)(void *)address) ->sin_addr; - free( address ); + TALLOC_FREE(frame); return ret; } @@ -91,24 +95,23 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) const struct in_addr *bcast = iface_n_bcast_v4(j); struct sockaddr_storage ss; struct sockaddr_storage *pss; - NTSTATUS status; if (!bcast) { continue; } in_addr_to_sockaddr_storage(&ss, *bcast); status = name_query(name, 0x00, True, True, &ss, - NULL, &pss, count, NULL); + talloc_tos(), &pss, count, NULL); if (NT_STATUS_IS_OK(status) && (*count > 0)) { if ((ret = SMB_MALLOC_P(struct in_addr)) == NULL) { + TALLOC_FREE(frame); return NULL; } *ret = ((struct sockaddr_in *)pss)->sin_addr; - TALLOC_FREE(pss); break; } } - + TALLOC_FREE(frame); return ret; } @@ -180,7 +183,7 @@ int lookup(nsd_file_t *rq) * response needs to be a string of the following format * ip_address[ ip_address]*\tname[ alias]* */ - if (StrCaseCmp(map,"hosts.byaddr") == 0) { + if (strcasecmp_m(map,"hosts.byaddr") == 0) { if ( status = lookup_byaddr_backend(key, &count)) { size = strlen(key) + 1; if (size > len) { @@ -208,7 +211,7 @@ int lookup(nsd_file_t *rq) response[strlen(response)-1] = '\n'; talloc_free(status); } - } else if (StrCaseCmp(map,"hosts.byname") == 0) { + } else if (strcasecmp_m(map,"hosts.byname") == 0) { if (ip_list = lookup_byname_backend(key, &count)) { for (i = count; i ; i--) { addr = inet_ntoa(ip_list[i-1]); diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 83b10a7969..1efee55497 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -1,4 +1,7 @@ #!/usr/bin/env python +import Utils +import sys +host_os = sys.platform bld.SAMBA_LIBRARY('winbind-client', source='wb_common.c', @@ -9,33 +12,93 @@ bld.SAMBA_LIBRARY('winbind-client', bld.SAMBA_BINARY('nsstest', - source='nsstest.c', - deps='replace dl' - ) + source='nsstest.c', + deps='replace dl', + install=False + ) + +# The nss_wrapper code relies strictly on the linux implementation and +# name, so compile but do not install a copy under this name. +bld.SAMBA_LIBRARY('nss_wrapper_winbind', + source='winbind_nss_linux.c', + deps='winbind-client', + realname='libnss_wrapper_winbind.so.2', + install=False, + vnum='2') + +# FIXME: original was *linux* | gnu* | k*bsd*-gnu | kopensolaris*-gnu) +# the search for .rfind('gnu') covers gnu* and *-gnu is that too broad? +if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)): + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c', + deps='winbind-client', + realname='libnss_winbind.so.2', + soname='libnss_winbind.so', + vnum='2') +elif (host_os.rfind('freebsd') > -1): + # FreeBSD winbind client is implemented as a wrapper around + # the Linux version. + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c winbind_nss_freebsd.c', + deps='winbind-client', + realname='libnss_winbind.so.1', + vnum='1') -bld.SAMBA_LIBRARY('nss_winbind', - source='winbind_nss_linux.c', - deps='winbind-client', - realname='libnss_winbind.so.2', - vnum='2') +elif (host_os.rfind('netbsd') > -1): + # NetBSD winbind client is implemented as a wrapper + # around the Linux version. It needs getpwent_r() to + # indicate libc's use of the correct nsdispatch API. + if bld.CONFIG_SET("HAVE_GETPWENT_R"): + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c winbind_nss_netbsd.c', + deps='winbind-client', + realname='libnss_winbind.so') +elif (host_os.rfind('irix') > -1): + bld.SAMBA_LIBRARY('ns_winbind', + source='winbind_nss_irix.c', + deps='winbind-client', + realname='libns_winbind.so') -if bld.CONFIG_SET('WITH_PAM_MODULES') or bld.CONFIG_SET('HAVE_PAM_START'): +elif Utils.unversioned_sys_platform() == 'sunos': + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_solaris.c winbind_nss_linux.c', + deps='winbind-client', + realname='nss_winbind.so.1', + vnum='1') +elif (host_os.rfind('hpux') > -1): + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_linux.c', + deps='winbind-client', + realname='libnss_winbind.so') +elif (host_os.rfind('aix') > -1): + bld.SAMBA_LIBRARY('nss_winbind', + source='winbind_nss_aix.c', + deps='winbind-client', + realname='libnss_winbind.so') + +if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): bld.SAMBA_LIBRARY('pamwinbind', source='pam_winbind.c', - deps='intl talloc wbclient winbind-client LIBINIPARSER pam', + deps='intl talloc wbclient winbind-client iniparser pam', cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, realname='pam_winbind.so', + install_path='${PAMMODULESDIR}' ) if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): bld.SAMBA_LIBRARY('winbind_krb5_locator', source='winbind_krb5_locator.c', - deps='wbclient krb5', + deps='wbclient krb5 com_err', realname='winbind_krb5_locator.so') bld.SAMBA_SUBSYSTEM('WB_REQTRANS', source='wb_reqtrans.c', deps='talloc tevent LIBASYNC_REQ' ) + +bld.SAMBA_BINARY('wbinfo', + source='wbinfo.c', + deps='samba-util LIBCLI_AUTH popt POPT_SAMBA wbclient LIBAFS_SETTOKEN' + ) diff --git a/nsswitch/wscript_configure b/nsswitch/wscript_configure index 7d6ea82879..3048f48c24 100644 --- a/nsswitch/wscript_configure +++ b/nsswitch/wscript_configure @@ -4,3 +4,19 @@ conf.CHECK_HEADERS('nss.h nss_common.h ns_api.h') conf.CHECK_HEADERS('security/pam_appl.h security/pam_modules.h pam/pam_modules.h', together=True) conf.CHECK_FUNCS_IN('pam_start', 'pam', checklibc=True, headers='security/pam_appl.h') + +# Solaris 10 does have new member in nss_XbyY_key +conf.CHECK_STRUCTURE_MEMBER('union nss_XbyY_key', 'ipnode.af_family', + define='HAVE_NSS_XBYY_KEY_IPNODE', + headers='nss_dbdefs.h') + +# Solaris has some extra fields in struct passwd that need to be +# initialised otherwise nscd crashes. + +conf.CHECK_STRUCTURE_MEMBER('struct passwd', 'pw_comment', + define='HAVE_PASSWD_PW_COMMENT', + headers='pwd.h') + +conf.CHECK_STRUCTURE_MEMBER('struct passwd', 'pw_age', + define='HAVE_PASSWD_PW_AGE', + headers='pwd.h') -- cgit v1.2.3