summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-05-31 02:23:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:57:01 -0500
commit318c3db4cb1c85be40b2f812f781bcf5f1da5c19 (patch)
treef21ea0396024859b95fc35186257e751b2596c78
parentb01026674fddb4179a7f002c13f5e341eaaa0a1c (diff)
downloadsamba-318c3db4cb1c85be40b2f812f781bcf5f1da5c19.tar.gz
samba-318c3db4cb1c85be40b2f812f781bcf5f1da5c19.tar.xz
samba-318c3db4cb1c85be40b2f812f781bcf5f1da5c19.zip
r7130: remove 'winbind enable local accounts' code from the 3.0 tree
-rw-r--r--source/Makefile.in3
-rw-r--r--source/auth/auth_util.c32
-rw-r--r--source/groupdb/mapping.c38
-rw-r--r--source/nsswitch/wb_client.c299
-rw-r--r--source/nsswitch/wbinfo.c211
-rw-r--r--source/nsswitch/winbindd.c9
-rw-r--r--source/nsswitch/winbindd_acct.c1223
-rw-r--r--source/nsswitch/winbindd_group.c66
-rw-r--r--source/nsswitch/winbindd_user.c21
-rw-r--r--source/param/loadparm.c4
-rw-r--r--source/rpc_server/srv_samr_nt.c20
-rw-r--r--source/utils/net_rpc_samsync.c8
12 files changed, 6 insertions, 1928 deletions
diff --git a/source/Makefile.in b/source/Makefile.in
index a0e297a1a19..f039690b05a 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -661,8 +661,7 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd_rpc.o \
nsswitch/winbindd_ads.o \
nsswitch/winbindd_passdb.o \
- nsswitch/winbindd_dual.o \
- nsswitch/winbindd_acct.o
+ nsswitch/winbindd_dual.o
WINBINDD_OBJ = \
$(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 30933c6c938..79205f1206d 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -51,34 +51,6 @@ static int smb_create_user(const char *domain, const char *unix_username, const
}
/****************************************************************************
- Add and Delete UNIX users on demand, based on NTSTATUS codes.
- We don't care about RID's here so ignore.
-****************************************************************************/
-
-void auth_add_user_script(const char *domain, const char *username)
-{
- /*
- * User validated ok against Domain controller.
- * If the admin wants us to try and create a UNIX
- * user on the fly, do so.
- */
-
- if ( *lp_adduser_script() )
- smb_create_user(domain, username, NULL);
- else {
- DEBUG(10,("auth_add_user_script: no 'add user script'. Asking winbindd\n"));
-
- /* should never get here is we a re a domain member running winbindd
- However, a host set for 'security = server' might run winbindd for
- account allocation */
-
- if ( !winbind_create_user(username, NULL) ) {
- DEBUG(5,("auth_add_user_script: winbindd_create_user() failed\n"));
- }
- }
-}
-
-/****************************************************************************
Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from
unix info.
****************************************************************************/
@@ -1092,7 +1064,7 @@ struct passwd *smb_getpwnam( char *domuser, fstring save_username, BOOL create )
if (username[strlen(username)-1] == '$')
return NULL;
- auth_add_user_script(NULL, username);
+ smb_create_user(NULL, username, NULL);
pw = Get_Pwnam(username);
}
@@ -1181,7 +1153,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
DEBUG(3,("User %s does not exist, trying to add it\n", internal_username));
- auth_add_user_script( nt_domain, sent_nt_username );
+ smb_create_user( nt_domain, sent_nt_username, NULL);
nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username,
&found_username, &uid, &gid, &sam_account );
}
diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c
index 7c032ef93db..a30e8eed784 100644
--- a/source/groupdb/mapping.c
+++ b/source/groupdb/mapping.c
@@ -988,12 +988,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid)
close(fd);
}
- } else if ( winbind_create_group( unix_group, NULL ) ) {
-
- DEBUG(3,("smb_create_group: winbindd created the group (%s)\n",
- unix_group));
- ret = 0;
- }
+ }
if (*new_gid == 0) {
struct group *grp = getgrnam(unix_group);
@@ -1024,12 +1019,6 @@ int smb_delete_group(char *unix_group)
return ret;
}
- if ( winbind_delete_group( unix_group ) ) {
- DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n",
- unix_group));
- return 0;
- }
-
return -1;
}
@@ -1054,15 +1043,6 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user)
return ret;
}
- /* Try winbindd */
-
- if ( winbind_set_user_primary_group( unix_user, unix_group ) ) {
- DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n",
- unix_group, unix_user));
- flush_pwnam_cache();
- return 0;
- }
-
return -1;
}
@@ -1086,14 +1066,6 @@ int smb_add_user_group(char *unix_group, char *unix_user)
return ret;
}
- /* Try winbindd */
-
- if ( winbind_add_user_to_group( unix_user, unix_group ) ) {
- DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n",
- unix_user, unix_group));
- return -1;
- }
-
return -1;
}
@@ -1117,14 +1089,6 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user)
return ret;
}
- /* Try winbindd */
-
- if ( winbind_remove_user_from_group( unix_user, unix_group ) ) {
- DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n",
- unix_user, unix_group));
- return 0;
- }
-
return -1;
}
diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c
index 5e08c0853e1..6b184b568b0 100644
--- a/source/nsswitch/wb_client.c
+++ b/source/nsswitch/wb_client.c
@@ -394,303 +394,4 @@ BOOL winbind_ping( void )
return result == NSS_STATUS_SUCCESS;
}
-/**********************************************************************
- Ask winbindd to create a local user
-**********************************************************************/
-
-BOOL winbind_create_user( const char *name, uint32 *rid )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !name )
- return False;
-
- DEBUG(10,("winbind_create_user: %s\n", name));
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* see if the caller wants a new RID returned */
-
- if ( rid )
- request.flags = WBFLAG_ALLOCATE_RID;
-
- fstrcpy( request.data.acct_mgt.username, name );
- fstrcpy( request.data.acct_mgt.groupname, "" );
-
- result = winbindd_request( WINBINDD_CREATE_USER, &request, &response);
-
- if ( rid )
- *rid = response.data.rid;
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/**********************************************************************
- Ask winbindd to create a local group
-**********************************************************************/
-
-BOOL winbind_create_group( const char *name, uint32 *rid )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !name )
- return False;
-
- DEBUG(10,("winbind_create_group: %s\n", name));
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* see if the caller wants a new RID returned */
-
- if ( rid )
- request.flags = WBFLAG_ALLOCATE_RID;
-
- fstrcpy( request.data.acct_mgt.groupname, name );
-
-
- result = winbindd_request( WINBINDD_CREATE_GROUP, &request, &response);
-
- if ( rid )
- *rid = response.data.rid;
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/**********************************************************************
- Ask winbindd to add a user to a local group
-**********************************************************************/
-
-BOOL winbind_add_user_to_group( const char *user, const char *group )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !user || !group )
- return False;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- DEBUG(10,("winbind_add_user_to_group: user(%s), group(%s) \n",
- user, group));
-
- fstrcpy( request.data.acct_mgt.username, user );
- fstrcpy( request.data.acct_mgt.groupname, group );
-
- result = winbindd_request( WINBINDD_ADD_USER_TO_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/**********************************************************************
- Ask winbindd to remove a user to a local group
-**********************************************************************/
-
-BOOL winbind_remove_user_from_group( const char *user, const char *group )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !user || !group )
- return False;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- DEBUG(10,("winbind_remove_user_from_group: user(%s), group(%s) \n",
- user, group));
-
- ZERO_STRUCT(response);
-
- fstrcpy( request.data.acct_mgt.username, user );
- fstrcpy( request.data.acct_mgt.groupname, group );
-
- result = winbindd_request( WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/**********************************************************************
- Ask winbindd to set the primary group for a user local user
-**********************************************************************/
-
-BOOL winbind_set_user_primary_group( const char *user, const char *group )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !user || !group )
- return False;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- DEBUG(10,("winbind_set_user_primary_group: user(%s), group(%s) \n",
- user, group));
-
- fstrcpy( request.data.acct_mgt.username, user );
- fstrcpy( request.data.acct_mgt.groupname, group );
-
- result = winbindd_request( WINBINDD_SET_USER_PRIMARY_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-
-/**********************************************************************
- Ask winbindd to remove a user from its lists of accounts
-**********************************************************************/
-
-BOOL winbind_delete_user( const char *user )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !user )
- return False;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- DEBUG(10,("winbind_delete_user: user (%s)\n", user));
-
- fstrcpy( request.data.acct_mgt.username, user );
-
- result = winbindd_request( WINBINDD_DELETE_USER, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/**********************************************************************
- Ask winbindd to remove a group from its lists of accounts
-**********************************************************************/
-
-BOOL winbind_delete_group( const char *group )
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- if ( !lp_winbind_enable_local_accounts() )
- return False;
-
- if ( !group )
- return False;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- DEBUG(10,("winbind_delete_group: group (%s)\n", group));
-
- fstrcpy( request.data.acct_mgt.groupname, group );
-
- result = winbindd_request( WINBINDD_DELETE_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/***********************************************************************/
-#if 0 /* not needed currently since winbindd_acct was added -- jerry */
-
-/* Call winbindd to convert SID to uid. Do not allocate */
-
-BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- int result;
- fstring sid_str;
-
- if (!puid)
- return False;
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- sid_to_string(sid_str, sid);
- fstrcpy(request.data.sid, sid_str);
-
- request.flags = WBFLAG_QUERY_ONLY;
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
-
- /* Copy out result */
-
- if (result == NSS_STATUS_SUCCESS) {
- *puid = response.data.uid;
- }
-
- return (result == NSS_STATUS_SUCCESS);
-}
-
-/* Call winbindd to convert SID to gid. Do not allocate */
-
-BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- int result;
- fstring sid_str;
-
- if (!pgid)
- return False;
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- sid_to_string(sid_str, sid);
- fstrcpy(request.data.sid, sid_str);
-
- request.flags = WBFLAG_QUERY_ONLY;
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
-
- /* Copy out result */
-
- if (result == NSS_STATUS_SUCCESS) {
- *pgid = response.data.gid;
- }
-
- return (result == NSS_STATUS_SUCCESS);
-}
-
-#endif /* JERRY */
-
-/***********************************************************************/
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c
index 69f464f446a..baa35d7cfbe 100644
--- a/source/nsswitch/wbinfo.c
+++ b/source/nsswitch/wbinfo.c
@@ -697,175 +697,6 @@ static BOOL wbinfo_klog(char *username)
return True;
}
-/******************************************************************
- create a winbindd user
-******************************************************************/
-
-static BOOL wbinfo_create_user(char *username)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- request.flags = WBFLAG_ALLOCATE_RID;
- fstrcpy(request.data.acct_mgt.username, username);
-
- result = winbindd_request(WINBINDD_CREATE_USER, &request, &response);
-
- if ( result == NSS_STATUS_SUCCESS )
- d_printf("New RID is %d\n", response.data.rid);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/******************************************************************
- remove a winbindd user
-******************************************************************/
-
-static BOOL wbinfo_delete_user(char *username)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.acct_mgt.username, username);
-
- result = winbindd_request(WINBINDD_DELETE_USER, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/******************************************************************
- create a winbindd group
-******************************************************************/
-
-static BOOL wbinfo_create_group(char *groupname)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.acct_mgt.groupname, groupname);
-
- result = winbindd_request(WINBINDD_CREATE_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/******************************************************************
- remove a winbindd group
-******************************************************************/
-
-static BOOL wbinfo_delete_group(char *groupname)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.acct_mgt.groupname, groupname);
-
- result = winbindd_request(WINBINDD_DELETE_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/******************************************************************
- parse a string in the form user:group
-******************************************************************/
-
-static BOOL parse_user_group( const char *string, fstring user, fstring group )
-{
- char *p;
-
- if ( !string )
- return False;
-
- if ( !(p = strchr( string, ':' )) )
- return False;
-
- *p = '\0';
- p++;
-
- fstrcpy( user, string );
- fstrcpy( group, p );
-
- return True;
-}
-
-/******************************************************************
- add a user to a winbindd group
-******************************************************************/
-
-static BOOL wbinfo_add_user_to_group(char *string)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if ( !parse_user_group( string, request.data.acct_mgt.username,
- request.data.acct_mgt.groupname))
- {
- d_printf("Can't parse user:group from %s\n", string);
- return False;
- }
-
- result = winbindd_request(WINBINDD_ADD_USER_TO_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
-/******************************************************************
- remove a user from a winbindd group
-******************************************************************/
-
-static BOOL wbinfo_remove_user_from_group(char *string)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- if ( !parse_user_group( string, request.data.acct_mgt.username,
- request.data.acct_mgt.groupname))
- {
- d_printf("Can't parse user:group from %s\n", string);
- return False;
- }
-
- result = winbindd_request(WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
-
- return result == NSS_STATUS_SUCCESS;
-}
-
/* Print domain users */
static BOOL print_domain_users(const char *domain)
@@ -1088,12 +919,6 @@ int main(int argc, char **argv)
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
{ "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" },
- { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
- { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
- { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
- { "delete-group", 'X', POPT_ARG_STRING, &string_arg, 'X', "Delete a local group", "name" },
- { "add-to-group", 'o', POPT_ARG_STRING, &string_arg, 'o', "Add user to group", "user:group" },
- { "del-from-group", 'O', POPT_ARG_STRING, &string_arg, 'O', "Remove user from group", "user:group" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
@@ -1279,42 +1104,6 @@ int main(int argc, char **argv)
goto done;
}
break;
- case 'c':
- if ( !wbinfo_create_user(string_arg) ) {
- d_printf("Could not create user account\n");
- goto done;
- }
- break;
- case 'C':
- if ( !wbinfo_create_group(string_arg) ) {
- d_printf("Could not create group\n");
- goto done;
- }
- break;
- case 'o':
- if ( !wbinfo_add_user_to_group(string_arg) ) {
- d_printf("Could not add user to group\n");
- goto done;
- }
- break;
- case 'O':
- if ( !wbinfo_remove_user_from_group(string_arg) ) {
- d_printf("Could not remove user from group\n");
- goto done;
- }
- break;
- case 'x':
- if ( !wbinfo_delete_user(string_arg) ) {
- d_printf("Could not delete user account\n");
- goto done;
- }
- break;
- case 'X':
- if ( !wbinfo_delete_group(string_arg) ) {
- d_printf("Could not delete group\n");
- goto done;
- }
- break;
case 'p':
if (!wbinfo_ping()) {
d_printf("could not ping winbindd!\n");
diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index 6840dd91871..81dbf327fcc 100644
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -286,15 +286,6 @@ static struct dispatch_table dispatch_table[] = {
{ WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" },
{ WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" },
- /* UNIX account management functions */
- { WINBINDD_CREATE_USER, winbindd_create_user, "CREATE_USER" },
- { WINBINDD_CREATE_GROUP, winbindd_create_group, "CREATE_GROUP" },
- { WINBINDD_ADD_USER_TO_GROUP, winbindd_add_user_to_group, "ADD_USER_TO_GROUP" },
- { WINBINDD_REMOVE_USER_FROM_GROUP, winbindd_remove_user_from_group,"REMOVE_USER_FROM_GROUP"},
- { WINBINDD_SET_USER_PRIMARY_GROUP, winbindd_set_user_primary_group,"SET_USER_PRIMARY_GROUP"},
- { WINBINDD_DELETE_USER, winbindd_delete_user, "DELETE_USER" },
- { WINBINDD_DELETE_GROUP, winbindd_delete_group, "DELETE_GROUP" },
-
/* End of list */
{ WINBINDD_NUM_CMDS, NULL, "NONE" }
diff --git a/source/nsswitch/winbindd_acct.c b/source/nsswitch/winbindd_acct.c
deleted file mode 100644
index cd0b5b7e066..00000000000
--- a/source/nsswitch/winbindd_acct.c
+++ /dev/null
@@ -1,1223 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Winbind account management functions
-
- Copyright (C) by Gerald (Jerry) Carter 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "winbindd.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
-
-#define WBKEY_PASSWD "WBA_PASSWD"
-#define WBKEY_GROUP "WBA_GROUP"
-
-#define NUM_PW_FIELDS 7
-#define NUM_GRP_FIELDS 4
-
-/* Globals */
-
-static TDB_CONTEXT *account_tdb;
-
-extern userdom_struct current_user_info;
-
-struct _check_primary_grp {
- gid_t gid;
- BOOL found;
-};
-
-/**********************************************************************
-**********************************************************************/
-
-static void free_winbindd_gr( WINBINDD_GR *grp )
-{
- int i;
-
- if ( !grp )
- return;
-
- for ( i=0; i<grp->num_gr_mem; i++ )
- SAFE_FREE( grp->gr_mem[i] );
-
- SAFE_FREE( grp->gr_mem );
-
- return;
-}
-
-/*****************************************************************************
- Initialise auto-account database.
-*****************************************************************************/
-
-static BOOL winbindd_accountdb_init(void)
-{
- /* see if we've already opened the tdb */
-
- if ( account_tdb )
- return True;
-
- /* winbindd_idmap.tdb should always be opened by the idmap_init()
- code first */
-
- if ( !(account_tdb = idmap_tdb_handle()) ) {
- DEBUG(0, ("winbindd_accountdb_init: Unable to retreive handle for database\n"));
- return False;
- }
-
- /* yeah! */
-
- return True;
-}
-
-/**********************************************************************
- Convert a string in /etc/passwd format to a struct passwd* entry
-**********************************************************************/
-
-static WINBINDD_PW* string2passwd( char *string )
-{
- static WINBINDD_PW pw;
- char *p, *str;
- char *fields[NUM_PW_FIELDS];
- int i;
-
- if ( !string )
- return NULL;
-
- ZERO_STRUCTP( &pw );
-
- DEBUG(10,("string2passwd: converting \"%s\"\n", string));
-
- ZERO_STRUCT( fields );
-
- for ( i=0, str=string; i<NUM_PW_FIELDS-1; i++ ) {
- if ( !(p = strchr( str, ':' )) ) {
- DEBUG(0,("string2passwd: parsing failure\n"));
- return NULL;
- }
- *p = '\0';
- if ( str )
- fields[i] = str;
- str = p + 1;
- }
- if ( str )
- fields[i] = str;
-
- /* copy fields */
-
- fstrcpy( pw.pw_name, fields[0] );
- fstrcpy( pw.pw_passwd, fields[1] );
- pw.pw_uid = atoi( fields[2] );
- pw.pw_gid = atoi( fields[3] );
- fstrcpy( pw.pw_gecos, fields[4] );
- fstrcpy( pw.pw_dir, fields[5] );
- fstrcpy( pw.pw_shell, fields[6] );
-
-
- /* last minute sanity checks */
-
- if ( pw.pw_uid==0 || pw.pw_gid==0 ) {
- DEBUG(0,("string2passwd: Failure! uid==%lu, gid==%lu\n",
- (unsigned long)pw.pw_uid, (unsigned long)pw.pw_gid));
- return NULL;
- }
-
- DEBUG(10,("string2passwd: Success\n"));
-
- return &pw;
-}
-
-/**********************************************************************
- Convert a struct passwd* to a string formatted for /etc/passwd
-**********************************************************************/
-
-static char* passwd2string( const WINBINDD_PW *pw )
-{
- static pstring string;
- int ret;
-
- if ( !pw || !pw->pw_name )
- return NULL;
-
- DEBUG(10,("passwd2string: converting passwd struct for %s\n",
- pw->pw_name));
-
- ret = pstr_sprintf( string, "%s:%s:%lu:%lu:%s:%s:%s",
- pw->pw_name,
- pw->pw_passwd ? pw->pw_passwd : "x",
- (unsigned long)pw->pw_uid,
- (unsigned long)pw->pw_gid,
- pw->pw_gecos,
- pw->pw_dir,
- pw->pw_shell );
-
- if ( ret < 0 ) {
- DEBUG(0,("passwd2string: pstr_sprintf() failed!\n"));
- return NULL;
- }
-
- return string;
-}
-
-/**********************************************************************
- Convert a string in /etc/group format to a struct group* entry
-**********************************************************************/
-
-static WINBINDD_GR* string2group( char *string )
-{
- static WINBINDD_GR grp;
- char *p, *str;
- char *fields[NUM_GRP_FIELDS];
- int i;
- char **gr_members = NULL;
- int num_gr_members = 0;
-
- if ( !string )
- return NULL;
-
- ZERO_STRUCTP( &grp );
-
- DEBUG(10,("string2group: converting \"%s\"\n", string));
-
- ZERO_STRUCT( fields );
-
- for ( i=0, str=string; i<NUM_GRP_FIELDS-1; i++ ) {
- if ( !(p = strchr( str, ':' )) ) {
- DEBUG(0,("string2group: parsing failure\n"));
- return NULL;
- }
- *p = '\0';
- if ( str )
- fields[i] = str;
- str = p + 1;
- }
-
- /* group members */
-
- if ( *str ) {
- /* we already know we have a non-empty string */
-
- num_gr_members = count_chars(str, ',') + 1;
-
- /* if there was at least one comma, then there
- are n+1 members */
- if ( num_gr_members ) {
- fstring buffer;
-
- gr_members = SMB_XMALLOC_ARRAY(char*, num_gr_members+1);
-
- i = 0;
- while ( next_token((const char **) &str, buffer, ",", sizeof(buffer)) && i<num_gr_members ) {
- gr_members[i++] = smb_xstrdup(buffer);
- }
-
- gr_members[i] = NULL;
- }
- }
-
-
- /* copy fields */
-
- fstrcpy( grp.gr_name, fields[0] );
- fstrcpy( grp.gr_passwd, fields[1] );
- grp.gr_gid = atoi( fields[2] );
-
- grp.num_gr_mem = num_gr_members;
- grp.gr_mem = gr_members;
-
- /* last minute sanity checks */
-
- if ( grp.gr_gid == 0 ) {
- DEBUG(0,("string2group: Failure! gid==%lu\n", (unsigned long)grp.gr_gid));
- SAFE_FREE( gr_members );
- return NULL;
- }
-
- DEBUG(10,("string2group: Success\n"));
-
- return &grp;
-}
-
-/**********************************************************************
- Convert a struct group* to a string formatted for /etc/group
-**********************************************************************/
-
-static char* group2string( const WINBINDD_GR *grp )
-{
- static pstring string;
- int ret;
- char *member, *gr_mem_str;
- int num_members;
- int i, size;
-
- if ( !grp || !grp->gr_name )
- return NULL;
-
- DEBUG(10,("group2string: converting passwd struct for %s\n",
- grp->gr_name));
-
- if ( grp->num_gr_mem ) {
- int idx = 0;
-
- member = grp->gr_mem[0];
- size = 0;
- num_members = 0;
-
- while ( member ) {
- size += strlen(member) + 1;
- num_members++;
- member = grp->gr_mem[num_members];
- }
-
- gr_mem_str = SMB_XMALLOC_ARRAY(char, size);
-
- for ( i=0; i<num_members; i++ ) {
- snprintf( &gr_mem_str[idx], size-idx, "%s,", grp->gr_mem[i] );
- idx += strlen(grp->gr_mem[i]) + 1;
- }
- /* add trailing NULL (also removes trailing ',' */
- gr_mem_str[size-1] = '\0';
- }
- else {
- /* no members */
- gr_mem_str = SMB_XMALLOC_ARRAY(char, sizeof(fstring));
- fstrcpy( gr_mem_str, "" );
- }
-
- ret = pstr_sprintf( string, "%s:%s:%lu:%s",
- grp->gr_name,
- grp->gr_passwd ? grp->gr_passwd : "*",
- (unsigned long)grp->gr_gid,
- gr_mem_str );
-
- SAFE_FREE( gr_mem_str );
-
- if ( ret < 0 ) {
- DEBUG(0,("group2string: pstr_sprintf() failed!\n"));
- return NULL;
- }
-
- return string;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static char* acct_userkey_byname( const char *name )
-{
- static fstring key;
-
- fstr_sprintf( key, "%s/NAME/%s", WBKEY_PASSWD, name );
-
- return key;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static char* acct_userkey_byuid( uid_t uid )
-{
- static fstring key;
-
- fstr_sprintf( key, "%s/UID/%lu", WBKEY_PASSWD, (unsigned long)uid );
-
- return key;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static char* acct_groupkey_byname( const char *name )
-{
- static fstring key;
-
- fstr_sprintf( key, "%s/NAME/%s", WBKEY_GROUP, name );
-
- return key;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static char* acct_groupkey_bygid( gid_t gid )
-{
- static fstring key;
-
- fstr_sprintf( key, "%s/GID/%lu", WBKEY_GROUP, (unsigned long)gid );
-
- return key;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-WINBINDD_PW* wb_getpwnam( const char * name )
-{
- char *keystr;
- TDB_DATA data;
- static WINBINDD_PW *pw;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_getpwnam: Failed to open winbindd account db\n"));
- return NULL;
- }
-
-
- keystr = acct_userkey_byname( name );
-
- data = tdb_fetch_bystring( account_tdb, keystr );
-
- pw = NULL;
-
- if ( data.dptr ) {
- pw = string2passwd( data.dptr );
- SAFE_FREE( data.dptr );
- }
-
- DEBUG(5,("wb_getpwnam: %s user (%s)\n",
- (pw ? "Found" : "Did not find"), name ));
-
- return pw;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-WINBINDD_PW* wb_getpwuid( const uid_t uid )
-{
- char *keystr;
- TDB_DATA data;
- static WINBINDD_PW *pw;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_getpwuid: Failed to open winbindd account db\n"));
- return NULL;
- }
-
- data = tdb_fetch_bystring( account_tdb, acct_userkey_byuid(uid) );
- if ( !data.dptr ) {
- DEBUG(4,("wb_getpwuid: failed to locate uid == %lu\n", (unsigned long)uid));
- return NULL;
- }
- keystr = acct_userkey_byname( data.dptr );
-
- SAFE_FREE( data.dptr );
-
- data = tdb_fetch_bystring( account_tdb, keystr );
-
- pw = NULL;
-
- if ( data.dptr ) {
- pw = string2passwd( data.dptr );
- SAFE_FREE( data.dptr );
- }
-
- DEBUG(5,("wb_getpwuid: %s user (uid == %lu)\n",
- (pw ? "Found" : "Did not find"), (unsigned long)uid ));
-
- return pw;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_storepwnam( const WINBINDD_PW *pw )
-{
- char *namekey, *uidkey;
- TDB_DATA data;
- char *str;
- int ret = 0;
- fstring username;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n"));
- return False;
- }
-
- namekey = acct_userkey_byname( pw->pw_name );
-
- /* lock the main entry first */
-
- if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
- DEBUG(0,("wb_storepwnam: Failed to lock %s\n", namekey));
- return False;
- }
-
- str = passwd2string( pw );
-
- data.dptr = str;
- data.dsize = strlen(str) + 1;
-
- if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) {
- DEBUG(0,("wb_storepwnam: Failed to store \"%s\"\n", str));
- ret = -1;
- goto done;
- }
-
- /* store the uid index */
-
- uidkey = acct_userkey_byuid(pw->pw_uid);
-
- fstrcpy( username, pw->pw_name );
- data.dptr = username;
- data.dsize = strlen(username) + 1;
-
- if ( (tdb_store_bystring(account_tdb, uidkey, data, TDB_REPLACE)) == -1 ) {
- DEBUG(0,("wb_storepwnam: Failed to store uid key \"%s\"\n", str));
- tdb_delete_bystring(account_tdb, namekey);
- ret = -1;
- goto done;
- }
-
- DEBUG(10,("wb_storepwnam: Success -> \"%s\"\n", str));
-
-done:
- tdb_unlock_bystring( account_tdb, namekey );
-
- return ( ret == 0 );
-}
-
-/**********************************************************************
-**********************************************************************/
-
-WINBINDD_GR* wb_getgrnam( const char * name )
-{
- char *keystr;
- TDB_DATA data;
- static WINBINDD_GR *grp;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_getgrnam: Failed to open winbindd account db\n"));
- return NULL;
- }
-
-
- keystr = acct_groupkey_byname( name );
-
- data = tdb_fetch_bystring( account_tdb, keystr );
-
- grp = NULL;
-
- if ( data.dptr ) {
- grp = string2group( data.dptr );
- SAFE_FREE( data.dptr );
- }
-
- DEBUG(5,("wb_getgrnam: %s group (%s)\n",
- (grp ? "Found" : "Did not find"), name ));
-
- return grp;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-WINBINDD_GR* wb_getgrgid( gid_t gid )
-{
- char *keystr;
- TDB_DATA data;
- static WINBINDD_GR *grp;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_getgrgid: Failed to open winbindd account db\n"));
- return NULL;
- }
-
- data = tdb_fetch_bystring( account_tdb, acct_groupkey_bygid(gid) );
- if ( !data.dptr ) {
- DEBUG(4,("wb_getgrgid: failed to locate gid == %lu\n",
- (unsigned long)gid));
- return NULL;
- }
- keystr = acct_groupkey_byname( data.dptr );
-
- SAFE_FREE( data.dptr );
-
- data = tdb_fetch_bystring( account_tdb, keystr );
-
- grp = NULL;
-
- if ( data.dptr ) {
- grp = string2group( data.dptr );
- SAFE_FREE( data.dptr );
- }
-
- DEBUG(5,("wb_getgrgid: %s group (gid == %lu)\n",
- (grp ? "Found" : "Did not find"), (unsigned long)gid ));
-
- return grp;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_storegrnam( const WINBINDD_GR *grp )
-{
- char *namekey, *gidkey;
- TDB_DATA data;
- char *str;
- int ret = 0;
- fstring groupname;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_storepwnam: Failed to open winbindd account db\n"));
- return False;
- }
-
- namekey = acct_groupkey_byname( grp->gr_name );
-
- /* lock the main entry first */
-
- if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
- DEBUG(0,("wb_storegrnam: Failed to lock %s\n", namekey));
- return False;
- }
-
- str = group2string( grp );
-
- data.dptr = str;
- data.dsize = strlen(str) + 1;
-
- if ( (tdb_store_bystring(account_tdb, namekey, data, TDB_REPLACE)) == -1 ) {
- DEBUG(0,("wb_storegrnam: Failed to store \"%s\"\n", str));
- ret = -1;
- goto done;
- }
-
- /* store the gid index */
-
- gidkey = acct_groupkey_bygid(grp->gr_gid);
-
- fstrcpy( groupname, grp->gr_name );
- data.dptr = groupname;
- data.dsize = strlen(groupname) + 1;
-
- if ( (tdb_store_bystring(account_tdb, gidkey, data, TDB_REPLACE)) == -1 ) {
- DEBUG(0,("wb_storegrnam: Failed to store gid key \"%s\"\n", str));
- tdb_delete_bystring(account_tdb, namekey);
- ret = -1;
- goto done;
- }
-
- DEBUG(10,("wb_storegrnam: Success -> \"%s\"\n", str));
-
-done:
- tdb_unlock_bystring( account_tdb, namekey );
-
- return ( ret == 0 );
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_addgrpmember( WINBINDD_GR *grp, const char *user )
-{
- int i;
- char **members;
-
- if ( !grp || !user )
- return False;
-
- for ( i=0; i<grp->num_gr_mem; i++ ) {
- if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 )
- return True;
- }
-
- /* add one new slot and keep an extra for the terminating NULL */
- members = SMB_REALLOC_ARRAY( grp->gr_mem, char *, grp->num_gr_mem+2);
- if ( !members )
- return False;
-
- grp->gr_mem = members;
- grp->gr_mem[grp->num_gr_mem++] = smb_xstrdup(user);
- grp->gr_mem[grp->num_gr_mem] = NULL;
-
- return True;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_delgrpmember( WINBINDD_GR *grp, const char *user )
-{
- int i;
- BOOL found = False;
-
- if ( !grp || !user )
- return False;
-
- for ( i=0; i<grp->num_gr_mem; i++ ) {
- if ( StrCaseCmp( grp->gr_mem[i], user ) == 0 ) {
- found = True;
- break;
- }
- }
-
- if ( !found )
- return False;
-
- /* still some remaining members */
-
- if ( grp->num_gr_mem > 1 ) {
- SAFE_FREE(grp->gr_mem[i]);
- grp->num_gr_mem--;
- grp->gr_mem[i] = grp->gr_mem[grp->num_gr_mem];
- grp->gr_mem[grp->num_gr_mem] = NULL;
- }
- else { /* last one */
- free_winbindd_gr( grp );
- grp->gr_mem = NULL;
- grp->num_gr_mem = 0;
- }
-
- return True;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static int cleangroups_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
- void *state)
-{
- int len;
- fstring key;
- char *name = (char*)state;
-
- fstr_sprintf( key, "%s/NAME", WBKEY_GROUP );
- len = strlen(key);
-
- /* if this is a group entry then, check the members */
-
- if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) {
- WINBINDD_GR *grp;
-
- if ( !(grp = string2group( dbuf.dptr )) ) {
- DEBUG(0,("cleangroups_traverse_fn: Failure to parse [%s]\n",
- dbuf.dptr));
- return 0;
- }
-
- /* just try to delete the user and rely on wb_delgrpmember()
- to tell you whether or not the group changed. This is more
- effecient than testing group membership first since the
- checks for deleting a user from a group is essentially the
- same as checking if he/she is a member */
-
- if ( wb_delgrpmember( grp, name ) ) {
- DEBUG(10,("cleanupgroups_traverse_fn: Removed user (%s) from group (%s)\n",
- name, grp->gr_name));
- wb_storegrnam( grp );
- }
-
- free_winbindd_gr( grp );
- }
-
- return 0;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_delete_user( WINBINDD_PW *pw)
-{
- char *namekey;
- char *uidkey;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_delete_user: Failed to open winbindd account db\n"));
- return False;
- }
-
- namekey = acct_userkey_byname( pw->pw_name );
-
- /* lock the main entry first */
-
- if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
- DEBUG(0,("wb_delete_user: Failed to lock %s\n", namekey));
- return False;
- }
-
- /* remove user from all groups */
-
- tdb_traverse(account_tdb, cleangroups_traverse_fn, (void *)pw->pw_name);
-
- /* remove the user */
- uidkey = acct_userkey_byuid( pw->pw_uid );
-
- tdb_delete_bystring( account_tdb, namekey );
- tdb_delete_bystring( account_tdb, uidkey );
-
- tdb_unlock_bystring( account_tdb, namekey );
-
- return True;
-}
-
-/**********************************************************************
-**********************************************************************/
-
-static int isprimarygroup_traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
- TDB_DATA dbuf, void *params)
-{
- int len;
- fstring key;
- struct _check_primary_grp *check = (struct _check_primary_grp*)params;
-
- fstr_sprintf( key, "%s/NAME", WBKEY_PASSWD );
- len = strlen(key);
-
- /* if this is a group entry then, check the members */
-
- if ( (strncmp(kbuf.dptr, key, len) == 0) && dbuf.dptr ) {
- WINBINDD_PW *pw;;
-
- if ( !(pw = string2passwd( dbuf.dptr )) ) {
- DEBUG(0,("isprimarygroup_traverse_fn: Failure to parse [%s]\n",
- dbuf.dptr));
- return 0;
- }
-
- if ( check->gid == pw->pw_gid ) {
- check->found = True;
- return 1;
- }
- }
-
- return 0;
-}
-
-
-/**********************************************************************
-**********************************************************************/
-
-static BOOL wb_delete_group( WINBINDD_GR *grp )
-{
- struct _check_primary_grp check;
- char *namekey;
- char *gidkey;
-
- if ( !account_tdb && !winbindd_accountdb_init() ) {
- DEBUG(0,("wb_delete_group: Failed to open winbindd account db\n"));
- return False;
- }
-
- /* lock the main entry first */
-
- namekey = acct_groupkey_byname( grp->gr_name );
- if ( tdb_lock_bystring(account_tdb, namekey, 0) == -1 ) {
- DEBUG(0,("wb_delete_group: Failed to lock %s\n", namekey));
- return False;
- }
-
- /* is this group the primary group for any user? If
- so deny delete */
-
- check.found = False;
- tdb_traverse(account_tdb, isprimarygroup_traverse_fn, (void *)&check);
-
- if ( check.found ) {
- DEBUG(4,("wb_delete_group: Cannot delete group (%s) since it "
- "is the primary group for some users\n", grp->gr_name));
- return False;
- }
-
- /* We're clear. Delete the group */
-
- DEBUG(5,("wb_delete_group: Removing group (%s)\n", grp->gr_name));
-
- gidkey = acct_groupkey_bygid( grp->gr_gid );
-
- tdb_delete_bystring( account_tdb, namekey );
- tdb_delete_bystring( account_tdb, gidkey );
-
- tdb_unlock_bystring( account_tdb, namekey );
-
- return True;
-}
-
-/**********************************************************************
- Create a new "UNIX" user for the system given a username
-**********************************************************************/
-
-enum winbindd_result winbindd_create_user(struct winbindd_cli_state *state)
-{
- char *user, *group;
- unid_t id;
- WINBINDD_PW pw, *pw_check;
- WINBINDD_GR *wb_grp;
- struct group *unix_grp;
- gid_t primary_gid;
- uint32 flags = state->request.flags;
- uint32 rid;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_create_user: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
- state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
-
- user = state->request.data.acct_mgt.username;
- group = state->request.data.acct_mgt.groupname;
-
- DEBUG(3, ("[%5lu]: create_user: user=>(%s), group=>(%s)\n",
- (unsigned long)state->pid, user, group));
-
- if ( (pw_check=wb_getpwnam(user)) != NULL ) {
- DEBUG(0,("winbindd_create_user: Refusing to create user that already exists (%s)\n",
- user));
- return WINBINDD_ERROR;
- }
-
-
- if ( !*group )
- group = lp_template_primary_group();
-
- /* validate the primary group
- 1) lookup in local tdb first
- 2) call getgrnam() as a last resort */
-
- if ( (wb_grp=wb_getgrnam(group)) != NULL ) {
- primary_gid = wb_grp->gr_gid;
- free_winbindd_gr( wb_grp );
- }
- else if ( (unix_grp=sys_getgrnam(group)) != NULL ) {
- primary_gid = unix_grp->gr_gid;
- }
- else {
- DEBUG(2,("winbindd_create_user: Cannot validate gid for group (%s)\n", group));
- return WINBINDD_ERROR;
- }
-
- /* get a new uid */
-
- if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_USERID)) ) {
- DEBUG(0,("winbindd_create_user: idmap_allocate_id() failed!\n"));
- return WINBINDD_ERROR;
- }
-
- /* The substitution of %U and %D in the 'template homedir' is done
- by lp_string() calling standard_sub_basic(). */
-
- fstrcpy( current_user_info.smb_name, user );
- sub_set_smb_name( user );
- fstrcpy( current_user_info.domain, get_global_sam_name() );
-
- /* fill in the passwd struct */
-
- fstrcpy( pw.pw_name, user );
- fstrcpy( pw.pw_passwd, "x" );
- fstrcpy( pw.pw_gecos, user);
- fstrcpy( pw.pw_dir, lp_template_homedir() );
- fstrcpy( pw.pw_shell, lp_template_shell() );
-
- pw.pw_uid = id.uid;
- pw.pw_gid = primary_gid;
-
- /* store the new entry */
-
- if ( !wb_storepwnam(&pw) )
- return WINBINDD_ERROR;
-
- /* do we need a new RID? */
-
- if ( flags & WBFLAG_ALLOCATE_RID ) {
- if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, USER_RID_TYPE)) ) {
- DEBUG(0,("winbindd_create_user: RID allocation failure! Cannot create user (%s)\n",
- user));
- wb_delete_user( &pw );
-
- return WINBINDD_ERROR;
- }
-
- state->response.data.rid = rid;
- }
-
- return WINBINDD_OK;
-}
-
-/**********************************************************************
- Create a new "UNIX" group for the system given a username
-**********************************************************************/
-
-enum winbindd_result winbindd_create_group(struct winbindd_cli_state *state)
-{
- char *group;
- unid_t id;
- WINBINDD_GR grp, *grp_check;
- uint32 flags = state->request.flags;
- uint32 rid;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_create_group: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
- group = state->request.data.acct_mgt.groupname;
-
- DEBUG(3, ("[%5lu]: create_group: (%s)\n", (unsigned long)state->pid, group));
-
- if ( (grp_check=wb_getgrnam(group)) != NULL ) {
- DEBUG(0,("winbindd_create_group: Refusing to create group that already exists (%s)\n",
- group));
- return WINBINDD_ERROR;
- }
-
- /* get a new gid */
-
- if ( !NT_STATUS_IS_OK(idmap_allocate_id( &id, ID_GROUPID)) ) {
- DEBUG(0,("winbindd_create_group: idmap_allocate_id() failed!\n"));
- return WINBINDD_ERROR;
- }
-
- /* fill in the group struct */
-
- fstrcpy( grp.gr_name, group );
- fstrcpy( grp.gr_passwd, "*" );
-
- grp.gr_gid = id.gid;
- grp.gr_mem = NULL; /* start with no members */
- grp.num_gr_mem = 0;
-
- if ( !wb_storegrnam(&grp) )
- return WINBINDD_ERROR;
-
- /* do we need a new RID? */
-
- if ( flags & WBFLAG_ALLOCATE_RID ) {
- if ( !NT_STATUS_IS_OK(idmap_allocate_rid(&rid, GROUP_RID_TYPE)) ) {
- DEBUG(0,("winbindd_create_group: RID allocation failure! Cannot create group (%s)\n",
- group));
- wb_delete_group( &grp );
-
- return WINBINDD_ERROR;
- }
-
- state->response.data.rid = rid;
- }
-
- return WINBINDD_OK;
-}
-
-/**********************************************************************
- Add a user to the membership for a group.
-**********************************************************************/
-
-enum winbindd_result winbindd_add_user_to_group(struct winbindd_cli_state *state)
-{
- WINBINDD_PW *pw;
- WINBINDD_GR *grp;
- char *user, *group;
- BOOL ret;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_add_user_to_group: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
- group = state->request.data.acct_mgt.groupname;
- user = state->request.data.acct_mgt.username;
-
- DEBUG(3, ("[%5lu]: add_user_to_group: add %s to %s\n", (unsigned long)state->pid,
- user, group));
-
- /* make sure it is a valid user */
-
- if ( !(pw = wb_getpwnam( user )) ) {
- DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n"));
- return WINBINDD_ERROR;
- }
-
- /* make sure it is a valid group */
-
- if ( !(grp = wb_getgrnam( group )) ) {
- DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n"));
- return WINBINDD_ERROR;
- }
-
- if ( !wb_addgrpmember( grp, user ) )
- return WINBINDD_ERROR;
-
- ret = wb_storegrnam(grp);
-
- free_winbindd_gr( grp );
-
- return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
-}
-
-/**********************************************************************
- Remove a user from the membership of a group
-**********************************************************************/
-
-enum winbindd_result winbindd_remove_user_from_group(struct winbindd_cli_state *state)
-{
- WINBINDD_GR *grp;
- char *user, *group;
- BOOL ret;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_remove_user_from_group: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
- group = state->request.data.acct_mgt.groupname;
- user = state->request.data.acct_mgt.username;
-
- DEBUG(3, ("[%5lu]: remove_user_from_group: delete %s from %s\n", (unsigned long)state->pid,
- user, group));
-
- /* don't worry about checking the username since we're removing it anyways */
-
- /* make sure it is a valid group */
-
- if ( !(grp = wb_getgrnam( group )) ) {
- DEBUG(4,("winbindd_remove_user_from_group: Cannot remove a user from a non-extistent group\n"));
- return WINBINDD_ERROR;
- }
-
- if ( !wb_delgrpmember( grp, user ) )
- return WINBINDD_ERROR;
-
- ret = wb_storegrnam(grp);
-
- free_winbindd_gr( grp );
-
- return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
-}
-
-/**********************************************************************
- Set the primary group membership of a user
-**********************************************************************/
-
-enum winbindd_result winbindd_set_user_primary_group(struct winbindd_cli_state *state)
-{
- WINBINDD_PW *pw;
- WINBINDD_GR *grp;
- char *user, *group;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_set_user_primary_group: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.groupname[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
- group = state->request.data.acct_mgt.groupname;
- user = state->request.data.acct_mgt.username;
-
- DEBUG(3, ("[%5lu]: set_user_primary_group: group %s for user %s\n",
- (unsigned long)state->pid, group, user));
-
- /* make sure it is a valid user */
-
- if ( !(pw = wb_getpwnam( user )) ) {
- DEBUG(4,("winbindd_add_user_to_group: Cannot add a non-existent user\n"));
- return WINBINDD_ERROR;
- }
-
- /* make sure it is a valid group */
-
- if ( !(grp = wb_getgrnam( group )) ) {
- DEBUG(4,("winbindd_add_user_to_group: Cannot add a user to a non-extistent group\n"));
- return WINBINDD_ERROR;
- }
-
- pw->pw_gid = grp->gr_gid;
-
- free_winbindd_gr( grp );
-
- return ( wb_storepwnam(pw) ? WINBINDD_OK : WINBINDD_ERROR );
-}
-
-/**********************************************************************
- Delete a user from the winbindd account tdb.
-**********************************************************************/
-
-enum winbindd_result winbindd_delete_user(struct winbindd_cli_state *state)
-{
- WINBINDD_PW *pw;
- char *user;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_delete_user: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.username)-1]='\0';
- user = state->request.data.acct_mgt.username;
-
- DEBUG(3, ("[%5lu]: delete_user: %s\n", (unsigned long)state->pid, user));
-
- /* make sure it is a valid user */
-
- if ( !(pw = wb_getpwnam( user )) ) {
- DEBUG(4,("winbindd_delete_user: Cannot delete a non-existent user\n"));
- return WINBINDD_ERROR;
- }
-
- return ( wb_delete_user(pw) ? WINBINDD_OK : WINBINDD_ERROR );
-}
-
-/**********************************************************************
- Delete a group from winbindd's account tdb.
-**********************************************************************/
-
-enum winbindd_result winbindd_delete_group(struct winbindd_cli_state *state)
-{
- WINBINDD_GR *grp;
- char *group;
- BOOL ret;
-
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_delete_group: non-privileged access denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* Ensure null termination */
- state->request.data.acct_mgt.username[sizeof(state->request.data.acct_mgt.groupname)-1]='\0';
- group = state->request.data.acct_mgt.groupname;
-
- DEBUG(3, ("[%5lu]: delete_group: %s\n", (unsigned long)state->pid, group));
-
- /* make sure it is a valid group */
-
- if ( !(grp = wb_getgrnam( group )) ) {
- DEBUG(4,("winbindd_delete_group: Cannot delete a non-existent group\n"));
- return WINBINDD_ERROR;
- }
-
- ret = wb_delete_group(grp);
-
- free_winbindd_gr( grp );
-
- return ( ret ? WINBINDD_OK : WINBINDD_ERROR );
-}
-
-
-
diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c
index 506ed12cbd0..c431e32cc13 100644
--- a/source/nsswitch/winbindd_group.c
+++ b/source/nsswitch/winbindd_group.c
@@ -31,34 +31,6 @@ extern BOOL opt_nocache;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-/*********************************************************************
-*********************************************************************/
-
-static int gr_mem_buffer( char **buffer, char **members, int num_members )
-{
- int i;
- int len = 0;
- int idx = 0;
-
- if ( num_members == 0 ) {
- *buffer = NULL;
- return 0;
- }
-
- for ( i=0; i<num_members; i++ )
- len += strlen(members[i])+1;
-
- *buffer = SMB_XMALLOC_ARRAY(char, len);
- for ( i=0; i<num_members; i++ ) {
- snprintf( &(*buffer)[idx], len-idx, "%s,", members[i]);
- idx += strlen(members[i])+1;
- }
- /* terminate with NULL */
- (*buffer)[len-1] = '\0';
-
- return len;
-}
-
/***************************************************************
Empty static struct for negative caching.
****************************************************************/
@@ -229,7 +201,6 @@ done:
enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
{
DOM_SID group_sid;
- WINBINDD_GR *grp;
struct winbindd_domain *domain;
enum SID_NAME_USE name_type;
fstring name_domain, name_group;
@@ -251,26 +222,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
parse_domain_user(tmp, name_domain, name_group);
- /* if no domain or our local domain, then do a local tdb search */
-
- if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) &&
- ((grp = wb_getgrnam(name_group)) != NULL) ) {
-
- char *buffer = NULL;
-
- memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) );
-
- gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem );
-
- state->response.data.gr.gr_mem_ofs = 0;
- state->response.length += gr_mem_len;
- state->response.extra_data = buffer; /* give the memory away */
-
- return WINBINDD_OK;
- }
-
- /* if no domain or our local domain and no local tdb group, default to
- * our local domain for aliases */
+ /* if no domain or our local domain, default to our local domain for aliases */
if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
fstrcpy(name_domain, get_global_sam_name());
@@ -337,7 +289,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- WINBINDD_GR *grp;
DOM_SID group_sid;
enum SID_NAME_USE name_type;
fstring dom_name;
@@ -354,21 +305,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
(state->request.data.gid > server_state.gid_high))
return WINBINDD_ERROR;
- /* alway try local tdb lookup first */
- if ( ( grp=wb_getgrgid(state->request.data.gid)) != NULL ) {
- char *buffer = NULL;
-
- memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) );
-
- gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem );
-
- state->response.data.gr.gr_mem_ofs = 0;
- state->response.length += gr_mem_len;
- state->response.extra_data = buffer; /* give away the memory */
-
- return WINBINDD_OK;
- }
-
/* Get rid from gid */
if (!NT_STATUS_IS_OK(idmap_gid_to_sid(&group_sid, state->request.data.gid))) {
DEBUG(1, ("could not convert gid %lu to rid\n",
diff --git a/source/nsswitch/winbindd_user.c b/source/nsswitch/winbindd_user.c
index e879275c632..7a9b5cf96a0 100644
--- a/source/nsswitch/winbindd_user.c
+++ b/source/nsswitch/winbindd_user.c
@@ -111,7 +111,6 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
{
WINBIND_USERINFO user_info;
- WINBINDD_PW *pw;
DOM_SID user_sid;
NTSTATUS status;
fstring name_domain, name_user;
@@ -130,18 +129,6 @@ enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state)
parse_domain_user(state->request.data.username,
name_domain, name_user);
- /* if this is our local domain (or no domain), the do a local tdb search */
-
- if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
- if ( !(pw = wb_getpwnam(name_user)) ) {
- DEBUG(5,("winbindd_getpwnam: lookup for %s\\%s failed\n",
- name_domain, name_user));
- return WINBINDD_ERROR;
- }
- memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
- return WINBINDD_OK;
- }
-
/* should we deal with users for our domain? */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
@@ -206,7 +193,6 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
{
DOM_SID user_sid;
struct winbindd_domain *domain;
- WINBINDD_PW *pw;
fstring dom_name;
fstring user_name;
enum SID_NAME_USE name_type;
@@ -224,13 +210,6 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
DEBUG(3, ("[%5lu]: getpwuid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.uid));
- /* always try local tdb first */
-
- if ( (pw = wb_getpwuid(state->request.data.uid)) != NULL ) {
- memcpy( &state->response.data.pw, pw, sizeof(WINBINDD_PW) );
- return WINBINDD_OK;
- }
-
/* Get rid from uid */
if (!NT_STATUS_IS_OK(idmap_uid_to_sid(&user_sid, state->request.data.uid))) {
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index ac6dbb4d4a0..aeca0fab437 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -173,7 +173,6 @@ typedef struct
char *szTemplateHomedir;
char *szTemplateShell;
char *szWinbindSeparator;
- BOOL bWinbindEnableLocalAccounts;
BOOL bWinbindEnumUsers;
BOOL bWinbindEnumGroups;
BOOL bWinbindUseDefaultDomain;
@@ -1222,7 +1221,6 @@ static struct parm_struct parm_table[] = {
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED},
{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, FLAG_ADVANCED},
- {"winbind enable local accounts", P_BOOL, P_GLOBAL, &Globals.bWinbindEnableLocalAccounts, NULL, NULL, FLAG_ADVANCED|FLAG_DEPRECATED},
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED},
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED},
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED},
@@ -1569,7 +1567,6 @@ static void init_globals(void)
string_set(&Globals.szEventLogOldestRecordCommand, "");
Globals.winbind_cache_time = 300; /* 5 minutes */
- Globals.bWinbindEnableLocalAccounts = False;
Globals.bWinbindEnumUsers = True;
Globals.bWinbindEnumGroups = True;
Globals.bWinbindUseDefaultDomain = False;
@@ -1757,7 +1754,6 @@ FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell)
FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat)
-FN_GLOBAL_BOOL(lp_winbind_enable_local_accounts, &Globals.bWinbindEnableLocalAccounts)
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index e4588b2e615..73ea575ec5e 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2017,14 +2017,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA
add_ret = smbrun(add_script,NULL);
DEBUG(add_ret ? 0 : 3,("_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
}
- else /* no add user script -- ask winbindd to do it */
- {
- if ( !winbind_create_user( account, &new_rid ) ) {
- DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n",
- account));
- }
- }
-
}
/* implicit call to getpwnam() next. we have a valid SID coming out of this call */
@@ -3466,18 +3458,6 @@ static int smb_delete_user(const char *unix_user)
pstring del_script;
int ret;
- /* try winbindd first since it is impossible to determine where
- a user came from via NSS. Try the delete user script if this fails
- meaning the user did not exist in winbindd's list of accounts */
-
- if ( winbind_delete_user( unix_user ) ) {
- DEBUG(3,("winbind_delete_user: removed user (%s)\n", unix_user));
- return 0;
- }
-
-
- /* fall back to 'delete user script' */
-
pstrcpy(del_script, lp_deluser_script());
if (! *del_script)
return -1;
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index fa38004fe6f..84872897fc5 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -523,13 +523,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
add_ret = smbrun(add_script,NULL);
DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' "
"gave %d\n", add_script, add_ret));
- } else {
- DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n"));
-
- /* don't need a RID allocated since the user already has a SID */
- if ( !winbind_create_user( account, NULL ) )
- DEBUG(4,("fetch_account_info: winbind_create_user() failed\n"));
- }
+ }
/* try and find the possible unix account again */
if ( !(passwd = Get_Pwnam(account)) ) {