r15697: I take no comments as no objections :)

Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.

This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).

Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)

3 files changed, 148 insertions, 40 deletions

diff --git a/source3/sam/idmap_ad.c b/source3/sam/idmap_ad.c
index 0803f2a7ab..5edfad487d 100644
--- a/source3/sam/idmap_ad.c
+++ b/source3/sam/idmap_ad.c
@@ -30,14 +30,6 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
 
-#ifndef ATTR_UIDNUMBER
-#define ATTR_UIDNUMBER ADS_ATTR_SFU_UIDNUMBER_OID
-#endif
-
-#ifndef ATTR_GIDNUMBER
-#define ATTR_GIDNUMBER ADS_ATTR_SFU_GIDNUMBER_OID
-#endif
-
 #define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
 
 NTSTATUS init_module(void);
@@ -48,28 +40,42 @@ static char *ad_idmap_uri = NULL;
 static char *attr_uidnumber = NULL;
 static char *attr_gidnumber = NULL;
 
-static BOOL ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
+static ADS_STATUS ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
 {
+	ADS_STATUS status;
+	enum wb_posix_mapping map_type;
+
 	if (attr_uidnumber != NULL && attr_gidnumber != NULL) {
-		return True;
+		return ADS_ERROR(LDAP_SUCCESS);
 	}
 
-	if (use_nss_info("sfu")) {
-	
-		if (!ads_check_sfu_mapping(ads)) {
-			DEBUG(0,("ad_idmap_check_attr_mapping: failed to check for SFU schema\n"));
-			return False;
-		}
+	SMB_ASSERT(ads->server.workgroup);
 
-		attr_uidnumber = SMB_STRDUP(ads->schema.sfu_uidnumber_attr);
-		attr_gidnumber = SMB_STRDUP(ads->schema.sfu_gidnumber_attr);
+	map_type = get_nss_info(ads->server.workgroup);
 
-	} else {
-		attr_uidnumber = SMB_STRDUP("uidNumber");
-		attr_gidnumber = SMB_STRDUP("gidNumber");
+	if ((map_type == WB_POSIX_MAP_SFU) ||
+	    (map_type == WB_POSIX_MAP_RFC2307)) {
+
+		status = ads_check_posix_schema_mapping(ads, map_type);
+		if (ADS_ERR_OK(status)) {
+			attr_uidnumber = SMB_STRDUP(ads->schema.posix_uidnumber_attr);
+			attr_gidnumber = SMB_STRDUP(ads->schema.posix_gidnumber_attr);
+			ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+			ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
+			return ADS_ERROR(LDAP_SUCCESS);
+		} else {
+			DEBUG(0,("ads_check_posix_schema_mapping failed: %s\n", ads_errstr(status)));
+			/* return status; */
+		}
 	}
+	
+	/* fallback to XAD defaults */
+	attr_uidnumber = SMB_STRDUP("uidNumber");
+	attr_gidnumber = SMB_STRDUP("gidNumber");
+	ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+	ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
 
-	return True;
+	return ADS_ERROR(LDAP_SUCCESS);
 }
 
 static ADS_STRUCT *ad_idmap_cached_connection(void)
@@ -123,7 +129,8 @@ static ADS_STRUCT *ad_idmap_cached_connection(void)
 
 	ads->is_mine = False;
 
-	if (!ad_idmap_check_attr_mapping(ads)) {
+	status = ad_idmap_check_attr_mapping(ads);
+	if (!ADS_ERR_OK(status)) {
 		DEBUG(1, ("ad_idmap_init: failed to check attribute mapping\n"));
 		return NULL;
 	}
@@ -168,14 +175,14 @@ static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type)
 		case ID_USERID:
 			if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
 				ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
-				ATTR_UIDNUMBER, (int)unid.uid) == -1) {
+				ads->schema.posix_uidnumber_attr, (int)unid.uid) == -1) {
 				return NT_STATUS_NO_MEMORY;
 			}
 			break;
 		case ID_GROUPID:
 			if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
 				ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
-				ATTR_GIDNUMBER, (int)unid.gid) == -1) {
+				ads->schema.posix_gidnumber_attr, (int)unid.gid) == -1) {
 				return NT_STATUS_NO_MEMORY;
 			}
 			break;
@@ -228,7 +235,11 @@ static NTSTATUS ad_idmap_get_id_from_sid(unid_t *unid, int *id_type, const DOM_S
 {
 	ADS_STATUS rc;
 	NTSTATUS status = NT_STATUS_NONE_MAPPED;
-	const char *attrs[] = { "sAMAccountType", ATTR_UIDNUMBER, ATTR_GIDNUMBER, NULL };
+	const char *attrs[] = { "sAMAccountType", ADS_ATTR_SFU_UIDNUMBER_OID, 
+						  ADS_ATTR_SFU_GIDNUMBER_OID, 
+						  ADS_ATTR_RFC2307_UIDNUMBER_OID,
+						  ADS_ATTR_RFC2307_GIDNUMBER_OID,
+						  NULL };
 	void *res = NULL;
 	void *msg = NULL;
 	char *expr = NULL;
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index 7233cb48cd..f78d3bdc23 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -110,17 +110,3 @@ NTSTATUS idmap_sid_to_gid(const DOM_SID *sid, gid_t *gid, uint32 flags)
 
 	return ret;
 }
-
-/* placeholder for checking lp_winbind_nss_info() */
-BOOL use_nss_info(const char *info)
-{
-	int i;
-	const char **list = lp_winbind_nss_info();
-
-	for (i=0; list[i]; i++) {
-		if (strequal(list[i], info))
-			return True;
-	}
-
-	return False;
-}
diff --git a/source3/sam/nss_info.c b/source3/sam/nss_info.c
new file mode 100644
index 0000000000..3d0e658a35
--- /dev/null
+++ b/source3/sam/nss_info.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+   nss info helpers
+   Copyright (C) Guenther Deschner 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_IDMAP
+
+/* winbind nss info = rfc2307 SO36:sfu FHAIN:rfc2307 PANKOW:template
+ *
+ * syntax is:
+ *	1st param: default setting
+ *	following ":" separated list elements:
+ *		DOMAIN:setting
+ *	setting can be one of "sfu", "rfc2307", "template", "unixinfo"
+ */
+
+enum wb_posix_mapping get_nss_info(const char *domain_name)
+{
+	const char **list = lp_winbind_nss_info();
+	enum wb_posix_mapping map_templ = WB_POSIX_MAP_TEMPLATE;
+	int i;
+
+	DEBUG(11,("get_nss_info for %s\n", domain_name));
+
+	if (!lp_winbind_nss_info() || !*lp_winbind_nss_info()) {
+		return WB_POSIX_MAP_TEMPLATE;
+	}
+
+	if ((map_templ = wb_posix_map_type(list[0])) == -1) {
+		DEBUG(0,("get_nss_info: invalid setting: %s\n", list[0]));
+		return WB_POSIX_MAP_TEMPLATE;
+	}
+
+	DEBUG(11,("get_nss_info: using \"%s\" by default\n", list[0]));
+
+	for (i=0; list[i]; i++) {
+
+		const char *p = list[i];
+		fstring tok;
+
+		if (!next_token(&p, tok, ":", sizeof(tok))) {
+			DEBUG(0,("get_nss_info: no \":\" delimitier found\n"));
+			continue;
+		}
+
+		if (strequal(tok, domain_name)) {
+		
+			enum wb_posix_mapping type;
+			
+			if ((type = wb_posix_map_type(p)) == -1) {
+				DEBUG(0,("get_nss_info: invalid setting: %s\n", p));
+				/* return WB_POSIX_MAP_TEMPLATE; */
+				continue;
+			}
+
+			DEBUG(11,("get_nss_info: using \"%s\" for domain: %s\n", p, tok));
+			
+			return type;
+		}
+	}
+
+	return map_templ;
+}
+
+const char *wb_posix_map_str(enum wb_posix_mapping mtype)
+{
+	switch (mtype) {
+		case WB_POSIX_MAP_TEMPLATE:
+			return "template";
+		case WB_POSIX_MAP_SFU:
+			return "sfu";
+		case WB_POSIX_MAP_RFC2307:
+			return "rfc2307";
+		case WB_POSIX_MAP_UNIXINFO:
+			return "unixinfo";
+		default:
+			break;
+	}
+	return NULL;
+}
+
+enum wb_posix_mapping wb_posix_map_type(const char *map_str)
+{
+	if (strequal(map_str, "template")) 
+		return WB_POSIX_MAP_TEMPLATE;
+	else if (strequal(map_str, "sfu"))
+		return WB_POSIX_MAP_SFU;
+	else if (strequal(map_str, "rfc2307"))
+		return WB_POSIX_MAP_RFC2307;
+	else if (strequal(map_str, "unixinfo"))
+		return WB_POSIX_MAP_UNIXINFO;
+	
+	return -1;
+}