summaryrefslogtreecommitdiffstats
path: root/source3/sam
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-05-18 16:08:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:08 -0500
commit39c45ce4f1a0cce9dc23e6d8df3f93bb124a19a0 (patch)
tree29d57a8b855a9f98c42d7b8c4e940419c2d68639 /source3/sam
parente129dc40f71e9b10c293d8d3f923c5636597bf6f (diff)
downloadsamba-39c45ce4f1a0cce9dc23e6d8df3f93bb124a19a0.tar.gz
samba-39c45ce4f1a0cce9dc23e6d8df3f93bb124a19a0.tar.xz
samba-39c45ce4f1a0cce9dc23e6d8df3f93bb124a19a0.zip
r15697: I take no comments as no objections :)
Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
Diffstat (limited to 'source3/sam')
-rw-r--r--source3/sam/idmap_ad.c63
-rw-r--r--source3/sam/idmap_util.c14
-rw-r--r--source3/sam/nss_info.c111
3 files changed, 148 insertions, 40 deletions
diff --git a/source3/sam/idmap_ad.c b/source3/sam/idmap_ad.c
index 0803f2a7ab..5edfad487d 100644
--- a/source3/sam/idmap_ad.c
+++ b/source3/sam/idmap_ad.c
@@ -30,14 +30,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
-#ifndef ATTR_UIDNUMBER
-#define ATTR_UIDNUMBER ADS_ATTR_SFU_UIDNUMBER_OID
-#endif
-
-#ifndef ATTR_GIDNUMBER
-#define ATTR_GIDNUMBER ADS_ATTR_SFU_GIDNUMBER_OID
-#endif
-
#define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
NTSTATUS init_module(void);
@@ -48,28 +40,42 @@ static char *ad_idmap_uri = NULL;
static char *attr_uidnumber = NULL;
static char *attr_gidnumber = NULL;
-static BOOL ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
+static ADS_STATUS ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
{
+ ADS_STATUS status;
+ enum wb_posix_mapping map_type;
+
if (attr_uidnumber != NULL && attr_gidnumber != NULL) {
- return True;
+ return ADS_ERROR(LDAP_SUCCESS);
}
- if (use_nss_info("sfu")) {
-
- if (!ads_check_sfu_mapping(ads)) {
- DEBUG(0,("ad_idmap_check_attr_mapping: failed to check for SFU schema\n"));
- return False;
- }
+ SMB_ASSERT(ads->server.workgroup);
- attr_uidnumber = SMB_STRDUP(ads->schema.sfu_uidnumber_attr);
- attr_gidnumber = SMB_STRDUP(ads->schema.sfu_gidnumber_attr);
+ map_type = get_nss_info(ads->server.workgroup);
- } else {
- attr_uidnumber = SMB_STRDUP("uidNumber");
- attr_gidnumber = SMB_STRDUP("gidNumber");
+ if ((map_type == WB_POSIX_MAP_SFU) ||
+ (map_type == WB_POSIX_MAP_RFC2307)) {
+
+ status = ads_check_posix_schema_mapping(ads, map_type);
+ if (ADS_ERR_OK(status)) {
+ attr_uidnumber = SMB_STRDUP(ads->schema.posix_uidnumber_attr);
+ attr_gidnumber = SMB_STRDUP(ads->schema.posix_gidnumber_attr);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
+ return ADS_ERROR(LDAP_SUCCESS);
+ } else {
+ DEBUG(0,("ads_check_posix_schema_mapping failed: %s\n", ads_errstr(status)));
+ /* return status; */
+ }
}
+
+ /* fallback to XAD defaults */
+ attr_uidnumber = SMB_STRDUP("uidNumber");
+ attr_gidnumber = SMB_STRDUP("gidNumber");
+ ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
- return True;
+ return ADS_ERROR(LDAP_SUCCESS);
}
static ADS_STRUCT *ad_idmap_cached_connection(void)
@@ -123,7 +129,8 @@ static ADS_STRUCT *ad_idmap_cached_connection(void)
ads->is_mine = False;
- if (!ad_idmap_check_attr_mapping(ads)) {
+ status = ad_idmap_check_attr_mapping(ads);
+ if (!ADS_ERR_OK(status)) {
DEBUG(1, ("ad_idmap_init: failed to check attribute mapping\n"));
return NULL;
}
@@ -168,14 +175,14 @@ static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type)
case ID_USERID:
if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
- ATTR_UIDNUMBER, (int)unid.uid) == -1) {
+ ads->schema.posix_uidnumber_attr, (int)unid.uid) == -1) {
return NT_STATUS_NO_MEMORY;
}
break;
case ID_GROUPID:
if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
- ATTR_GIDNUMBER, (int)unid.gid) == -1) {
+ ads->schema.posix_gidnumber_attr, (int)unid.gid) == -1) {
return NT_STATUS_NO_MEMORY;
}
break;
@@ -228,7 +235,11 @@ static NTSTATUS ad_idmap_get_id_from_sid(unid_t *unid, int *id_type, const DOM_S
{
ADS_STATUS rc;
NTSTATUS status = NT_STATUS_NONE_MAPPED;
- const char *attrs[] = { "sAMAccountType", ATTR_UIDNUMBER, ATTR_GIDNUMBER, NULL };
+ const char *attrs[] = { "sAMAccountType", ADS_ATTR_SFU_UIDNUMBER_OID,
+ ADS_ATTR_SFU_GIDNUMBER_OID,
+ ADS_ATTR_RFC2307_UIDNUMBER_OID,
+ ADS_ATTR_RFC2307_GIDNUMBER_OID,
+ NULL };
void *res = NULL;
void *msg = NULL;
char *expr = NULL;
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index 7233cb48cd..f78d3bdc23 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -110,17 +110,3 @@ NTSTATUS idmap_sid_to_gid(const DOM_SID *sid, gid_t *gid, uint32 flags)
return ret;
}
-
-/* placeholder for checking lp_winbind_nss_info() */
-BOOL use_nss_info(const char *info)
-{
- int i;
- const char **list = lp_winbind_nss_info();
-
- for (i=0; list[i]; i++) {
- if (strequal(list[i], info))
- return True;
- }
-
- return False;
-}
diff --git a/source3/sam/nss_info.c b/source3/sam/nss_info.c
new file mode 100644
index 0000000000..3d0e658a35
--- /dev/null
+++ b/source3/sam/nss_info.c
@@ -0,0 +1,111 @@
+/*
+ Unix SMB/CIFS implementation.
+ nss info helpers
+ Copyright (C) Guenther Deschner 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_IDMAP
+
+/* winbind nss info = rfc2307 SO36:sfu FHAIN:rfc2307 PANKOW:template
+ *
+ * syntax is:
+ * 1st param: default setting
+ * following ":" separated list elements:
+ * DOMAIN:setting
+ * setting can be one of "sfu", "rfc2307", "template", "unixinfo"
+ */
+
+enum wb_posix_mapping get_nss_info(const char *domain_name)
+{
+ const char **list = lp_winbind_nss_info();
+ enum wb_posix_mapping map_templ = WB_POSIX_MAP_TEMPLATE;
+ int i;
+
+ DEBUG(11,("get_nss_info for %s\n", domain_name));
+
+ if (!lp_winbind_nss_info() || !*lp_winbind_nss_info()) {
+ return WB_POSIX_MAP_TEMPLATE;
+ }
+
+ if ((map_templ = wb_posix_map_type(list[0])) == -1) {
+ DEBUG(0,("get_nss_info: invalid setting: %s\n", list[0]));
+ return WB_POSIX_MAP_TEMPLATE;
+ }
+
+ DEBUG(11,("get_nss_info: using \"%s\" by default\n", list[0]));
+
+ for (i=0; list[i]; i++) {
+
+ const char *p = list[i];
+ fstring tok;
+
+ if (!next_token(&p, tok, ":", sizeof(tok))) {
+ DEBUG(0,("get_nss_info: no \":\" delimitier found\n"));
+ continue;
+ }
+
+ if (strequal(tok, domain_name)) {
+
+ enum wb_posix_mapping type;
+
+ if ((type = wb_posix_map_type(p)) == -1) {
+ DEBUG(0,("get_nss_info: invalid setting: %s\n", p));
+ /* return WB_POSIX_MAP_TEMPLATE; */
+ continue;
+ }
+
+ DEBUG(11,("get_nss_info: using \"%s\" for domain: %s\n", p, tok));
+
+ return type;
+ }
+ }
+
+ return map_templ;
+}
+
+const char *wb_posix_map_str(enum wb_posix_mapping mtype)
+{
+ switch (mtype) {
+ case WB_POSIX_MAP_TEMPLATE:
+ return "template";
+ case WB_POSIX_MAP_SFU:
+ return "sfu";
+ case WB_POSIX_MAP_RFC2307:
+ return "rfc2307";
+ case WB_POSIX_MAP_UNIXINFO:
+ return "unixinfo";
+ default:
+ break;
+ }
+ return NULL;
+}
+
+enum wb_posix_mapping wb_posix_map_type(const char *map_str)
+{
+ if (strequal(map_str, "template"))
+ return WB_POSIX_MAP_TEMPLATE;
+ else if (strequal(map_str, "sfu"))
+ return WB_POSIX_MAP_SFU;
+ else if (strequal(map_str, "rfc2307"))
+ return WB_POSIX_MAP_RFC2307;
+ else if (strequal(map_str, "unixinfo"))
+ return WB_POSIX_MAP_UNIXINFO;
+
+ return -1;
+}