winbind: Add a GetNssInfo parent/child call

This call will be done in the idmap child. It is not 100% the right place,
but there is no better one available to me. It will become a replacement
for the "winbind nss info" parameter: This global parameter is good
for just one domain. It might be possible to have idmap backend AD for
different domains, and the NSS info like primary gid, homedir and shell
might be done with different policies per domain. As we already have a
domain-specific idmap configuration, doing the NSS info configuration
there also is the closest way to do it.

The alternative, if we did not want to put this call into the idmap child
would be to establish an equivalent engine like the whole "idmap config
*" just for the nss info. But as I believe this is closely related,
I'll just keep it in the idmap child.

This also extends the wbint_userinfo structure with pretty much all user
related fields. The idea is that the GetNssInfo call can do whatever it
wants with it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index ec472c57ede509525fed8f903aedbddc010569ce..ab1a32e059c715e937025d7dbe56283730b4b08a 100644 (file)
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -72,11 +72,14 @@ interface winbind
        );
 
     typedef [public] struct {
+       [string,charset(UTF8)] char *domain_name;
        [string,charset(UTF8)] char *acct_name;
        [string,charset(UTF8)] char *full_name;
        [string,charset(UTF8)] char *homedir;
        [string,charset(UTF8)] char *shell;
+       hyper uid;
        hyper primary_gid;
+       [string,charset(UTF8)] char *primary_group_name;
        dom_sid user_sid;
        dom_sid group_sid;
     } wbint_userinfo;
@@ -86,6 +89,10 @@ interface winbind
        [out] wbint_userinfo *info
        );
 
+    NTSTATUS wbint_GetNssInfo(
+       [in,out] wbint_userinfo *info
+       );
+
     typedef [public] struct {
        uint32 num_sids;
        [size_is(num_sids)] dom_sid sids[];

diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 800e69421dc5d9a7549d117c6824e18733b28cb7..c379eba37005011dd0211541ca5f99f0809eeba4 100644 (file)
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -32,9 +32,13 @@
 
 #include "librpc/gen_ndr/idmap.h"
 
+struct wbint_userinfo;
+
 struct idmap_domain {
        const char *name;
        struct idmap_methods *methods;
+       NTSTATUS (*query_user)(struct idmap_domain *domain,
+                              struct wbint_userinfo *info);
        uint32_t low_id;
        uint32_t high_id;
        bool read_only;

diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 7b804183d1040fe17b133b6b010bc964e22bf9e5..cf4846d00db03e58c4fdbdc5652f91d29413c74d 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -283,6 +283,20 @@ NTSTATUS _wbint_QueryUser(struct pipes_struct *p, struct wbint_QueryUser *r)
        return status;
 }
 
+NTSTATUS _wbint_GetNssInfo(struct pipes_struct *p, struct wbint_GetNssInfo *r)
+{
+       struct idmap_domain *domain;
+       NTSTATUS status;
+
+       domain = idmap_find_domain(r->in.info->domain_name);
+       if ((domain == NULL) || (domain->query_user == NULL)) {
+               return NT_STATUS_REQUEST_NOT_ACCEPTED;
+       }
+
+       status = domain->query_user(domain, r->in.info);
+       return status;
+}
+
 NTSTATUS _wbint_LookupUserAliases(struct pipes_struct *p,
                                  struct wbint_LookupUserAliases *r)
 {