/*
Unix SMB/CIFS implementation.
- Winbind authentication mechnism, customized for onefs
+ Winbind client authentication mechanism designed to defer all
+ authentication to the winbind daemon.
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Bartlett 2001 - 2002
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/* This auth module is very similar to auth_winbind with 3 distinct
+ * differences.
+ *
+ * 1) Does not fallback to another auth module if winbindd is unavailable
+ * 2) Does not validate the domain of the user
+ * 3) Handles unencrypted passwords
+ *
+ * The purpose of this module is to defer all authentication decisions (ie:
+ * local user vs NIS vs LDAP vs AD; encrypted vs plaintext) to the wbc
+ * compatible daemon. This centeralizes all authentication decisions to a
+ * single provider.
+ *
+ * This auth backend is most useful when used in conjunction with pdb_wbc_sam.
+ */
+
#include "includes.h"
#undef DBGC_CLASS
/* Authenticate a user with a challenge/response */
-static NTSTATUS check_onefs_wb_security(const struct auth_context *auth_context,
+static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
const auth_usersupplied_info *user_info,
}
/* module initialisation */
-static NTSTATUS auth_init_onefs_wb(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
+static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
return NT_STATUS_NO_MEMORY;
}
- (*auth_method)->name = "onefs_wb";
- (*auth_method)->auth = check_onefs_wb_security;
+ (*auth_method)->name = "wbc";
+ (*auth_method)->auth = check_wbc_security;
return NT_STATUS_OK;
}
-NTSTATUS auth_onefs_wb_init(void)
+NTSTATUS auth_wbc_init(void)
{
- return smb_register_auth(AUTH_INTERFACE_VERSION, "onefs_wb", auth_init_onefs_wb);
+ return smb_register_auth(AUTH_INTERFACE_VERSION, "wbc", auth_init_wbc);
}
dnl Add modules that have to be built by default here
dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss2 rpc_eventlog auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template"
+default_static_modules="pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss2 rpc_eventlog auth_sam auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer"
if test x"$samba_cv_HAVE_ONEFS" = x"yes"; then
AC_DEFINE(HAVE_ONEFS,1,[Whether building on Isilon OneFS])
default_shared_modules="$default_shared_modules vfs_onefs vfs_onefs_shadow_copy perfcount_onefs"
- default_static_modules="$default_static_modules auth_onefs_wb pdb_onefs_sam"
+ default_static_modules="$default_static_modules"
ONEFS_LIBS="-lisi_acl -lisi_ecs -lisi_event -lisi_util"
# Need to also add general libs for oplocks support
save_LIBS="$save_LIBS -lisi_ecs -lisi_event -lisi_util -ldevstat"
[ PASSDB_LIBS="$PASSDB_LIBS $LDAP_LIBS" ] )
SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB)
SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
-SMB_MODULE(pdb_onefs_sam, passdb/pdb_onefs_sam.o, "bin/onefs_sam.$SHLIBEXT", PDB)
+SMB_MODULE(pdb_wbc_sam, passdb/pdb_wbc_sam.o, "bin/wbc_sam.$SHLIBEXT", PDB)
SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o)
SMB_MODULE(auth_sam, \$(AUTH_SAM_OBJ), "bin/sam.$SHLIBEXT", AUTH)
SMB_MODULE(auth_unix, \$(AUTH_UNIX_OBJ), "bin/unix.$SHLIBEXT", AUTH)
SMB_MODULE(auth_winbind, \$(AUTH_WINBIND_OBJ), "bin/winbind.$SHLIBEXT", AUTH)
-SMB_MODULE(auth_onefs_wb, \$(AUTH_ONEFS_WB_OBJ), "bin/onefs_wb.$SHLIBEXT", AUTH)
+SMB_MODULE(auth_wbc, \$(AUTH_WBC_OBJ), "bin/wbc.$SHLIBEXT", AUTH)
SMB_MODULE(auth_server, \$(AUTH_SERVER_OBJ), "bin/smbserver.$SHLIBEXT", AUTH)
SMB_MODULE(auth_domain, \$(AUTH_DOMAIN_OBJ), "bin/domain.$SHLIBEXT", AUTH)
SMB_MODULE(auth_builtin, \$(AUTH_BUILTIN_OBJ), "bin/builtin.$SHLIBEXT", AUTH)
/*
Unix SMB/CIFS implementation.
- Password and authentication handling for wbclient
+
+ Password and authentication handling by wbclient
+
Copyright (C) Andrew Bartlett 2002
Copyright (C) Jelmer Vernooij 2002
Copyright (C) Simo Sorce 2003
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/* This passdb module retrieves full passdb information for local users and
+ * groups from a wbclient compatible daemon.
+ *
+ * The purpose of this module is to defer all SAM authorization information
+ * storage and retrieval to a wbc compatible daemon.
+ *
+ * This passdb backend is most useful when used in conjunction with auth_wbc.
+ *
+ * A few current limitations of this module are:
+ * - read only interface
+ * - no privileges
+ */
+
#include "includes.h"
/***************************************************************************
Default implementations of some functions.
****************************************************************************/
-static NTSTATUS _pdb_onefs_sam_getsampw(struct pdb_methods *methods,
+static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
struct samu *user,
const struct passwd *pwd)
{
return result;
}
-static NTSTATUS pdb_onefs_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
+static NTSTATUS pdb_wbc_sam_getsampwnam(struct pdb_methods *methods, struct samu *user, const char *sname)
{
- return _pdb_onefs_sam_getsampw(methods, user, winbind_getpwnam(sname));
+ return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwnam(sname));
}
-static NTSTATUS pdb_onefs_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID *sid)
+static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID *sid)
{
- return _pdb_onefs_sam_getsampw(methods, user, winbind_getpwsid(sid));
+ return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid));
}
-static bool pdb_onefs_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
+static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
DOM_SID *sid)
{
return winbind_uid_to_sid(sid, uid);
}
-static bool pdb_onefs_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
+static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
DOM_SID *sid)
{
return winbind_gid_to_sid(sid, gid);
}
-static bool pdb_onefs_sam_sid_to_id(struct pdb_methods *methods,
+static bool pdb_wbc_sam_sid_to_id(struct pdb_methods *methods,
const DOM_SID *sid,
union unid_t *id, enum lsa_SidType *type)
{
return true;
}
-static NTSTATUS pdb_onefs_sam_enum_group_members(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
const DOM_SID *group,
uint32 **pp_member_rids,
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_onefs_sam_enum_group_memberships(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_enum_group_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
struct samu *user,
DOM_SID **pp_sids,
return NT_STATUS_OK;
}
-static NTSTATUS pdb_onefs_sam_lookup_rids(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods,
const DOM_SID *domain_sid,
int num_rids,
uint32 *rids,
return result;
}
-static NTSTATUS pdb_onefs_sam_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
{
return NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS pdb_onefs_sam_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
+static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
{
return NT_STATUS_UNSUCCESSFUL;
}
-static bool pdb_onefs_sam_search_groups(struct pdb_methods *methods,
+static bool pdb_wbc_sam_search_groups(struct pdb_methods *methods,
struct pdb_search *search)
{
return false;
}
-static bool pdb_onefs_sam_search_aliases(struct pdb_methods *methods,
+static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods,
struct pdb_search *search,
const DOM_SID *sid)
{
return false;
}
-static bool pdb_onefs_sam_get_trusteddom_pw(struct pdb_methods *methods,
+static bool pdb_wbc_sam_get_trusteddom_pw(struct pdb_methods *methods,
const char *domain,
char **pwd,
DOM_SID *sid,
}
-static bool pdb_onefs_sam_set_trusteddom_pw(struct pdb_methods *methods,
+static bool pdb_wbc_sam_set_trusteddom_pw(struct pdb_methods *methods,
const char *domain,
const char *pwd,
const DOM_SID *sid)
return false;
}
-static bool pdb_onefs_sam_del_trusteddom_pw(struct pdb_methods *methods,
+static bool pdb_wbc_sam_del_trusteddom_pw(struct pdb_methods *methods,
const char *domain)
{
return false;
}
-static NTSTATUS pdb_onefs_sam_enum_trusteddoms(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
struct trustdom_info ***domains)
return true;
}
-static NTSTATUS pdb_onefs_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid)
{
NTSTATUS result = NT_STATUS_OK;
return result;
}
-static NTSTATUS pdb_onefs_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid)
{
NTSTATUS result = NT_STATUS_OK;
return result;
}
-static NTSTATUS pdb_onefs_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
const char *name)
{
NTSTATUS result = NT_STATUS_OK;
return result;
}
-static NTSTATUS pdb_onefs_sam_enum_group_mapping(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
const DOM_SID *sid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap, size_t *p_num_entries,
bool unix_only)
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_onefs_sam_get_aliasinfo(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods,
const DOM_SID *sid,
struct acct_info *info)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_onefs_sam_enum_aliasmem(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods,
const DOM_SID *alias, DOM_SID **pp_members,
size_t *p_num_members)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS pdb_onefs_sam_alias_memberships(struct pdb_methods *methods,
+static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
const DOM_SID *members,
return NT_STATUS_OK;
}
-static NTSTATUS pdb_init_onefs_sam(struct pdb_methods **pdb_method, const char *location)
+static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *location)
{
NTSTATUS result;
return result;
}
- (*pdb_method)->name = "onefs_sam";
-
- (*pdb_method)->getsampwnam = pdb_onefs_sam_getsampwnam;
- (*pdb_method)->getsampwsid = pdb_onefs_sam_getsampwsid;
-
- (*pdb_method)->getgrsid = pdb_onefs_sam_getgrsid;
- (*pdb_method)->getgrgid = pdb_onefs_sam_getgrgid;
- (*pdb_method)->getgrnam = pdb_onefs_sam_getgrnam;
- (*pdb_method)->enum_group_mapping = pdb_onefs_sam_enum_group_mapping;
- (*pdb_method)->enum_group_members = pdb_onefs_sam_enum_group_members;
- (*pdb_method)->enum_group_memberships = pdb_onefs_sam_enum_group_memberships;
- (*pdb_method)->get_aliasinfo = pdb_onefs_sam_get_aliasinfo;
- (*pdb_method)->enum_aliasmem = pdb_onefs_sam_enum_aliasmem;
- (*pdb_method)->enum_alias_memberships = pdb_onefs_sam_alias_memberships;
- (*pdb_method)->lookup_rids = pdb_onefs_sam_lookup_rids;
- (*pdb_method)->get_account_policy = pdb_onefs_sam_get_account_policy;
- (*pdb_method)->set_account_policy = pdb_onefs_sam_set_account_policy;
- (*pdb_method)->uid_to_sid = pdb_onefs_sam_uid_to_sid;
- (*pdb_method)->gid_to_sid = pdb_onefs_sam_gid_to_sid;
- (*pdb_method)->sid_to_id = pdb_onefs_sam_sid_to_id;
-
- (*pdb_method)->search_groups = pdb_onefs_sam_search_groups;
- (*pdb_method)->search_aliases = pdb_onefs_sam_search_aliases;
-
- (*pdb_method)->get_trusteddom_pw = pdb_onefs_sam_get_trusteddom_pw;
- (*pdb_method)->set_trusteddom_pw = pdb_onefs_sam_set_trusteddom_pw;
- (*pdb_method)->del_trusteddom_pw = pdb_onefs_sam_del_trusteddom_pw;
- (*pdb_method)->enum_trusteddoms = pdb_onefs_sam_enum_trusteddoms;
+ (*pdb_method)->name = "wbc_sam";
+
+ (*pdb_method)->getsampwnam = pdb_wbc_sam_getsampwnam;
+ (*pdb_method)->getsampwsid = pdb_wbc_sam_getsampwsid;
+
+ (*pdb_method)->getgrsid = pdb_wbc_sam_getgrsid;
+ (*pdb_method)->getgrgid = pdb_wbc_sam_getgrgid;
+ (*pdb_method)->getgrnam = pdb_wbc_sam_getgrnam;
+ (*pdb_method)->enum_group_mapping = pdb_wbc_sam_enum_group_mapping;
+ (*pdb_method)->enum_group_members = pdb_wbc_sam_enum_group_members;
+ (*pdb_method)->enum_group_memberships = pdb_wbc_sam_enum_group_memberships;
+ (*pdb_method)->get_aliasinfo = pdb_wbc_sam_get_aliasinfo;
+ (*pdb_method)->enum_aliasmem = pdb_wbc_sam_enum_aliasmem;
+ (*pdb_method)->enum_alias_memberships = pdb_wbc_sam_alias_memberships;
+ (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids;
+ (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy;
+ (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy;
+ (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid;
+ (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid;
+ (*pdb_method)->sid_to_id = pdb_wbc_sam_sid_to_id;
+
+ (*pdb_method)->search_groups = pdb_wbc_sam_search_groups;
+ (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases;
+
+ (*pdb_method)->get_trusteddom_pw = pdb_wbc_sam_get_trusteddom_pw;
+ (*pdb_method)->set_trusteddom_pw = pdb_wbc_sam_set_trusteddom_pw;
+ (*pdb_method)->del_trusteddom_pw = pdb_wbc_sam_del_trusteddom_pw;
+ (*pdb_method)->enum_trusteddoms = pdb_wbc_sam_enum_trusteddoms;
(*pdb_method)->private_data = NULL;
(*pdb_method)->free_private_data = NULL;
return NT_STATUS_OK;
}
-NTSTATUS pdb_onefs_sam_init(void)
+NTSTATUS pdb_wbc_sam_init(void)
{
- return smb_register_passdb(PASSDB_INTERFACE_VERSION, "onefs_sam", pdb_init_onefs_sam);
+ return smb_register_passdb(PASSDB_INTERFACE_VERSION, "wbc_sam", pdb_init_wbc_sam);
}