The branch, master has been updated via ccd4759aaff nss/waf: check for secmethod_table.method_{attrlist,version} for aix >= 5.2 via 2e1bc87b13c winbind_nss_aix: add incomplete attr_flag initializations via c36cf69d591 winbind_nss_aix: use WBFLAG_FROM_NSS via faf50b2d702 winbind_nss_solaris: use WBFLAG_FROM_NSS via fcda61bb41b winbind_nss_netbsd: use WBFLAG_FROM_NSS via 4a7368501a9 nsswitch/winbind_nss_linux.c use WBFLAG_FROM_NSS via f95495e1f7d winbind: honor WBFLAG_FROM_NSS along with winbind enum users/groups via 245b494cebf winbind introduce WBFLAG_FROM_NSS via a9b71194fb1 nsswitch/winbind_nss_aix: reimplement fetching the SID of a user via b9496ddb39e winbind_nss_aix: support also S_GROUPSIDS from 42dde0bdd3a group_audit: Ensure we still log membership changes (with an error) where status != LDB_SUCCESS
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ccd4759aaff340321792e3b5acab6bc3c8d8cfbb Author: Bjoern Jacke <b...@sernet.de> Date: Fri Dec 21 06:12:56 2018 -0600 nss/waf: check for secmethod_table.method_{attrlist,version} for aix >= 5.2 The original commit 02c9b46fab46ab401a3cf6bb74c8260801c41032 was not ported to waf yet. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> Autobuild-User(master): Björn Jacke <b...@sernet.de> Autobuild-Date(master): Sat Dec 22 06:22:22 CET 2018 on sn-devel-144 commit 2e1bc87b13c491f47a6fbcf9549ffa8250a2508b Author: Björn Jacke <b...@sernet.de> Date: Fri Dec 21 15:02:40 2018 +0100 winbind_nss_aix: add incomplete attr_flag initializations Found by Jürgen Starek, see https://bugzilla.samba.org/show_bug.cgi?id=5157 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> commit c36cf69d5911b86d73a495308c1bed14004b0659 Author: Björn Jacke <b...@sernet.de> Date: Sat Dec 22 02:39:00 2018 +0100 winbind_nss_aix: use WBFLAG_FROM_NSS Signed-off-by: Bjoern Jacke <b...@sernet.de> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit faf50b2d70228cce6b95a068bbe7da2a40d63419 Author: Björn Jacke <b...@sernet.de> Date: Fri Dec 21 01:00:09 2018 +0100 winbind_nss_solaris: use WBFLAG_FROM_NSS Signed-off-by: Bjoern Jacke <b...@sernet.de> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit fcda61bb41be5e638b9124cb5570bbb2fa214a13 Author: Björn Jacke <b...@sernet.de> Date: Fri Dec 21 00:50:38 2018 +0100 winbind_nss_netbsd: use WBFLAG_FROM_NSS Signed-off-by: Bjoern Jacke <b...@sernet.de> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 4a7368501a9df8f0b8f29a94faa0c1099c0a477a Author: Bjoern Jacke <b...@sernet.de> Date: Fri Dec 21 05:54:31 2018 -0600 nsswitch/winbind_nss_linux.c use WBFLAG_FROM_NSS Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> commit f95495e1f7d31dd32a979514d150ecb755a8c1a1 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 20 10:25:01 2018 -0600 winbind: honor WBFLAG_FROM_NSS along with winbind enum users/groups Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> commit 245b494cebf0fb2c21a4e874141178573a086cfb Author: Bjoern Jacke <b...@sernet.de> Date: Thu Dec 20 10:23:02 2018 -0600 winbind introduce WBFLAG_FROM_NSS Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> commit a9b71194fb1842be09841f0f29470f42f2ea97c2 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Dec 21 05:51:29 2018 -0600 nsswitch/winbind_nss_aix: reimplement fetching the SID of a user Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Bjoern Jacke <b...@sernet.de> commit b9496ddb39e685d1f742c26ba390d26f5a3eabfb Author: Björn Jacke <b...@sernet.de> Date: Fri Dec 21 02:20:00 2018 +0100 winbind_nss_aix: support also S_GROUPSIDS which is used by lsuser up to AIX 5.2, see also https://bugzilla.samba.org/show_bug.cgi?id=5157 Signed-off-by: Bjoern Jacke <b...@sernet.de> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: nsswitch/winbind_nss_aix.c | 171 ++++++++++++++++++-------------- nsswitch/winbind_nss_linux.c | 38 +++++-- nsswitch/winbind_nss_netbsd.c | 10 +- nsswitch/winbind_nss_solaris.c | 33 +++--- nsswitch/winbind_struct_protocol.h | 1 + nsswitch/wscript_configure | 9 ++ source3/winbindd/winbindd_list_groups.c | 5 + source3/winbindd/winbindd_list_users.c | 5 + 8 files changed, 169 insertions(+), 103 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_aix.c b/nsswitch/winbind_nss_aix.c index dc44db40ef9..343809a4b34 100644 --- a/nsswitch/winbind_nss_aix.c +++ b/nsswitch/winbind_nss_aix.c @@ -269,16 +269,17 @@ static struct group *fill_grent(struct winbindd_gr *gr, char *gr_mem) /* take a group id and return a filled struct group */ static struct group *wb_aix_getgrgid(gid_t gid) { - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; struct group *grp; NSS_STATUS ret; logit("getgrgid %d\n", gid); - ZERO_STRUCT(response); - ZERO_STRUCT(request); - request.data.gid = gid; ret = winbindd_request_response(NULL, WINBINDD_GETGRGID, @@ -298,8 +299,12 @@ static struct group *wb_aix_getgrgid(gid_t gid) /* take a group name and return a filled struct group */ static struct group *wb_aix_getgrnam(const char *name) { - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; struct group *grp; @@ -309,9 +314,6 @@ static struct group *wb_aix_getgrnam(const char *name) logit("getgrnam '%s'\n", name); - ZERO_STRUCT(response); - ZERO_STRUCT(request); - STRCPY_RETNULL(request.data.groupname, name); ret = winbindd_request_response(NULL, WINBINDD_GETGRNAM, @@ -346,8 +348,12 @@ static struct group *wb_aix_getgracct(void *id, int type) list of group id numbers to which the user belongs */ static char *wb_aix_getgrset(char *user) { - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; int i, idx; char *tmpbuf; @@ -365,9 +371,6 @@ static char *wb_aix_getgrset(char *user) logit("getgrset '%s'\n", r_user); - ZERO_STRUCT(response); - ZERO_STRUCT(request); - STRCPY_RETNULL(request.data.username, r_user); if (*user == WB_AIX_ENCODED) { @@ -402,16 +405,17 @@ static char *wb_aix_getgrset(char *user) /* take a uid and return a filled struct passwd */ static struct passwd *wb_aix_getpwuid(uid_t uid) { - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; struct passwd *pwd; logit("getpwuid '%d'\n", uid); - ZERO_STRUCT(response); - ZERO_STRUCT(request); - request.data.uid = uid; ret = winbindd_request_response(NULL, WINBINDD_GETPWUID, @@ -432,8 +436,12 @@ static struct passwd *wb_aix_getpwuid(uid_t uid) /* take a username and return a filled struct passwd */ static struct passwd *wb_aix_getpwnam(const char *name) { - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; struct passwd *pwd; @@ -443,9 +451,6 @@ static struct passwd *wb_aix_getpwnam(const char *name) logit("getpwnam '%s'\n", name); - ZERO_STRUCT(response); - ZERO_STRUCT(request); - STRCPY_RETNULL(request.data.username, name); ret = winbindd_request_response(NULL, WINBINDD_GETPWNAM, @@ -468,8 +473,12 @@ static struct passwd *wb_aix_getpwnam(const char *name) static int wb_aix_lsuser(char *attributes[], attrval_t results[], int size) { NSS_STATUS ret; - struct winbindd_request request; - struct winbindd_response response; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; int len; char *s; @@ -479,9 +488,6 @@ static int wb_aix_lsuser(char *attributes[], attrval_t results[], int size) return -1; } - ZERO_STRUCT(request); - ZERO_STRUCT(response); - ret = winbindd_request_response(NULL, WINBINDD_LIST_USERS, &request, &response); if (ret != 0) { @@ -517,8 +523,12 @@ static int wb_aix_lsuser(char *attributes[], attrval_t results[], int size) static int wb_aix_lsgroup(char *attributes[], attrval_t results[], int size) { NSS_STATUS ret; - struct winbindd_request request; - struct winbindd_response response; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; int len; char *s; @@ -528,9 +538,6 @@ static int wb_aix_lsgroup(char *attributes[], attrval_t results[], int size) return -1; } - ZERO_STRUCT(request); - ZERO_STRUCT(response); - ret = winbindd_request_response(NULL, WINBINDD_LIST_GROUPS, &request, &response); if (ret != 0) { @@ -562,12 +569,12 @@ static int wb_aix_lsgroup(char *attributes[], attrval_t results[], int size) static attrval_t pwd_to_group(struct passwd *pwd) { - attrval_t r; + attrval_t r = { + .attr_flag = EINVAL, + }; struct group *grp = wb_aix_getgrgid(pwd->pw_gid); - if (!grp) { - r.attr_flag = EINVAL; - } else { + if (grp != NULL) { r.attr_flag = 0; r.attr_un.au_char = strdup(grp->gr_name); free_grp(grp); @@ -578,7 +585,9 @@ static attrval_t pwd_to_group(struct passwd *pwd) static attrval_t pwd_to_groupsids(struct passwd *pwd) { - attrval_t r; + attrval_t r = { + .attr_flag = EINVAL, + }; char *s, *p; size_t mlen; @@ -598,6 +607,7 @@ static attrval_t pwd_to_groupsids(struct passwd *pwd) replace_commas(p); free(s); + r.attr_flag = 0; r.attr_un.au_char = p; return r; @@ -605,34 +615,40 @@ static attrval_t pwd_to_groupsids(struct passwd *pwd) static attrval_t pwd_to_sid(struct passwd *pwd) { + char buf[(1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */) + 1] = { 0, }; + int len; struct winbindd_request request; struct winbindd_response response; - attrval_t r; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - request.data.uid = pwd->pw_uid; - -#if 0 - /* - * Removed because WINBINDD_UID_TO_SID is replaced by - * WINBINDD_XIDS_TO_SIDS. I don't have an AIX build - * environment around, so I did not convert this call. If - * someone stumbles over this, please contact me: - * v...@samba.org, I'll convert this. - */ - if (winbindd_request_response(NULL, WINBINDD_UID_TO_SID, - &request, &response) != - NSS_STATUS_SUCCESS) { - r.attr_flag = ENOENT; - } else { + NSS_STATUS result; + attrval_t r = { + .attr_flag = ENOENT, + }; + + len = snprintf(buf, sizeof(buf), + "U%"PRIu32"\n", + (uint32_t)pwd->pw_uid); + if (len >= sizeof(buf)) { + r = (attrval_t) { + .attr_flag = EINVAL, + }; + return r; + } + + request = (struct winbindd_request) { + .wb_flags = WBFLAG_FROM_NSS, + .extra_data.data = buf, + .extra_len = strlen(buf)+1, + }; + response = (struct winbindd_response) { + .length = 0, + }; + + result = winbindd_request_response(NULL, WINBINDD_XIDS_TO_SIDS, + &request, &response); + if (result == NSS_STATUS_SUCCESS) { r.attr_flag = 0; r.attr_un.au_char = strdup(response.data.sid.sid); } -#else - r.attr_flag = ENOENT; -#endif return r; } @@ -650,7 +666,9 @@ static int wb_aix_user_attrib(const char *key, char *attributes[], } for (i=0;i<size;i++) { - results[i].attr_flag = 0; + results[i] = (attrval_t) { + .attr_flag = 0, + }; if (strcmp(attributes[i], S_ID) == 0) { results[i].attr_un.au_int = pwd->pw_uid; @@ -672,6 +690,8 @@ static int wb_aix_user_attrib(const char *key, char *attributes[], results[i] = pwd_to_group(pwd); } else if (strcmp(attributes[i], S_GROUPS) == 0) { results[i] = pwd_to_groupsids(pwd); + } else if (strcmp(attributes[i], S_GROUPSIDS) == 0) { + results[i] = pwd_to_groupsids(pwd); } else if (strcmp(attributes[i], "SID") == 0) { results[i] = pwd_to_sid(pwd); } else { @@ -803,6 +823,7 @@ static attrlist_t **wb_aix_attrlist(void) {S_SHELL, AL_USERATTR, SEC_CHAR}, {S_PGRP, AL_USERATTR, SEC_CHAR}, {S_GROUPS, AL_USERATTR, SEC_LIST}, + {S_GROUPSIDS, AL_USERATTR, SEC_LIST}, {"SID", AL_USERATTR, SEC_CHAR}, /* group attributes */ @@ -885,8 +906,12 @@ static int wb_aix_normalize(char *longname, char *shortname) static int wb_aix_authenticate(char *user, char *pass, int *reenter, char **message) { - struct winbindd_request request; - struct winbindd_response response; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS result; char *r_user = user; @@ -896,9 +921,6 @@ static int wb_aix_authenticate(char *user, char *pass, *message = NULL; /* Send off request */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); - if (*user == WB_AIX_ENCODED) { r_user = decode_user(r_user); if (!r_user) { @@ -934,8 +956,12 @@ static int wb_aix_authenticate(char *user, char *pass, */ static int wb_aix_chpass(char *user, char *oldpass, char *newpass, char **message) { - struct winbindd_request request; - struct winbindd_response response; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS result; char *r_user = user; @@ -952,9 +978,6 @@ static int wb_aix_chpass(char *user, char *oldpass, char *newpass, char **messag *message = NULL; /* Send off request */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); - STRCPY_RET(request.data.chauthtok.user, r_user); STRCPY_RET(request.data.chauthtok.oldpass, oldpass); STRCPY_RET(request.data.chauthtok.newpass, newpass); diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index 4ab10b90f4f..635813ccd60 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -544,10 +544,15 @@ _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, /* Call for the first time */ - ZERO_STRUCT(response); - ZERO_STRUCT(request); - - request.data.uid = uid; + response = (struct winbindd_response) { + .length = 0, + }; + request = (struct winbindd_request) { + .wb_flags = WBFLAG_FROM_NSS, + .data = { + .uid = uid, + }, + }; winbind_set_client_name("nss_winbind"); ret = winbindd_request_response(NULL, WINBINDD_GETPWUID, &request, &response); @@ -618,8 +623,12 @@ _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer, /* Call for the first time */ - ZERO_STRUCT(response); - ZERO_STRUCT(request); + response = (struct winbindd_response) { + .length = 0, + }; + request = (struct winbindd_request) { + .wb_flags = WBFLAG_FROM_NSS, + }; strncpy(request.data.username, name, sizeof(request.data.username) - 1); @@ -895,8 +904,12 @@ _nss_winbind_getgrnam_r(const char *name, /* Call for the first time */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); + response = (struct winbindd_response) { + .length = 0, + }; + request = (struct winbindd_request) { + .wb_flags = WBFLAG_FROM_NSS, + }; strncpy(request.data.groupname, name, sizeof(request.data.groupname)); @@ -978,8 +991,13 @@ _nss_winbind_getgrgid_r(gid_t gid, /* Call for the first time */ - ZERO_STRUCT(request); - ZERO_STRUCT(response); + response = (struct winbindd_response) { + .length = 0, + }; + request = (struct winbindd_request) { + .wb_flags = WBFLAG_FROM_NSS, + }; + request.data.gid = gid; diff --git a/nsswitch/winbind_nss_netbsd.c b/nsswitch/winbind_nss_netbsd.c index 4edf64c2c11..94552639b7b 100644 --- a/nsswitch/winbind_nss_netbsd.c +++ b/nsswitch/winbind_nss_netbsd.c @@ -180,13 +180,15 @@ netbsdwinbind_getgroupmembership(void *nsrv, void *nscb, va_list ap) int maxgrp = va_arg(ap, int); int *groupc = va_arg(ap, int *); - struct winbindd_request request; - struct winbindd_response response; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + } gid_t *wblistv; int wblistc, i, isdup, dupc; - ZERO_STRUCT(request); - ZERO_STRUCT(response); strncpy(request.data.username, uname, sizeof(request.data.username) - 1); i = winbindd_request_response(NULL, WINBINDD_GETGROUPS, diff --git a/nsswitch/winbind_nss_solaris.c b/nsswitch/winbind_nss_solaris.c index eb1ddb0f8b0..495854fb9f3 100644 --- a/nsswitch/winbind_nss_solaris.c +++ b/nsswitch/winbind_nss_solaris.c @@ -479,14 +479,15 @@ static NSS_STATUS _nss_winbind_ipnodes_getbyname(nss_backend_t* be, void *args) { nss_XbyY_args_t *argp = (nss_XbyY_args_t*) args; - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; int af; - ZERO_STRUCT(response); - ZERO_STRUCT(request); - /* I assume there that AI_ADDRCONFIG cases are handled in nss frontend code, at least it seems done so in solaris... @@ -524,13 +525,14 @@ static NSS_STATUS _nss_winbind_hosts_getbyname(nss_backend_t* be, void *args) { nss_XbyY_args_t *argp = (nss_XbyY_args_t*) args; - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, + }; + struct winbindd_response response = { + .length = 0, + }; NSS_STATUS ret; - ZERO_STRUCT(response); - ZERO_STRUCT(request); - strncpy(request.data.winsreq, argp->key.name, sizeof(request.data.winsreq) - 1); request.data.winsreq[sizeof(request.data.winsreq) - 1] = '\0'; @@ -548,14 +550,15 @@ static NSS_STATUS _nss_winbind_hosts_getbyaddr(nss_backend_t* be, void *args) { NSS_STATUS ret; - struct winbindd_response response; - struct winbindd_request request; + struct winbindd_request request = { + .wb_flags = WBFLAG_FROM_NSS, -- Samba Shared Repository