The branch, master has been updated via a21be2c Fix WAF build for sids2xids. via 845d4d4 s3: Add a test for sid2xids via 32bd643 s3: Add some debug to winbindd_sids_to_xids via ddfeccc s3: Use wbcSidsToUnixIds in create_local_token via b8dc235 nsswitch: Add wbinfo --sids-to-unix-ids via a93c49d libwbclient: Add wbcSidsToUnixIds via 44f7fc4 s3: Export WINBINDD_SIDS_TO_XIDS via the winbind pipe via a671885 s3: Add wbint_Sids2UnixIDs idl & implementation via 80f8738 s3: Make idmap_find_domain public via 74ea52e s3: Add is_domain_online via 69ba259 nsswitch: wbinfo --lookup-sids via 4be643d lib: Move next_token next to next_token_talloc via cfe30df9 libwbclient: Add wbcLookupSids via 63446c2 s3: Add winbindd_lookupsids via 490c52c s3: Add wb_lookupsids via 091fd0f s3: Add wbint_LookupSids via ef9d2b1 s3: Make parse_sidlist public via 58e26c2 s3: Simplify parse_sidlist via d4c693d Add dom_sid_parse_endp via df269c0 Don't print "success" message after error message in change_file_owner_to_parent(). Remove "goto" in change_dir_owner_to_parent(). from c3d8991 s3-build: finally remove references to ndr and dcerpc headers that were included globally.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a21be2c3c8467211345e00e3a372196b472a6877 Author: Jeremy Allison <j...@samba.org> Date: Wed Apr 13 14:49:49 2011 -0700 Fix WAF build for sids2xids. Autobuild-User: Jeremy Allison <j...@samba.org> Autobuild-Date: Thu Apr 14 00:33:53 CEST 2011 on sn-devel-104 commit 845d4d43c760455c7a0b5692925afa4d680bd3c0 Author: Volker Lendecke <v...@samba.org> Date: Mon Apr 11 17:26:35 2011 +0200 s3: Add a test for sid2xids Signed-off-by: Jeremy Allison <j...@samba.org> commit 32bd64359c85fc90037c1bec0ea476bc6e9c185d Author: Volker Lendecke <v...@samba.org> Date: Tue Apr 12 13:32:20 2011 +0200 s3: Add some debug to winbindd_sids_to_xids Signed-off-by: Jeremy Allison <j...@samba.org> commit ddfeccc6e40a3e8d8d84ef1b23f9ad3562a44db1 Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:31:38 2011 +0100 s3: Use wbcSidsToUnixIds in create_local_token Signed-off-by: Jeremy Allison <j...@samba.org> commit b8dc235b08ba5ccd4c5d4756369eab4be89c91bf Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:31:17 2011 +0100 nsswitch: Add wbinfo --sids-to-unix-ids Signed-off-by: Jeremy Allison <j...@samba.org> commit a93c49d7e6ef916ffe3e4a57ce863247f5da960b Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:30:32 2011 +0100 libwbclient: Add wbcSidsToUnixIds Signed-off-by: Jeremy Allison <j...@samba.org> commit 44f7fc4fdfefdac424a3af0fce9e84cd5b2bc82a Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:29:45 2011 +0100 s3: Export WINBINDD_SIDS_TO_XIDS via the winbind pipe Signed-off-by: Jeremy Allison <j...@samba.org> commit a671885f49638aa18fdeed9fb3f040ffcc0b7a82 Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:18:13 2011 +0100 s3: Add wbint_Sids2UnixIDs idl & implementation Signed-off-by: Jeremy Allison <j...@samba.org> commit 80f873853fbf4da65778ee8876e2a4901380c28b Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 23 18:15:34 2011 +0100 s3: Make idmap_find_domain public Signed-off-by: Jeremy Allison <j...@samba.org> commit 74ea52e3511ae025e81ffb3a1f037015a31d2de7 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 22 16:37:41 2011 +0100 s3: Add is_domain_online Signed-off-by: Jeremy Allison <j...@samba.org> commit 69ba25948a4b559e364e46f6fb09de043151a27e Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 9 16:36:20 2011 +0100 nsswitch: wbinfo --lookup-sids Signed-off-by: Jeremy Allison <j...@samba.org> commit 4be643d4ce33d5ce2bf9deacc3f6d0fde90cf626 Author: Volker Lendecke <v...@samba.org> Date: Wed Mar 9 16:34:49 2011 +0100 lib: Move next_token next to next_token_talloc Signed-off-by: Jeremy Allison <j...@samba.org> commit cfe30df98ea9ca3360d3cfd8b850c5910c1cd165 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 8 18:01:21 2011 +0100 libwbclient: Add wbcLookupSids Signed-off-by: Jeremy Allison <j...@samba.org> commit 63446c2c2a583a6eaf1d25e5590d4c7a0fd09087 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 8 14:31:44 2011 +0100 s3: Add winbindd_lookupsids Signed-off-by: Jeremy Allison <j...@samba.org> commit 490c52c9fc689803f4c1719401698e36998dc53f Author: Volker Lendecke <v...@samba.org> Date: Mon Mar 7 13:40:30 2011 +0100 s3: Add wb_lookupsids Signed-off-by: Jeremy Allison <j...@samba.org> commit 091fd0f0f74003847ab5dd72a48e8f2978a511a5 Author: Volker Lendecke <v...@samba.org> Date: Fri Mar 11 12:48:11 2011 +0100 s3: Add wbint_LookupSids This will be called from wb_lookupsids to query remote DCs via lsa Signed-off-by: Jeremy Allison <j...@samba.org> commit ef9d2b15e01d18dc2bf0379cc9a6df367812e287 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 8 14:23:15 2011 +0100 s3: Make parse_sidlist public Signed-off-by: Jeremy Allison <j...@samba.org> commit 58e26c2589620f04684aed620054fde4cda98969 Author: Volker Lendecke <v...@samba.org> Date: Mon Mar 7 20:27:30 2011 +0100 s3: Simplify parse_sidlist Signed-off-by: Jeremy Allison <j...@samba.org> commit d4c693df98835444d1db242b2723617d2e231c6a Author: Volker Lendecke <v...@samba.org> Date: Mon Mar 7 20:16:13 2011 +0100 Add dom_sid_parse_endp This returns a pointer to the first non-parsed character, along the lines of strtoul for example. Signed-off-by: Jeremy Allison <j...@samba.org> commit df269c0834a46bb0f0cf44d0f0822c05c8c797a5 Author: Jeremy Allison <j...@samba.org> Date: Tue Apr 12 16:32:37 2011 -0700 Don't print "success" message after error message in change_file_owner_to_parent(). Remove "goto" in change_dir_owner_to_parent(). ----------------------------------------------------------------------- Summary of changes: lib/util/charset/util_unistr.c | 47 -- lib/util/util.c | 46 ++ libcli/security/dom_sid.c | 14 +- libcli/security/dom_sid.h | 2 + librpc/idl/lsa.idl | 6 +- nsswitch/libwbclient/wbc_idmap.c | 93 ++++ nsswitch/libwbclient/wbc_sid.c | 183 +++++++ nsswitch/libwbclient/wbclient.h | 42 ++- nsswitch/wbinfo.c | 141 +++++ nsswitch/winbind_struct_protocol.h | 4 +- source3/Makefile.in | 4 + source3/auth/auth_util.c | 26 +- source3/librpc/idl/wbint.idl | 25 +- source3/passdb/lookup_sid.c | 103 ++++ source3/passdb/lookup_sid.h | 3 + source3/script/tests/test_wbinfo_sids2xids.sh | 11 + source3/script/tests/test_wbinfo_sids2xids_int.py | 47 ++ source3/selftest/tests.py | 4 + source3/smbd/open.c | 17 +- source3/winbindd/idmap.c | 2 +- source3/winbindd/wb_lookupsids.c | 601 +++++++++++++++++++++ source3/winbindd/winbindd.c | 4 + source3/winbindd/winbindd_dual_srv.c | 110 ++++ source3/winbindd/winbindd_getsidaliases.c | 42 -- source3/winbindd/winbindd_lookupsids.c | 145 +++++ source3/winbindd/winbindd_proto.h | 32 ++ source3/winbindd/winbindd_rpc.c | 98 ++++ source3/winbindd/winbindd_sids_to_xids.c | 306 +++++++++++ source3/winbindd/winbindd_util.c | 36 ++ source3/wscript_build | 5 +- 30 files changed, 2085 insertions(+), 114 deletions(-) create mode 100755 source3/script/tests/test_wbinfo_sids2xids.sh create mode 100755 source3/script/tests/test_wbinfo_sids2xids_int.py create mode 100644 source3/winbindd/wb_lookupsids.c create mode 100644 source3/winbindd/winbindd_lookupsids.c create mode 100644 source3/winbindd/winbindd_sids_to_xids.c Changeset truncated at 500 lines: diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c index 6737256..ddb15f8 100644 --- a/lib/util/charset/util_unistr.c +++ b/lib/util/charset/util_unistr.c @@ -22,53 +22,6 @@ #include "system/locale.h" /** - * Get the next token from a string, return False if none found. - * Handles double-quotes. - * - * Based on a routine by g...@village.com. - * Extensively modified by andrew.tridg...@anu.edu.au - **/ -_PUBLIC_ bool next_token(const char **ptr,char *buff, const char *sep, size_t bufsize) -{ - const char *s; - bool quoted; - size_t len=1; - - if (!ptr) - return false; - - s = *ptr; - - /* default to simple separators */ - if (!sep) - sep = " \t\n\r"; - - /* find the first non sep char */ - while (*s && strchr_m(sep,*s)) - s++; - - /* nothing left? */ - if (!*s) - return false; - - /* copy over the token */ - for (quoted = false; len < bufsize && *s && (quoted || !strchr_m(sep,*s)); s++) { - if (*s == '\"') { - quoted = !quoted; - } else { - len++; - *buff++ = *s; - } - } - - *ptr = (*s) ? s+1 : s; - *buff = 0; - - return true; -} - - -/** String replace. NOTE: oldc and newc must be 7 bit characters **/ diff --git a/lib/util/util.c b/lib/util/util.c index 35ad49b..d4a936f 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -936,6 +936,52 @@ bool next_token_no_ltrim_talloc(TALLOC_CTX *ctx, return next_token_internal_talloc(ctx, ptr, pp_buff, sep, false); } +/** + * Get the next token from a string, return False if none found. + * Handles double-quotes. + * + * Based on a routine by g...@village.com. + * Extensively modified by andrew.tridg...@anu.edu.au + **/ +_PUBLIC_ bool next_token(const char **ptr,char *buff, const char *sep, size_t bufsize) +{ + const char *s; + bool quoted; + size_t len=1; + + if (!ptr) + return false; + + s = *ptr; + + /* default to simple separators */ + if (!sep) + sep = " \t\n\r"; + + /* find the first non sep char */ + while (*s && strchr_m(sep,*s)) + s++; + + /* nothing left? */ + if (!*s) + return false; + + /* copy over the token */ + for (quoted = false; len < bufsize && *s && (quoted || !strchr_m(sep,*s)); s++) { + if (*s == '\"') { + quoted = !quoted; + } else { + len++; + *buff++ = *s; + } + } + + *ptr = (*s) ? s+1 : s; + *buff = 0; + + return true; +} + struct anonymous_shared_header { union { size_t length; diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 809f20c..2f80a36 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -118,9 +118,11 @@ int dom_sid_compare_domain(const struct dom_sid *sid1, /***************************************************************** Convert a string to a SID. Returns True on success, False on fail. + Return the first character not parsed in endp. *****************************************************************/ -bool string_to_sid(struct dom_sid *sidout, const char *sidstr) +bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, + const char **endp) { const char *p; char *q; @@ -197,6 +199,9 @@ bool string_to_sid(struct dom_sid *sidout, const char *sidstr) } q += 1; } + if (endp != NULL) { + *endp = q; + } return true; format_error: @@ -204,9 +209,14 @@ format_error: return false; } +bool string_to_sid(struct dom_sid *sidout, const char *sidstr) +{ + return dom_sid_parse(sidstr, sidout); +} + bool dom_sid_parse(const char *sidstr, struct dom_sid *ret) { - return string_to_sid(ret, sidstr); + return dom_sid_parse_endp(sidstr, ret, NULL); } /* diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 3493fab..04571c2 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -60,6 +60,8 @@ int dom_sid_compare_domain(const struct dom_sid *sid1, bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool sid_append_rid(struct dom_sid *sid, uint32_t rid); bool string_to_sid(struct dom_sid *sidout, const char *sidstr); +bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, + const char **endp); bool dom_sid_parse(const char *sidstr, struct dom_sid *ret); struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr); struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid); diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index fc59cd0..c8aaa47 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -519,7 +519,7 @@ import "misc.idl", "security.idl"; } lsa_TransSidArray; const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32; - typedef struct { + typedef [public] struct { [range(0,1000)] uint32 count; [size_is(count)] lsa_DomainInfo *domains; uint32 max_size; @@ -533,7 +533,7 @@ import "misc.idl", "security.idl"; * Level 6: Like 4 */ - typedef enum { + typedef [public] enum { LSA_LOOKUP_NAMES_ALL = 1, LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2, LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, @@ -563,7 +563,7 @@ import "misc.idl", "security.idl"; uint32 sid_index; } lsa_TranslatedName; - typedef struct { + typedef [public] struct { [range(0,20480)] uint32 count; [size_is(count)] lsa_TranslatedName *names; } lsa_TransNameArray; diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c index a77e7c0..ad3cfe6 100644 --- a/nsswitch/libwbclient/wbc_idmap.c +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -23,6 +23,7 @@ #include "replace.h" #include "libwbclient.h" +#include "../winbind_client.h" /* Convert a Windows SID to a Unix uid, allocating an uid if needed */ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) @@ -296,3 +297,95 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm) { return WBC_ERR_NOT_IMPLEMENTED; } + +/* Convert a list of SIDs */ +wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids, + struct wbcUnixId *ids) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int buflen, extra_len; + uint32_t i; + char *sidlist, *p, *extra_data; + + buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1; + + sidlist = (char *)malloc(buflen); + if (sidlist == NULL) { + return WBC_ERR_NO_MEMORY; + } + + p = sidlist; + + for (i=0; i<num_sids; i++) { + int remaining; + int len; + + remaining = buflen - (p - sidlist); + + len = wbcSidToStringBuf(&sids[i], p, remaining); + if (len > remaining) { + free(sidlist); + return WBC_ERR_UNKNOWN_FAILURE; + } + + p += len; + *p++ = '\n'; + } + *p++ = '\0'; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.extra_data.data = sidlist; + request.extra_len = p - sidlist; + + wbc_status = wbcRequestResponse(WINBINDD_SIDS_TO_XIDS, + &request, &response); + free(sidlist); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + extra_len = response.length - sizeof(struct winbindd_response); + extra_data = (char *)response.extra_data.data; + + if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) { + goto wbc_err_invalid; + } + + p = extra_data; + + for (i=0; i<num_sids; i++) { + struct wbcUnixId *id = &ids[i]; + char *q; + + switch (p[0]) { + case 'U': + id->type = WBC_ID_TYPE_UID; + id->id.uid = strtoul(p+1, &q, 10); + break; + case 'G': + id->type = WBC_ID_TYPE_GID; + id->id.gid = strtoul(p+1, &q, 10); + break; + default: + id->type = WBC_ID_TYPE_NOT_SPECIFIED; + q = p; + break; + }; + if (q[0] != '\n') { + goto wbc_err_invalid; + } + p = q+1; + } + wbc_status = WBC_ERR_SUCCESS; + goto done; + +wbc_err_invalid: + wbc_status = WBC_ERR_INVALID_RESPONSE; +done: + winbindd_free_response(&response); + return wbc_status; +} diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index 712c865..6df8a3c 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -279,6 +279,189 @@ done: return wbc_status; } +static void wbcDomainInfosDestructor(void *ptr) +{ + struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr; + + while (i->short_name != NULL) { + wbcFreeMemory(i->short_name); + wbcFreeMemory(i->dns_name); + i += 1; + } +} + +static void wbcTranslatedNamesDestructor(void *ptr) +{ + struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr; + + while (n->name != NULL) { + free(n->name); + n += 1; + } +} + +wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids, + struct wbcDomainInfo **pdomains, int *pnum_domains, + struct wbcTranslatedName **pnames) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int buflen, i, extra_len, num_domains, num_names; + char *sidlist, *p, *q, *extra_data; + struct wbcDomainInfo *domains = NULL; + struct wbcTranslatedName *names = NULL; + + buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1; + + sidlist = (char *)malloc(buflen); + if (sidlist == NULL) { + return WBC_ERR_NO_MEMORY; + } + + p = sidlist; + + for (i=0; i<num_sids; i++) { + int remaining; + int len; + + remaining = buflen - (p - sidlist); + + len = wbcSidToStringBuf(&sids[i], p, remaining); + if (len > remaining) { + free(sidlist); + return WBC_ERR_UNKNOWN_FAILURE; + } + + p += len; + *p++ = '\n'; + } + *p++ = '\0'; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.extra_data.data = sidlist; + request.extra_len = p - sidlist; + + wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSIDS, + &request, &response); + free(sidlist); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + extra_len = response.length - sizeof(struct winbindd_response); + extra_data = (char *)response.extra_data.data; + + if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) { + goto wbc_err_invalid; + } + + p = extra_data; + + num_domains = strtoul(p, &q, 10); + if (*q != '\n') { + goto wbc_err_invalid; + } + p = q+1; + + domains = (struct wbcDomainInfo *)wbcAllocateMemory( + num_domains+1, sizeof(struct wbcDomainInfo), + wbcDomainInfosDestructor); + if (domains == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_domains; i++) { + + q = strchr(p, ' '); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + wbc_status = wbcStringToSid(p, &domains[i].sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto fail; + } + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + domains[i].short_name = wbcStrDup(p); + if (domains[i].short_name == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + p = q+1; + } + + num_names = strtoul(p, &q, 10); + if (*q != '\n') { + goto wbc_err_invalid; + } + p = q+1; + + if (num_names != num_sids) { + goto wbc_err_invalid; + } + + names = (struct wbcTranslatedName *)wbcAllocateMemory( + num_names+1, sizeof(struct wbcTranslatedName), + wbcTranslatedNamesDestructor); + if (names == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_names; i++) { + + names[i].domain_index = strtoul(p, &q, 10); + if (*q != ' ') { + goto wbc_err_invalid; + } + p = q+1; + + names[i].type = strtoul(p, &q, 10); + if (*q != ' ') { + goto wbc_err_invalid; + } + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + names[i].name = wbcStrDup(p); + if (names[i].name == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + p = q+1; + } + if (*p != '\0') { + goto wbc_err_invalid; + } + + *pdomains = domains; + *pnames = names; + winbindd_free_response(&response); + return WBC_ERR_SUCCESS; + +wbc_err_invalid: + wbc_status = WBC_ERR_INVALID_RESPONSE; +fail: + winbindd_free_response(&response); + wbcFreeMemory(domains); + wbcFreeMemory(names); + return wbc_status; +} -- Samba Shared Repository