summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-02-04 17:19:57 +0100
committerStefan Metzmacher <metze@samba.org>2010-02-08 11:23:24 +0100
commit25038fa85ff69962ca0975f31802218a897aa1ec (patch)
treecea96b4d9f8c3d6512043b79138f6a0c27e28455 /source3/passdb
parente10d0869567436902c8b8cfb50f8c64148d554cb (diff)
downloadsamba-25038fa85ff69962ca0975f31802218a897aa1ec.tar.gz
samba-25038fa85ff69962ca0975f31802218a897aa1ec.tar.bz2
samba-25038fa85ff69962ca0975f31802218a897aa1ec.zip
s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support
And also store the gid_to_sid mappings in the idmap_cache. metze
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_ldap.c90
1 files changed, 85 insertions, 5 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index a3b79b6066..197e405ff4 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1029,6 +1029,17 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
}
if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
+ struct passwd unix_pw;
+ bool have_uid = false;
+ bool have_gid = false;
+ DOM_SID mapped_gsid;
+ const DOM_SID *primary_gsid;
+
+ ZERO_STRUCT(unix_pw);
+
+ unix_pw.pw_name = username;
+ unix_pw.pw_passwd = discard_const_p(char, "x");
+
temp = smbldap_talloc_single_attribute(
priv2ld(ldap_state),
entry,
@@ -1036,9 +1047,68 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
ctx);
if (temp) {
/* We've got a uid, feed the cache */
- uid_t uid = strtoul(temp, NULL, 10);
- store_uid_sid_cache(pdb_get_user_sid(sampass), uid);
- idmap_cache_set_sid2uid(pdb_get_user_sid(sampass), uid);
+ unix_pw.pw_uid = strtoul(temp, NULL, 10);
+ have_uid = true;
+ }
+ temp = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "gidNumber",
+ ctx);
+ if (temp) {
+ /* We've got a uid, feed the cache */
+ unix_pw.pw_gid = strtoul(temp, NULL, 10);
+ have_gid = true;
+ }
+ unix_pw.pw_gecos = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "gecos",
+ ctx);
+ if (unix_pw.pw_gecos) {
+ unix_pw.pw_gecos = fullname;
+ }
+ unix_pw.pw_dir = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "homeDirectory",
+ ctx);
+ if (unix_pw.pw_dir) {
+ unix_pw.pw_dir = discard_const_p(char, "");
+ }
+ unix_pw.pw_shell = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "loginShell",
+ ctx);
+ if (unix_pw.pw_shell) {
+ unix_pw.pw_shell = discard_const_p(char, "");
+ }
+
+ if (have_uid && have_gid) {
+ sampass->unix_pw = tcopy_passwd(sampass, &unix_pw);
+ } else {
+ sampass->unix_pw = Get_Pwnam_alloc(sampass, unix_pw.pw_name);
+ }
+
+ if (sampass->unix_pw == NULL) {
+ DEBUG(0,("init_sam_from_ldap: Failed to find Unix account for %s\n",
+ pdb_get_username(sampass)));
+ goto fn_exit;
+ }
+
+ store_uid_sid_cache(pdb_get_user_sid(sampass),
+ sampass->unix_pw->pw_uid);
+ idmap_cache_set_sid2uid(pdb_get_user_sid(sampass),
+ sampass->unix_pw->pw_uid);
+
+ gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
+ primary_gsid = pdb_get_group_sid(sampass);
+ if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ store_gid_sid_cache(primary_gsid,
+ sampass->unix_pw->pw_gid);
+ idmap_cache_set_sid2uid(primary_gsid,
+ sampass->unix_pw->pw_gid);
}
}
@@ -1489,6 +1559,16 @@ static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
(*attr_list)[i+1] = NULL;
}
+static void ldapsam_add_unix_attributes(TALLOC_CTX *mem_ctx,
+ const char ***attr_list)
+{
+ append_attr(mem_ctx, attr_list, "uidNumber");
+ append_attr(mem_ctx, attr_list, "gidNumber");
+ append_attr(mem_ctx, attr_list, "homeDirectory");
+ append_attr(mem_ctx, attr_list, "loginShell");
+ append_attr(mem_ctx, attr_list, "gecos");
+}
+
/**********************************************************************
Get struct samu entry from LDAP by username.
*********************************************************************/
@@ -1507,7 +1587,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, struct samu
append_attr(user, &attr_list,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_MOD_TIMESTAMP));
- append_attr(user, &attr_list, "uidNumber");
+ ldapsam_add_unix_attributes(user, &attr_list);
rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result,
attr_list);
TALLOC_FREE( attr_list );
@@ -1564,7 +1644,7 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
get_userattr_key2string(
ldap_state->schema_ver,
LDAP_ATTR_MOD_TIMESTAMP));
- append_attr(tmp_ctx, &attr_list, "uidNumber");
+ ldapsam_add_unix_attributes(tmp_ctx, &attr_list);
rc = ldapsam_search_suffix_by_sid(ldap_state, sid,
result, attr_list);
TALLOC_FREE(tmp_ctx);