2006-05-18 20:08:28 +04:00
/*
Unix SMB / CIFS implementation .
ads ( active directory ) utility library
2007-07-11 14:26:02 +04:00
Copyright ( C ) Guenther Deschner 2005 - 2007
2006-05-18 20:08:28 +04:00
Copyright ( C ) Gerald ( Jerry ) Carter 2006
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-05-18 20:08:28 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-05-18 20:08:28 +04:00
*/
# include "includes.h"
2010-07-02 02:32:52 +04:00
# include "ads.h"
2010-07-01 01:48:34 +04:00
# include "libads/ldap_schema.h"
2010-09-17 06:33:44 +04:00
# include "../libcli/ldap/ldap_ndr.h"
2006-05-18 20:08:28 +04:00
# ifdef HAVE_LDAP
2010-11-16 21:20:43 +03:00
static ADS_STATUS ads_get_attrnames_by_oids ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * schema_path ,
const char * * OIDs ,
size_t num_OIDs ,
char * * * OIDs_out , char * * * names ,
size_t * count )
2006-05-18 20:08:28 +04:00
{
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res = NULL ;
2006-05-18 20:08:28 +04:00
LDAPMessage * msg ;
char * expr = NULL ;
const char * attrs [ ] = { " lDAPDisplayName " , " attributeId " , NULL } ;
int i = 0 , p = 0 ;
if ( ! ads | | ! mem_ctx | | ! names | | ! count | | ! OIDs | | ! OIDs_out ) {
return ADS_ERROR ( LDAP_PARAM_ERROR ) ;
}
if ( num_OIDs = = 0 | | OIDs [ 0 ] = = NULL ) {
return ADS_ERROR_NT ( NT_STATUS_NONE_MAPPED ) ;
}
if ( ( expr = talloc_asprintf ( mem_ctx , " (| " ) ) = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
for ( i = 0 ; i < num_OIDs ; i + + ) {
2007-09-14 21:42:10 +04:00
if ( ( expr = talloc_asprintf_append_buffer ( expr , " (attributeId=%s) " ,
2006-05-18 20:08:28 +04:00
OIDs [ i ] ) ) = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
}
2007-09-14 21:42:10 +04:00
if ( ( expr = talloc_asprintf_append_buffer ( expr , " ) " ) ) = = NULL ) {
2006-05-18 20:08:28 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
status = ads_do_search_retry ( ads , schema_path ,
LDAP_SCOPE_SUBTREE , expr , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
* count = ads_count_replies ( ads , res ) ;
if ( * count = = 0 | | ! res ) {
status = ADS_ERROR_NT ( NT_STATUS_NONE_MAPPED ) ;
goto out ;
}
2011-06-07 05:30:12 +04:00
if ( ( ( * names ) = talloc_array ( mem_ctx , char * , * count ) ) = = NULL ) {
2006-05-18 20:08:28 +04:00
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
2011-06-07 05:30:12 +04:00
if ( ( ( * OIDs_out ) = talloc_array ( mem_ctx , char * , * count ) ) = = NULL ) {
2006-05-18 20:08:28 +04:00
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
for ( msg = ads_first_entry ( ads , res ) ; msg ! = NULL ;
msg = ads_next_entry ( ads , msg ) ) {
( * names ) [ p ] = ads_pull_string ( ads , mem_ctx , msg ,
" lDAPDisplayName " ) ;
( * OIDs_out ) [ p ] = ads_pull_string ( ads , mem_ctx , msg ,
" attributeId " ) ;
if ( ( ( * names ) [ p ] = = NULL ) | | ( ( * OIDs_out ) [ p ] = = NULL ) ) {
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
p + + ;
}
if ( * count < num_OIDs ) {
status = ADS_ERROR_NT ( STATUS_SOME_UNMAPPED ) ;
goto out ;
}
status = ADS_ERROR ( LDAP_SUCCESS ) ;
out :
ads_msgfree ( ads , res ) ;
return status ;
}
2007-07-11 14:26:02 +04:00
const char * ads_get_attrname_by_guid ( ADS_STRUCT * ads ,
const char * schema_path ,
TALLOC_CTX * mem_ctx ,
2007-07-11 17:23:56 +04:00
const struct GUID * schema_guid )
2007-07-11 14:26:02 +04:00
{
ADS_STATUS rc ;
LDAPMessage * res = NULL ;
char * expr = NULL ;
const char * attrs [ ] = { " lDAPDisplayName " , NULL } ;
const char * result = NULL ;
char * guid_bin = NULL ;
if ( ! ads | | ! mem_ctx | | ! schema_guid ) {
goto done ;
}
2010-09-17 06:33:44 +04:00
guid_bin = ldap_encode_ndr_GUID ( mem_ctx , schema_guid ) ;
2007-07-11 14:26:02 +04:00
if ( ! guid_bin ) {
goto done ;
}
expr = talloc_asprintf ( mem_ctx , " (schemaIDGUID=%s) " , guid_bin ) ;
if ( ! expr ) {
goto done ;
}
rc = ads_do_search_retry ( ads , schema_path , LDAP_SCOPE_SUBTREE ,
expr , attrs , & res ) ;
if ( ! ADS_ERR_OK ( rc ) ) {
goto done ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
goto done ;
}
result = ads_pull_string ( ads , mem_ctx , res , " lDAPDisplayName " ) ;
done :
2009-05-28 13:18:22 +04:00
TALLOC_FREE ( guid_bin ) ;
2007-07-11 14:26:02 +04:00
ads_msgfree ( ads , res ) ;
return result ;
}
2006-05-18 20:08:28 +04:00
/*********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-07-11 17:41:04 +04:00
ADS_STATUS ads_schema_path ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , char * * schema_path )
2006-05-18 20:08:28 +04:00
{
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2006-05-18 20:08:28 +04:00
const char * schema ;
const char * attrs [ ] = { " schemaNamingContext " , NULL } ;
status = ads_do_search ( ads , " " , LDAP_SCOPE_BASE , " (objectclass=*) " , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
if ( ( schema = ads_pull_string ( ads , mem_ctx , res , " schemaNamingContext " ) ) = = NULL ) {
2006-09-19 06:04:11 +04:00
ads_msgfree ( ads , res ) ;
2006-05-18 20:08:28 +04:00
return ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
}
if ( ( * schema_path = talloc_strdup ( mem_ctx , schema ) ) = = NULL ) {
2006-09-19 06:04:11 +04:00
ads_msgfree ( ads , res ) ;
2006-05-18 20:08:28 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
ads_msgfree ( ads , res ) ;
return status ;
}
/**
* Check for " Services for Unix " or rfc2307 Schema and load some attributes into the ADS_STRUCT
* @ param ads connection to ads server
* @ param enum mapping type
2006-09-14 13:44:48 +04:00
* @ return ADS_STATUS status of search ( False if one or more attributes couldn ' t be
2006-05-18 20:08:28 +04:00
* found in Active Directory )
* */
2007-01-24 04:48:08 +03:00
ADS_STATUS ads_check_posix_schema_mapping ( TALLOC_CTX * mem_ctx ,
ADS_STRUCT * ads ,
enum wb_posix_mapping map_type ,
struct posix_schema * * s )
2006-05-18 20:08:28 +04:00
{
TALLOC_CTX * ctx = NULL ;
ADS_STATUS status ;
char * * oids_out , * * names_out ;
size_t num_names ;
char * schema_path = NULL ;
int i ;
2007-01-24 04:48:08 +03:00
struct posix_schema * schema = NULL ;
2006-05-18 20:08:28 +04:00
const char * oids_sfu [ ] = { ADS_ATTR_SFU_UIDNUMBER_OID ,
ADS_ATTR_SFU_GIDNUMBER_OID ,
ADS_ATTR_SFU_HOMEDIR_OID ,
ADS_ATTR_SFU_SHELL_OID ,
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude@192.168.56.91
Password:
coffeedude@orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
2008-09-16 21:35:21 +04:00
ADS_ATTR_SFU_GECOS_OID ,
ADS_ATTR_SFU_UID_OID } ;
2006-05-18 20:08:28 +04:00
2007-06-26 13:15:37 +04:00
const char * oids_sfu20 [ ] = { ADS_ATTR_SFU20_UIDNUMBER_OID ,
ADS_ATTR_SFU20_GIDNUMBER_OID ,
ADS_ATTR_SFU20_HOMEDIR_OID ,
ADS_ATTR_SFU20_SHELL_OID ,
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude@192.168.56.91
Password:
coffeedude@orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
2008-09-16 21:35:21 +04:00
ADS_ATTR_SFU20_GECOS_OID ,
ADS_ATTR_SFU20_UID_OID } ;
2007-06-26 13:15:37 +04:00
2006-05-18 20:08:28 +04:00
const char * oids_rfc2307 [ ] = { ADS_ATTR_RFC2307_UIDNUMBER_OID ,
ADS_ATTR_RFC2307_GIDNUMBER_OID ,
ADS_ATTR_RFC2307_HOMEDIR_OID ,
ADS_ATTR_RFC2307_SHELL_OID ,
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude@192.168.56.91
Password:
coffeedude@orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
2008-09-16 21:35:21 +04:00
ADS_ATTR_RFC2307_GECOS_OID ,
ADS_ATTR_RFC2307_UID_OID } ;
2006-05-18 20:08:28 +04:00
2007-06-26 13:15:37 +04:00
DEBUG ( 10 , ( " ads_check_posix_schema_mapping for schema mode: %d \n " , map_type ) ) ;
switch ( map_type ) {
case WB_POSIX_MAP_TEMPLATE :
case WB_POSIX_MAP_UNIXINFO :
DEBUG ( 10 , ( " ads_check_posix_schema_mapping: nothing to do \n " ) ) ;
return ADS_ERROR ( LDAP_SUCCESS ) ;
case WB_POSIX_MAP_SFU :
case WB_POSIX_MAP_SFU20 :
case WB_POSIX_MAP_RFC2307 :
break ;
default :
DEBUG ( 0 , ( " ads_check_posix_schema_mapping: "
" unknown enum %d \n " , map_type ) ) ;
return ADS_ERROR ( LDAP_PARAM_ERROR ) ;
}
2006-05-18 20:08:28 +04:00
2007-01-24 04:48:08 +03:00
if ( ( ctx = talloc_init ( " ads_check_posix_schema_mapping " ) ) = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
2006-05-18 20:08:28 +04:00
}
2011-06-07 05:38:41 +04:00
if ( ( schema = talloc ( mem_ctx , struct posix_schema ) ) = = NULL ) {
2007-01-24 04:48:08 +03:00
TALLOC_FREE ( ctx ) ;
2006-05-18 20:08:28 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2007-01-24 04:48:08 +03:00
2006-05-18 20:08:28 +04:00
status = ads_schema_path ( ads , ctx , & schema_path ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 3 , ( " ads_check_posix_mapping: Unable to retrieve schema DN! \n " ) ) ;
goto done ;
}
2007-06-26 13:15:37 +04:00
switch ( map_type ) {
case WB_POSIX_MAP_SFU :
status = ads_get_attrnames_by_oids ( ads , ctx , schema_path , oids_sfu ,
ARRAY_SIZE ( oids_sfu ) ,
& oids_out , & names_out , & num_names ) ;
break ;
case WB_POSIX_MAP_SFU20 :
status = ads_get_attrnames_by_oids ( ads , ctx , schema_path , oids_sfu20 ,
ARRAY_SIZE ( oids_sfu20 ) ,
& oids_out , & names_out , & num_names ) ;
break ;
case WB_POSIX_MAP_RFC2307 :
status = ads_get_attrnames_by_oids ( ads , ctx , schema_path , oids_rfc2307 ,
ARRAY_SIZE ( oids_rfc2307 ) ,
& oids_out , & names_out , & num_names ) ;
break ;
default :
status = ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
break ;
2006-05-18 20:08:28 +04:00
}
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 3 , ( " ads_check_posix_schema_mapping: failed %s \n " ,
ads_errstr ( status ) ) ) ;
goto done ;
2007-01-24 04:48:08 +03:00
}
2006-05-18 20:08:28 +04:00
for ( i = 0 ; i < num_names ; i + + ) {
DEBUGADD ( 10 , ( " \t OID %s has name: %s \n " , oids_out [ i ] , names_out [ i ] ) ) ;
if ( strequal ( ADS_ATTR_RFC2307_UIDNUMBER_OID , oids_out [ i ] ) | |
2007-06-26 13:15:37 +04:00
strequal ( ADS_ATTR_SFU_UIDNUMBER_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_UIDNUMBER_OID , oids_out [ i ] ) ) {
2007-01-24 04:48:08 +03:00
schema - > posix_uidnumber_attr = talloc_strdup ( schema , names_out [ i ] ) ;
continue ;
2006-05-18 20:08:28 +04:00
}
2007-01-24 04:48:08 +03:00
2006-05-18 20:08:28 +04:00
if ( strequal ( ADS_ATTR_RFC2307_GIDNUMBER_OID , oids_out [ i ] ) | |
2007-06-26 13:15:37 +04:00
strequal ( ADS_ATTR_SFU_GIDNUMBER_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_GIDNUMBER_OID , oids_out [ i ] ) ) {
2007-01-24 04:48:08 +03:00
schema - > posix_gidnumber_attr = talloc_strdup ( schema , names_out [ i ] ) ;
continue ;
2006-05-18 20:08:28 +04:00
}
2007-01-24 04:48:08 +03:00
2006-05-18 20:08:28 +04:00
if ( strequal ( ADS_ATTR_RFC2307_HOMEDIR_OID , oids_out [ i ] ) | |
2007-06-26 13:15:37 +04:00
strequal ( ADS_ATTR_SFU_HOMEDIR_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_HOMEDIR_OID , oids_out [ i ] ) ) {
2007-01-24 04:48:08 +03:00
schema - > posix_homedir_attr = talloc_strdup ( schema , names_out [ i ] ) ;
continue ;
2006-05-18 20:08:28 +04:00
}
2007-01-24 04:48:08 +03:00
2006-05-18 20:08:28 +04:00
if ( strequal ( ADS_ATTR_RFC2307_SHELL_OID , oids_out [ i ] ) | |
2007-06-26 13:15:37 +04:00
strequal ( ADS_ATTR_SFU_SHELL_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_SHELL_OID , oids_out [ i ] ) ) {
2007-01-24 04:48:08 +03:00
schema - > posix_shell_attr = talloc_strdup ( schema , names_out [ i ] ) ;
continue ;
2006-05-18 20:08:28 +04:00
}
2007-01-24 04:48:08 +03:00
2006-05-18 20:08:28 +04:00
if ( strequal ( ADS_ATTR_RFC2307_GECOS_OID , oids_out [ i ] ) | |
2007-06-26 13:15:37 +04:00
strequal ( ADS_ATTR_SFU_GECOS_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_GECOS_OID , oids_out [ i ] ) ) {
2007-01-24 04:48:08 +03:00
schema - > posix_gecos_attr = talloc_strdup ( schema , names_out [ i ] ) ;
2006-05-18 20:08:28 +04:00
}
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude@192.168.56.91
Password:
coffeedude@orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
2008-09-16 21:35:21 +04:00
if ( strequal ( ADS_ATTR_RFC2307_UID_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU_UID_OID , oids_out [ i ] ) | |
strequal ( ADS_ATTR_SFU20_UID_OID , oids_out [ i ] ) ) {
schema - > posix_uid_attr = talloc_strdup ( schema , names_out [ i ] ) ;
}
2006-05-18 20:08:28 +04:00
}
2007-01-24 04:48:08 +03:00
if ( ! schema - > posix_uidnumber_attr | |
! schema - > posix_gidnumber_attr | |
! schema - > posix_homedir_attr | |
! schema - > posix_shell_attr | |
! schema - > posix_gecos_attr ) {
2006-05-31 14:32:12 +04:00
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
2007-01-24 04:48:08 +03:00
TALLOC_FREE ( schema ) ;
2006-05-31 14:32:12 +04:00
goto done ;
}
2007-01-24 04:48:08 +03:00
* s = schema ;
2006-05-18 20:08:28 +04:00
status = ADS_ERROR ( LDAP_SUCCESS ) ;
done :
2007-06-26 13:15:37 +04:00
TALLOC_FREE ( ctx ) ;
2006-05-18 20:08:28 +04:00
return status ;
}
# endif