sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

* break out more common code used between pdb_ldap and idmap_ldap

Browse Source 
* remove 'winbind uid' and 'winbind gid' parameters (replaced
  by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
  idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
  (parameters are passed to idmap init() function
(This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
This commit is contained in:
Gerald Carter 2003-06-06 13:48:39 +00:00
parent 53f8d3f01a
commit 711f8d0a13
11 changed files with 388 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
source3/Makefile.in
View File

@ -279,13 +279,13 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \
passdb/privileges.o @PDB_STATIC@ $(SMBLDAP__OBJ)
passdb/privileges.o @PDB_STATIC@
XML_OBJ = passdb/pdb_xml.o
MYSQL_OBJ = passdb/pdb_mysql.o
DEVEL_HELP_OBJ = modules/weird.o
IDMAP_OBJ = sam/idmap.o sam/idmap_util.o @IDMAP_STATIC@ $(SMBLDAP_OBJ)
IDMAP_OBJ = sam/idmap.o sam/idmap_util.o @IDMAP_STATIC@
GROUPDB_OBJ = groupdb/mapping.o
@ -349,7 +349,7 @@ SMBD_OBJ_BASE = $(PARAM_OBJ) $(SMBD_OBJ_SRV) $(MSDFS_OBJ) $(LIBSMB_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) $(IDMAP_OBJ) \
$(UBIQX_OBJ) $(BUILDOPT_OBJ)
$(UBIQX_OBJ) $(BUILDOPT_OBJ) $(SMBLDAP_OBJ)
PRINTING_OBJ = printing/pcap.o printing/print_svid.o \
printing/print_cups.o printing/print_generic.o \
@ -389,7 +389,7 @@ SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(LIBSMB_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
$(POPT_LIB_OBJ) $(IDMAP_OBJ)
$(POPT_LIB_OBJ) $(IDMAP_OBJ) $(SMBLDAP_OBJ)
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@ -414,11 +414,11 @@ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
$(UBIQX_OBJ) $(LIB_OBJ) $(KRBCLIENT_OBJ) \
$(IDMAP_OBJ)
$(IDMAP_OBJ) $(SMBLDAP_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \
$(POPT_LIB_OBJ) $(IDMAP_OBJ)
$(POPT_LIB_OBJ) $(IDMAP_OBJ) $(SMBLDAP_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
@ -432,7 +432,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
$(READLINE_OBJ) $(GROUPDB_OBJ) $(KRBCLIENT_OBJ) \
$(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) \
$(IDMAP_OBJ)
$(IDMAP_OBJ) $(SMBLDAP_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
@ -460,7 +460,7 @@ LIBBIGBALLOFMUD_MAJOR = 0
LIBBIGBALLOFMUD_OBJ = $(PARAM_OBJ) $(LIB_OBJ) $(UBIQX_OBJ) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
$(GROUPDB_OBJ) $(KRBCLIENT_OBJ)
$(GROUPDB_OBJ) $(KRBCLIENT_OBJ) $(SMBLDAP_OBJ)
LIBBIGBALLOFMUD_PICOBJS = $(LIBBIGBALLOFMUD_OBJ:.o=.po)
@ -480,7 +480,7 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \
$(IDMAP_OBJ)
$(IDMAP_OBJ) $(SMBLDAP_OBJ)
CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(LIB_OBJ) $(KRBCLIENT_OBJ)
@ -559,7 +559,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \
$(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
$(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \
$(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \
$(IDMAP_OBJ) $(RPC_ECHO_OBJ)
$(IDMAP_OBJ) $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
$(LIB_OBJ) $(NSSWINS_OBJ)
@ -598,7 +598,7 @@ WINBINDD_OBJ = \
$(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
$(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) \
$(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) $(SMBLDAP_OBJ) \
$(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \

21
source3/configure.in
View File

@ -2537,27 +2537,6 @@ AC_ARG_WITH(ldapsam,
AC_MSG_RESULT(no)
)
#################################################
# check for IDMAP
AC_DEFINE(WITH_IDMAP,1, [Include IDMAP support])
AC_MSG_CHECKING(whether to use IDMAP only for [ug]id mapping)
AC_ARG_WITH(idmap,
[ --with-idmap Include experimental IDMAP support (default=yes)],
[ case "$withval" in
yes)
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_IDMAP,1,[Whether to include experimental IDMAP support])
;;
no)
AC_MSG_RESULT(no)
AC_DEFINE(WITH_IDMAP,0,[Whether to include experimental IDMAP support])
;;
esac ],
AC_MSG_RESULT(yes)
)
########################################################################################
##
## END OF TESTS FOR SAM BACKENDS.

2
source3/include/idmap.h
View File

@ -39,7 +39,7 @@
struct idmap_methods {
/* Called when backend is first loaded */
NTSTATUS (*init)(void);
NTSTATUS (*init)( char *params );
NTSTATUS (*get_sid_from_id)(DOM_SID *sid, unid_t id, int id_type);
NTSTATUS (*get_id_from_sid)(unid_t *id, int *id_type, const DOM_SID *sid);

2
source3/include/smbldap.h
View File

@ -39,6 +39,7 @@
#define LDAP_OBJ_ACCOUNT "account"
#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
#define LDAP_OBJ_POSIXGROUP "posixGroup"
#define LDAP_OBJ_OU "organizationalUnit"
/* some generic attributes that get reused a lot */
@ -81,6 +82,7 @@
#define LDAP_ATTR_HOME_DRIVE 29
#define LDAP_ATTR_GROUP_SID 30
#define LDAP_ATTR_GROUP_TYPE 31
#define LDAP_ATTR_SID 32
typedef struct _attrib_map_entry {

99
source3/lib/smbldap.c
View File

@ -74,7 +74,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = {
{ LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" },
{ LDAP_ATTR_DESC, "description" },
{ LDAP_ATTR_USER_WKS, "sambaUserWorkstations" },
{ LDAP_ATTR_USER_SID, "sambaSID" },
{ LDAP_ATTR_USER_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" },
{ LDAP_ATTR_LMPW, "sambaLMPassword" },
{ LDAP_ATTR_NTPW, "sambaNTPassword" },
@ -90,7 +90,7 @@ ATTRIB_MAP_ENTRY dominfo_attr_list[] = {
{ LDAP_ATTR_DOMAIN, "sambaDomainName" },
{ LDAP_ATTR_NEXT_USERRID, "sambaNextUserRid" },
{ LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" },
{ LDAP_ATTR_DOM_SID, "sambaSID" },
{ LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_LIST_END, NULL },
};
@ -98,7 +98,7 @@ ATTRIB_MAP_ENTRY dominfo_attr_list[] = {
ATTRIB_MAP_ENTRY groupmap_attr_list[] = {
{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
{ LDAP_ATTR_GROUP_SID, "sambaSID" },
{ LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_GROUP_TYPE, "sambaGroupType" },
{ LDAP_ATTR_DESC, "description" },
{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
@ -107,14 +107,14 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = {
};
ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = {
{ LDAP_ATTR_GROUP_SID, "sambaSID" },
{ LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_GROUP_TYPE, "sambaGroupType" },
{ LDAP_ATTR_DESC, "description" },
{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
{ LDAP_ATTR_LIST_END, NULL }
};
/* idmap_ldap samba[U|G]idPool */
/* idmap_ldap sambaUnixIdPool */
ATTRIB_MAP_ENTRY idpool_attr_list[] = {
{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
@ -123,7 +123,7 @@ ATTRIB_MAP_ENTRY idpool_attr_list[] = {
};
ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
{ LDAP_ATTR_GROUP_SID, "sambaSID" },
{ LDAP_ATTR_SID, LDAP_ATTRIBUTE_SID },
{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
{ LDAP_ATTR_LIST_END, NULL }
@ -257,3 +257,90 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
return True;
}
/************************************************************************
Routine to manage the LDAPMod structure array
manage memory used by the array, by each struct, and values
***********************************************************************/
void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
{
LDAPMod **mods;
int i;
int j;
mods = *modlist;
/* sanity checks on the mod values */
if (attribute == NULL || *attribute == '\0')
return;
#if 0 /* commented out after discussion with abartlet. Do not reenable.
left here so other so re-add similar code --jerry */
if (value == NULL || *value == '\0')
return;
#endif
if (mods == NULL)
{
mods = (LDAPMod **) malloc(sizeof(LDAPMod *));
if (mods == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[0] = NULL;
}
for (i = 0; mods[i] != NULL; ++i) {
if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute))
break;
}
if (mods[i] == NULL)
{
mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *));
if (mods == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
if (mods[i] == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[i]->mod_op = modop;
mods[i]->mod_values = NULL;
mods[i]->mod_type = strdup(attribute);
mods[i + 1] = NULL;
}
if (value != NULL)
{
char *utf8_value = NULL;
j = 0;
if (mods[i]->mod_values != NULL) {
for (; mods[i]->mod_values[j] != NULL; j++);
}
mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,
(j + 2) * sizeof (char *));
if (mods[i]->mod_values == NULL) {
DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));
return;
}
if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) {
DEBUG (0, ("make_a_mod: String conversion failure!\n"));
return;
}
mods[i]->mod_values[j] = utf8_value;
mods[i]->mod_values[j + 1] = NULL;
}
*modlist = mods;
}

138
source3/param/loadparm.c
View File

@ -223,6 +223,8 @@ typedef struct
int iLockSpinTime;
char *szLdapMachineSuffix;
char *szLdapUserSuffix;
char *szLdapIdmapSuffix;
char *szLdapGroupSuffix;
#ifdef WITH_LDAP_SAMCONFIG
int ldap_port;
char *szLdapServer;
@ -560,9 +562,8 @@ static BOOL handle_workgroup( const char *pszParmValue, char **ptr );
static BOOL handle_netbios_aliases( const char *pszParmValue, char **ptr );
static BOOL handle_netbios_scope( const char *pszParmValue, char **ptr );
static BOOL handle_ldap_machine_suffix ( const char *pszParmValue, char **ptr );
static BOOL handle_ldap_user_suffix ( const char *pszParmValue, char **ptr );
static BOOL handle_ldap_suffix ( const char *pszParmValue, char **ptr );
static BOOL handle_ldap_sub_suffix ( const char *pszParmValue, char **ptr );
static BOOL handle_acl_compatibility(const char *pszParmValue, char **ptr);
@ -1035,8 +1036,10 @@ static struct parm_struct parm_table[] = {
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
#endif
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_sub_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_sub_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, handle_ldap_sub_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, handle_ldap_sub_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED | FLAG_DEVELOPER},
@ -1119,9 +1122,7 @@ static struct parm_struct parm_table[] = {
{"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
{"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@ -1419,6 +1420,8 @@ static void init_globals(void)
string_set(&Globals.szLdapFilter, "(uid=%u)");
string_set(&Globals.szLdapMachineSuffix, "");
string_set(&Globals.szLdapUserSuffix, "");
string_set(&Globals.szLdapGroupSuffix, "");
string_set(&Globals.szLdapIdmapSuffix, "");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_ON;
@ -1643,6 +1646,8 @@ FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
FN_GLOBAL_STRING(lp_ldap_machine_suffix, &Globals.szLdapMachineSuffix)
FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)
FN_GLOBAL_STRING(lp_ldap_idmap_suffix, &Globals.szLdapIdmapSuffix)
FN_GLOBAL_STRING(lp_ldap_group_suffix, &Globals.szLdapGroupSuffix)
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
@ -2932,92 +2937,62 @@ static BOOL handle_debug_list( const char *pszParmValueIn, char **ptr )
return debug_parse_levels( pszParmValue );
}
/***************************************************************************
Handle the ldap machine suffix option.
***************************************************************************/
static BOOL handle_ldap_machine_suffix( const char *pszParmValue, char **ptr)
{
pstring suffix;
pstrcpy(suffix, pszParmValue);
if (! *Globals.szLdapSuffix ) {
string_set( ptr, suffix );
return True;
}
if (! strstr(suffix, Globals.szLdapSuffix) ) {
if ( *pszParmValue )
pstrcat(suffix, ",");
pstrcat(suffix, Globals.szLdapSuffix);
}
string_set( ptr, suffix );
return True;
}
/***************************************************************************
Handle the ldap user suffix option.
***************************************************************************/
static BOOL handle_ldap_user_suffix( const char *pszParmValue, char **ptr)
{
pstring suffix;
pstrcpy(suffix, pszParmValue);
if (! *Globals.szLdapSuffix ) {
string_set( ptr, suffix );
return True;
}
if (! strstr(suffix, Globals.szLdapSuffix) ) {
if ( *pszParmValue )
pstrcat(suffix, ",");
pstrcat(suffix, Globals.szLdapSuffix);
}
string_set( ptr, suffix );
return True;
}
/***************************************************************************
Handle setting ldap suffix and determines whether ldap machine suffix needs
to be set as well.
Set all of the sub suffix strings to be the 'ldap suffix' by default
***************************************************************************/
static BOOL handle_ldap_suffix( const char *pszParmValue, char **ptr)
static BOOL handle_ldap_suffix( const char *pszParmValue, char **ptr )
{
pstring suffix;
pstring user_suffix;
pstring machine_suffix;
pstring suffix;
pstrcpy(suffix, pszParmValue);
pstrcpy(suffix, pszParmValue);
if (! *Globals.szLdapMachineSuffix )
string_set(&Globals.szLdapMachineSuffix, suffix);
if (! *Globals.szLdapUserSuffix )
string_set(&Globals.szLdapUserSuffix, suffix);
if (! strstr(Globals.szLdapMachineSuffix, suffix)) {
pstrcpy(machine_suffix, Globals.szLdapMachineSuffix);
if ( *Globals.szLdapMachineSuffix )
pstrcat(machine_suffix, ",");
pstrcat(machine_suffix, suffix);
string_set(&Globals.szLdapMachineSuffix, machine_suffix);
}
/* set defaults for the the sub-suffixes */
if (! *Globals.szLdapMachineSuffix )
string_set(&Globals.szLdapMachineSuffix, suffix);
if (! *Globals.szLdapUserSuffix )
string_set(&Globals.szLdapUserSuffix, suffix);
if (! *Globals.szLdapGroupSuffix )
string_set(&Globals.szLdapGroupSuffix, suffix);
if (! *Globals.szLdapIdmapSuffix )
string_set(&Globals.szLdapIdmapSuffix, suffix);
if (! strstr(Globals.szLdapUserSuffix, suffix)) {
pstrcpy(user_suffix, Globals.szLdapUserSuffix);
if ( *Globals.szLdapUserSuffix )
pstrcat(user_suffix, ",");
pstrcat(user_suffix, suffix);
string_set(&Globals.szLdapUserSuffix, user_suffix);
}
string_set(ptr, suffix);
return True;
string_set(ptr, suffix);
return True;
}
/***************************************************************************
Handle the ldap sub suffix option.
Always append the 'ldap suffix' if it is set
***************************************************************************/
static BOOL handle_ldap_sub_suffix( const char *pszParmValue, char **ptr)
{
pstring suffix;
pstrcpy(suffix, pszParmValue);
if (! *Globals.szLdapSuffix ) {
string_set( ptr, suffix );
return True;
}
else {
if ( *pszParmValue )
pstrcat(suffix, ",");
pstrcat(suffix, Globals.szLdapSuffix);
}
string_set( ptr, suffix );
return True;
}
/***************************************************************************
***************************************************************************/
static BOOL handle_acl_compatibility(const char *pszParmValue, char **ptr)
{
if (strequal(pszParmValue, "auto"))
@ -3031,6 +3006,7 @@ static BOOL handle_acl_compatibility(const char *pszParmValue, char **ptr)
return True;
}
/***************************************************************************
Initialise a copymap.
***************************************************************************/

164
source3/passdb/pdb_ldap.c
View File

@ -818,93 +818,6 @@ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
return True;
}
/************************************************************************
Routine to manage the LDAPMod structure array
manage memory used by the array, by each struct, and values
************************************************************************/
static void make_a_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
{
LDAPMod **mods;
int i;
int j;
mods = *modlist;
/* sanity checks on the mod values */
if (attribute == NULL || *attribute == '\0')
return;
#if 0 /* commented out after discussion with abartlet. Do not reenable.
left here so other so re-add similar code --jerry */
if (value == NULL || *value == '\0')
return;
#endif
if (mods == NULL)
{
mods = (LDAPMod **) malloc(sizeof(LDAPMod *));
if (mods == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[0] = NULL;
}
for (i = 0; mods[i] != NULL; ++i) {
if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute))
break;
}
if (mods[i] == NULL)
{
mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *));
if (mods == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
if (mods[i] == NULL)
{
DEBUG(0, ("make_a_mod: out of memory!\n"));
return;
}
mods[i]->mod_op = modop;
mods[i]->mod_values = NULL;
mods[i]->mod_type = strdup(attribute);
mods[i + 1] = NULL;
}
if (value != NULL)
{
char *utf8_value = NULL;
j = 0;
if (mods[i]->mod_values != NULL) {
for (; mods[i]->mod_values[j] != NULL; j++);
}
mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,
(j + 2) * sizeof (char *));
if (mods[i]->mod_values == NULL) {
DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));
return;
}
if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) {
DEBUG (0, ("make_a_mod: String conversion failure!\n"));
return;
}
mods[i]->mod_values[j] = utf8_value;
mods[i]->mod_values[j + 1] = NULL;
}
*modlist = mods;
}
/**********************************************************************
Set attribute to newval in LDAP, regardless of what value the
attribute had in LDAP before.
@ -938,7 +851,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
the old value, should it exist. */
if ((newval != NULL) && (strlen(newval) > 0)) {
make_a_mod(mods, LDAP_MOD_ADD, attribute, newval);
ldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
}
if (values == NULL) {
@ -953,7 +866,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
deny the complete operation if somebody changed the
attribute behind our back. */
make_a_mod(mods, LDAP_MOD_DELETE, attribute, values[0]);
ldap_set_mod(mods, LDAP_MOD_DELETE, attribute, values[0]);
ldap_value_free(values);
}
@ -1009,7 +922,7 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
{
if (StrCaseCmp(*attrib, name) == 0) {
DEBUG(10, ("deleting attribute %s\n", name));
make_a_mod(&mods, LDAP_MOD_DELETE, name, NULL);
ldap_set_mod(&mods, LDAP_MOD_DELETE, name, NULL);
}
}
@ -1020,10 +933,10 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
ber_free(ptr, 0);
}
make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
ldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
rc = ldapsam_modify(ldap_state, dn, mods);
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
@ -1209,12 +1122,11 @@ static uint32 search_next_allocated_rid(struct ldapsam_privates *ldap_state, int
static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
{
pstring tmp;
pstring filter;
pstring filter, dn;
LDAPMod **mods = NULL;
int rc;
int ldap_op;
LDAPMessage *result = NULL;
char *dn = NULL;
int num_result;
char **attr_list;
@ -1254,29 +1166,26 @@ static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
/* Check if we need to add an entry */
DEBUG(3,("Adding new domain\n"));
ldap_op = LDAP_MOD_ADD;
asprintf (&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
snprintf(dn, sizeof(dn), "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
ldap_state->domain_name, lp_ldap_suffix());
/* Free original search */
ldap_msgfree(result);
if (!dn)
return NT_STATUS_NO_MEMORY;
/* make the changes - the entry *must* not already have samba attributes */
make_a_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
ldap_state->domain_name);
sid_to_string(tmp, &ldap_state->domain_sid);
make_a_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), tmp);
ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), tmp);
snprintf(tmp, sizeof(tmp)-1, "%i", next_allocated_user_rid);
make_a_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), tmp);
ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), tmp);
snprintf(tmp, sizeof(tmp)-1, "%i", next_allocated_group_rid);
make_a_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), tmp);
ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), tmp);
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
switch(ldap_op)
{
@ -1302,12 +1211,12 @@ static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ldap_mods_free(mods,1);
ldap_mods_free(mods, True);
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(2,("added: domain = %s in the LDAP database\n", ldap_state->domain_name));
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
return NT_STATUS_OK;
}
@ -1487,20 +1396,20 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID),
domain_sid_string))
{
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
ldap_memfree(dn);
ldap_msgfree(result);
return ret;
}
if (!string_to_sid(&dom_sid, domain_sid_string)) {
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
ldap_memfree(dn);
ldap_msgfree(result);
return ret;
}
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
mods = NULL;
ldap_memfree(dn);
ldap_msgfree(result);
@ -1523,7 +1432,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
DEBUG(2, ("Failed to modify rid: %s\n", ld_error));
SAFE_FREE(ld_error);
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
mods = NULL;
ldap_memfree(dn);
@ -1989,13 +1898,13 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
"finding next available NUA RID failed, "
"cannot store!\n",
pdb_get_username(sampass)));
ldap_mods_free(*mods, 1);
ldap_mods_free(*mods, True);
return False;
}
} else {
DEBUG(0, ("NO user RID specified on account %s, "
"cannot store!\n", pdb_get_username(sampass)));
ldap_mods_free(*mods, 1);
ldap_mods_free(*mods, True);
return False;
}
@ -2005,7 +1914,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (!pdb_set_user_sid_from_rid(sampass, rid, PDB_CHANGED)) {
DEBUG(0, ("Could not store RID back onto SAM_ACCOUNT for user %s!\n",
pdb_get_username(sampass)));
ldap_mods_free(*mods, 1);
ldap_mods_free(*mods, True);
return False;
}
}
@ -2414,7 +2323,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
switch(ldap_op)
{
case LDAP_MOD_ADD:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_ACCOUNT);
ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_ACCOUNT);
rc = ldapsam_add(ldap_state, dn, mods);
break;
case LDAP_MOD_REPLACE:
@ -2605,12 +2514,12 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
if (mods == NULL) {
DEBUG(4,("mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
return NT_STATUS_OK;
}
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
ldap_mods_free(mods,1);
ldap_mods_free(mods,True);
if (!NT_STATUS_IS_OK(ret)) {
char *ld_error = NULL;
@ -2741,10 +2650,10 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
switch ( ldap_state->schema_ver )
{
case SCHEMAVER_SAMBAACCOUNT:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);
ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);
break;
case SCHEMAVER_SAMBASAMACCOUNT:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT);
ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT);
break;
default:
DEBUG(0,("ldapsam_add_sam_account: invalid schema version specified\n"));
@ -2755,12 +2664,12 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
ldap_mods_free(mods,1);
ldap_mods_free(mods, True);
return ret;
}
DEBUG(2,("added: uid == %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
return NT_STATUS_OK;
}
@ -2804,7 +2713,7 @@ static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state,
attr_list = get_attr_list(groupmap_attr_list);
rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope,
rc = ldapsam_search(ldap_state, lp_ldap_group_suffix (), scope,
filter, attr_list, 0, result);
free_attr_list( attr_list );
@ -2816,7 +2725,7 @@ static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state,
"Problem during the LDAP search: LDAP error: %s (%s)",
ld_error?ld_error:"(unknown)", ldap_err2string(rc)));
DEBUG(3, ("ldapsam_search_one_group: Query was: %s, %s\n",
lp_ldap_suffix(), filter));
lp_ldap_group_suffix(), filter));
SAFE_FREE(ld_error);
}
@ -3093,7 +3002,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
if (!init_ldap_from_group(ldap_state->ldap_struct,
result, &mods, map)) {
DEBUG(0, ("init_ldap_from_group failed!\n"));
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
@ -3105,11 +3014,10 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
make_a_mod(&mods, LDAP_MOD_ADD, "objectClass",
"sambaGroupMapping");
ldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP );
rc = ldapsam_modify(ldap_state, dn, mods);
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
@ -3170,7 +3078,7 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
rc = ldapsam_modify(ldap_state, dn, mods);
ldap_mods_free(mods, 1);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
@ -3230,14 +3138,14 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update)
snprintf( filter, sizeof(filter)-1, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
attr_list = get_attr_list( groupmap_attr_list );
rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
rc = ldapsam_search(ldap_state, lp_ldap_group_suffix(),
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &ldap_state->result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_group_suffix(), filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
return NT_STATUS_UNSUCCESSFUL;

15
source3/sam/idmap.c
View File

@ -105,19 +105,30 @@ BOOL idmap_init(void)
return False;
}
if (NT_STATUS_IS_ERR(local_map->init())) {
if (NT_STATUS_IS_ERR(local_map->init( NULL ))) {
DEBUG(0, ("idmap_init: could not load or create local backend!\n"));
return False;
}
}
if (!remote_map && remote_backend && *remote_backend != 0) {
fstring params = "";
char *pparams;
/* get any mode parameters passed in */
if ( (pparams = strchr( remote_backend, ':' )) != NULL ) {
pparams = '\0';
pparams++;
fstrcpy( params, pparams );
}
DEBUG(3, ("idmap_init: using '%s' as remote backend\n", remote_backend));
if((remote_map = get_methods(remote_backend)) ||
(NT_STATUS_IS_OK(smb_probe_module("idmap", remote_backend)) &&
(remote_map = get_methods(remote_backend)))) {
remote_map->init();
remote_map->init(params);
} else {
DEBUG(0, ("idmap_init: could not load remote backend '%s'\n", remote_backend));
return False;

253
source3/sam/idmap_ldap.c
View File

@ -34,11 +34,14 @@
#include "smbldap.h"
#define IDMAP_GROUP_SUFFIX "ou=idmap group"
#define IDMAP_USER_SUFFIX "ou=idmap people"
struct ldap_idmap_state {
LDAP *ldap_struct;
time_t last_ping;
const char *uri;
char *uri;
char *bind_dn;
char *bind_secret;
unsigned int num_failures;
@ -505,13 +508,13 @@ static NTSTATUS ldap_allocate_id(unid_t *id, int id_type)
LDAPMessage *result = 0;
LDAPMessage *entry = 0;
pstring id_str, new_id_str;
LDAPMod mod[2];
LDAPMod *mods[3];
LDAPMod **mods = NULL;
const char *type;
char *val[4];
char *dn;
char **attr_list;
pstring filter;
uid_t luid, huid;
gid_t lgid, hgid;
type = (id_type & ID_USERID) ?
@ -522,7 +525,7 @@ static NTSTATUS ldap_allocate_id(unid_t *id, int id_type)
attr_list = get_attr_list( idpool_attr_list );
rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(),
rc = ldap_idmap_search(&ldap_state, lp_ldap_idmap_suffix(),
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &result);
free_attr_list( attr_list );
@ -546,38 +549,40 @@ static NTSTATUS ldap_allocate_id(unid_t *id, int id_type)
type));
goto out;
}
/* this must succeed or else we wouldn't have initialized */
lp_idmap_uid( &luid, &huid);
lp_idmap_gid( &lgid, &hgid);
if (id_type & ID_USERID)
/* make sure we still have room to grow */
if (id_type & ID_USERID) {
id->uid = strtoul(id_str, NULL, 10);
else
if (id->uid > huid ) {
DEBUG(0,("ldap_allocate_id: Cannot allocate uid above %d!\n", huid));
goto out;
}
}
else {
id->gid = strtoul(id_str, NULL, 10);
if (id->gid > hgid ) {
DEBUG(0,("ldap_allocate_id: Cannot allocate gid above %d!\n", hgid));
goto out;
}
}
mod[0].mod_op = LDAP_MOD_DELETE;
mod[0].mod_type = strdup(type);
val[0] = id_str;
val[1] = NULL;
mod[0].mod_values = val;
snprintf(new_id_str, sizeof(new_id_str), "%u",
((id_type & ID_USERID) ? id->uid : id->gid) + 1);
mod[1].mod_op = LDAP_MOD_ADD;
mod[1].mod_type = strdup(type);
val[2] = new_id_str;
val[3] = NULL;
mod[1].mod_values = val + 2;
mods[0] = mod; \
mods[1] = mod + 1;
mods[2] = NULL;
ldap_set_mod( &mods, LDAP_MOD_DELETE, type, id_str );
ldap_set_mod( &mods, LDAP_MOD_ADD, type, new_id_str );
rc = ldap_modify_s(ldap_state.ldap_struct, dn, mods);
ldap_memfree(dn);
ldap_mods_free( mods, True );
SAFE_FREE( mod[0].mod_type );
SAFE_FREE( mod[1].mod_type );
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldap_allocate_id: Failed to allocate new %s. ldap_modify() failed.\n",
type));
@ -599,29 +604,30 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
LDAPMessage *entry = 0;
pstring sid_str;
pstring filter;
pstring suffix;
const char *type;
int rc;
int count;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
char **attr_list;
type = (id_type & ID_USERID) ?
get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER ) :
get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER );
/* first we try for a samba user or group mapping */
if ( id_type & ID_USERID ) {
type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER );
snprintf(filter, sizeof(filter), "(&(objectClass=%s)(%s=%u))",
LDAP_OBJ_SAMBASAMACCOUNT, type, id.uid );
pstrcpy( suffix, lp_ldap_suffix());
}
else {
type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER );
snprintf(filter, sizeof(filter), "(&(objectClass=%s)(%s=%u))",
LDAP_OBJ_GROUPMAP, type, id.gid );
pstrcpy( suffix, lp_ldap_group_suffix() );
}
attr_list = get_attr_list( sidmap_attr_list );
rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE,
rc = ldap_idmap_search(&ldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
if (rc != LDAP_SUCCESS)
@ -635,9 +641,19 @@ static NTSTATUS ldap_get_sid_from_id(DOM_SID *sid, unid_t id, int id_type)
if (count == 0) {
snprintf(filter, sizeof(filter), "(&(objectClass=%s)(%s=%u))",
LDAP_OBJ_IDMAP_ENTRY, type, ((id_type & ID_USERID) ? id.uid : id.gid));
rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result);
#if 0 /* commented out for now -- jerry */
if ( id_type & ID_USERID )
snprintf( suffix, sizeof(suffix), "%s,%s", IDMAP_USER_SUFFIX, lp_ldap_idmap_suffix() );
else
snprintf( suffix, sizeof(suffix), "%s,%s", IDMAP_GROUP_SUFFIX, lp_ldap_idmap_suffix() );
#else
pstrcpy( suffix, lp_ldap_idmap_suffix() );
#endif
rc = ldap_idmap_search(&ldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
if (rc != LDAP_SUCCESS)
goto out;
@ -676,6 +692,7 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si
pstring sid_str;
pstring filter;
pstring id_str;
pstring suffix;
const char *type;
const char *obj_class;
int rc;
@ -688,10 +705,12 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si
if ( *id_type & ID_USERID ) {
type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_UIDNUMBER );
obj_class = LDAP_OBJ_SAMBASAMACCOUNT;
pstrcpy( suffix, lp_ldap_suffix() );
}
else {
type = get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER );
obj_class = LDAP_OBJ_GROUPMAP;
pstrcpy( suffix, lp_ldap_group_suffix() );
}
sid_to_string(sid_str, sid);
@ -699,7 +718,7 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si
LDAP_ATTRIBUTE_SID, sid_str);
attr_list = get_attr_list( sidmap_attr_list );
rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE,
rc = ldap_idmap_search(&ldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
if (rc != LDAP_SUCCESS)
@ -714,8 +733,17 @@ static NTSTATUS ldap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *si
snprintf(filter, sizeof(filter), "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_SID, sid_str);
rc = ldap_idmap_search(&ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result);
#if 0 /* commented out for now -- jerry */
if ( *id_type & ID_USERID )
snprintf( suffix, sizeof(suffix), "%s,%s", IDMAP_USER_SUFFIX, lp_ldap_idmap_suffix() );
else
snprintf( suffix, sizeof(suffix), "%s,%s", IDMAP_GROUP_SUFFIX, lp_ldap_idmap_suffix() );
#else
pstrcpy( suffix, lp_ldap_idmap_suffix() );
#endif
rc = ldap_idmap_search(&ldap_state, suffix, LDAP_SCOPE_SUBTREE,
filter, attr_list, 0, &result);
if (rc != LDAP_SUCCESS)
goto out;
@ -777,10 +805,8 @@ out:
static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
{
pstring dn, sid_str, id_str;
fstring type, obj_str, obj_str_val, attr_sid;
LDAPMod *mods[4];
LDAPMod mod[3];
char *val[6];
fstring type;
LDAPMod **mods = NULL;
int rc;
int attempts = 0;
@ -789,43 +815,24 @@ static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
else
fstrcpy( type, get_attr_key2string( idpool_attr_list, LDAP_ATTR_GIDNUMBER ) );
snprintf(dn, sizeof(dn), "%s=%u,%s", type, ((id_type & ID_USERID) ? id.uid : id.gid),
lp_ldap_suffix());
#if 0
snprintf(dn, sizeof(dn), "%s=%u,%s,%s", type,
((id_type & ID_USERID) ? id.uid : id.gid),
((id_type & ID_USERID) ? IDMAP_USER_SUFFIX : IDMAP_GROUP_SUFFIX ),
lp_ldap_idmap_suffix());
#else
snprintf(dn, sizeof(dn), "%s=%u,%s", type,
((id_type & ID_USERID) ? id.uid : id.gid),
lp_ldap_idmap_suffix());
#endif
fstrcpy( obj_str, "objectClass" );
fstrcpy( obj_str_val, LDAP_OBJ_IDMAP_ENTRY );
fstrcpy( attr_sid, LDAP_ATTRIBUTE_SID );
/* objectClass */
mod[0].mod_op = LDAP_MOD_ADD;
mod[0].mod_type = obj_str;
val[0] = obj_str_val;
val[1] = NULL;
mod[0].mod_values = val;
/* uid or gid */
snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid));
mod[1].mod_op = LDAP_MOD_ADD;
mod[1].mod_type = type;
val[2] = id_str;
val[3] = NULL;
mod[1].mod_values = val+2;
/* SID */
sid_to_string( sid_str, sid );
sid_to_string(sid_str, sid);
mod[2].mod_op = LDAP_MOD_ADD;
mod[2].mod_type = attr_sid;
val[4] = sid_str;
val[5] = NULL;
mod[2].mod_values = val+4;
mods[0] = mod;
mods[1] = mod + 1;
mods[2] = mod + 2;
mods[3] = NULL;
ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDMAP_ENTRY );
ldap_set_mod( &mods, LDAP_MOD_ADD, type, id_str );
ldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), sid_str );
do {
if ((rc = ldap_idmap_retry_open(&ldap_state, &attempts)) != LDAP_SUCCESS)
@ -833,7 +840,8 @@ static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
rc = ldap_add_s(ldap_state.ldap_struct, dn, mods);
} while ((rc == LDAP_SERVER_DOWN) && (attempts <= 8));
ldap_mods_free( mods, True );
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldap_set_mapping: Failed to create mapping from %s to %d [%s]\n",
@ -850,11 +858,92 @@ static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
/*****************************************************************************
Initialise idmap database.
*****************************************************************************/
static NTSTATUS ldap_idmap_init(void)
static NTSTATUS ldap_idmap_init( char *params )
{
/* We wait for the first search request before we try to connect to
the LDAP server. We may want to connect upon initialization though
-- aliguori */
fstring filter;
#if 0
pstring dn;
#endif
int rc;
char **attr_list;
LDAPMessage *result = NULL;
LDAPMod **mods = NULL;
int count;
/* parse out the server (assuming only parameter is a URI) */
if ( params )
ldap_state.uri = smb_xstrdup( params );
else
ldap_state.uri = smb_xstrdup( "ldap://localhost/" );
/* see if the idmap suffix and sub entries exists */
snprintf( filter, sizeof(filter), "(objectclass=%s)", LDAP_OBJ_IDPOOL );
attr_list = get_attr_list( idpool_attr_list );
rc = ldap_idmap_search(&ldap_state, lp_ldap_idmap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result);
free_attr_list ( attr_list );
if (rc != LDAP_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
count = ldap_count_entries(ldap_state.ldap_struct, result);
if ( count > 1 ) {
DEBUG(0,("ldap_idmap_init: multiple entries returned from %s (base == %s)\n",
filter, lp_ldap_idmap_suffix() ));
return NT_STATUS_UNSUCCESSFUL;
}
else if (count == 0) {
uid_t luid, huid;
gid_t lgid, hgid;
fstring uid_str, gid_str;
int attempts = 0;
if ( !lp_idmap_uid(&luid, &huid) || !lp_idmap_gid( &lgid, &hgid ) ) {
DEBUG(0,("ldap_idmap_init: idmap uid/gid parameters not specified\n"));
return NT_STATUS_UNSUCCESSFUL;
}
snprintf( uid_str, sizeof(uid_str), "%d", luid );
snprintf( gid_str, sizeof(gid_str), "%d", lgid );
ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDPOOL );
ldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER), uid_str );
ldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER), gid_str );
do {
if ((rc = ldap_idmap_retry_open(&ldap_state, &attempts)) != LDAP_SUCCESS)
continue;
rc = ldap_modify_s(ldap_state.ldap_struct, lp_ldap_idmap_suffix(), mods);
} while ((rc == LDAP_SERVER_DOWN) && (attempts <= 8));
}
/* we have the initial entry now; let's create the sub entries */
/* if they already exist then this will fail, but we don't care */
#if 0 /* commenting out for now, but I will come back to this --jerry */
mods = NULL;
snprintf( dn, sizeof(dn), "%s,%s", IDMAP_USER_SUFFIX, lp_ldap_idmap_suffix() );
ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
ldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap people" );
ldap_add_s(ldap_state.ldap_struct, dn, mods);
ldap_mods_free( mods, True );
mods = NULL;
snprintf( dn, sizeof(dn), "%s,%s", IDMAP_GROUP_SUFFIX, lp_ldap_idmap_suffix() );
ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
ldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap group" );
ldap_add_s(ldap_state.ldap_struct, dn, mods);
ldap_mods_free( mods, True );
#endif
return NT_STATUS_OK;
}
@ -868,6 +957,10 @@ static NTSTATUS ldap_idmap_close(void)
ldap_unbind_ext(ldap_state.ldap_struct, NULL, NULL);
ldap_state.ldap_struct = NULL;
}
SAFE_FREE( ldap_state.uri );
SAFE_FREE( ldap_state.bind_dn );
SAFE_FREE( ldap_state.bind_secret );
DEBUG(5,("The connection to the LDAP server was closed\n"));
/* maybe free the results here --metze */

2
source3/sam/idmap_tdb.c
View File

@ -263,7 +263,7 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
/*****************************************************************************
Initialise idmap database.
*****************************************************************************/
static NTSTATUS db_idmap_init(void)
static NTSTATUS db_idmap_init( char *params )
{
SMB_STRUCT_STAT stbuf;
char *tdbfile = NULL;

2
source3/sam/idmap_winbind.c
View File

@ -122,7 +122,7 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type) {
/*****************************************************************************
Initialise idmap database.
*****************************************************************************/
static NTSTATUS db_init(void) {
static NTSTATUS db_init( char *params ) {
return NT_STATUS_OK;
}