diff options
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/include/ads.h | 16 | ||||
-rw-r--r-- | source3/libads/ldap_schema.c | 72 | ||||
-rw-r--r-- | source3/nsswitch/idmap_ad.c | 45 |
4 files changed, 110 insertions, 25 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 47b13357d3..9910f0feb5 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1787,7 +1787,7 @@ installmodules: modules installdirs @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) sam.@SHLIBEXT@ sam_ignoredomain.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) domain.@SHLIBEXT@ trustdomain.@SHLIBEXT@ ntdomain.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin.@SHLIBEXT@ guest.@SHLIBEXT@ fixed_challenge.@SHLIBEXT@ name_to_ntstatus.@SHLIBEXT@ - @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ + @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ sfu20.@SHLIBEXT@ installscripts: installdirs @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS) diff --git a/source3/include/ads.h b/source3/include/ads.h index 8b1536f83f..52ef27347e 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -10,8 +10,9 @@ enum wb_posix_mapping { WB_POSIX_MAP_UNKNOWN = -1, WB_POSIX_MAP_TEMPLATE = 0, WB_POSIX_MAP_SFU = 1, - WB_POSIX_MAP_RFC2307 = 2, - WB_POSIX_MAP_UNIXINFO = 3 + WB_POSIX_MAP_SFU20 = 2, + WB_POSIX_MAP_RFC2307 = 3, + WB_POSIX_MAP_UNIXINFO = 4 }; typedef struct { @@ -121,15 +122,22 @@ typedef void **ADS_MODLIST; #define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413" #define ADS_ASQ_OID "1.2.840.113556.1.4.1504" #define ADS_EXTENDED_DN_OID "1.2.840.113556.1.4.529" -#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801" +#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801" -/* ldap attribute oids (Services for Unix) */ +/* ldap attribute oids (Services for Unix 3.0, 3.5) */ #define ADS_ATTR_SFU_UIDNUMBER_OID "1.2.840.113556.1.6.18.1.310" #define ADS_ATTR_SFU_GIDNUMBER_OID "1.2.840.113556.1.6.18.1.311" #define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344" #define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312" #define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337" +/* ldap attribute oids (Services for Unix 2.0) */ +#define ADS_ATTR_SFU20_UIDNUMBER_OID "1.2.840.113556.1.4.7000.187.70" +#define ADS_ATTR_SFU20_GIDNUMBER_OID "1.2.840.113556.1.4.7000.187.71" +#define ADS_ATTR_SFU20_HOMEDIR_OID "1.2.840.113556.1.4.7000.187.106" +#define ADS_ATTR_SFU20_SHELL_OID "1.2.840.113556.1.4.7000.187.72" +#define ADS_ATTR_SFU20_GECOS_OID "1.2.840.113556.1.4.7000.187.97" + /* ldap attribute oids (RFC2307) */ #define ADS_ATTR_RFC2307_UIDNUMBER_OID "1.3.6.1.1.1.1.0" #define ADS_ATTR_RFC2307_GIDNUMBER_OID "1.3.6.1.1.1.1.1" diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index 5d91d98549..a8b93cbdbc 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -205,13 +205,37 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, ADS_ATTR_SFU_SHELL_OID, ADS_ATTR_SFU_GECOS_OID}; + const char *oids_sfu20[] = { ADS_ATTR_SFU20_UIDNUMBER_OID, + ADS_ATTR_SFU20_GIDNUMBER_OID, + ADS_ATTR_SFU20_HOMEDIR_OID, + ADS_ATTR_SFU20_SHELL_OID, + ADS_ATTR_SFU20_GECOS_OID}; + const char *oids_rfc2307[] = { ADS_ATTR_RFC2307_UIDNUMBER_OID, ADS_ATTR_RFC2307_GIDNUMBER_OID, ADS_ATTR_RFC2307_HOMEDIR_OID, ADS_ATTR_RFC2307_SHELL_OID, ADS_ATTR_RFC2307_GECOS_OID }; - DEBUG(10,("ads_check_posix_schema_mapping\n")); + DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type)); + + switch (map_type) { + + case WB_POSIX_MAP_TEMPLATE: + case WB_POSIX_MAP_UNIXINFO: + DEBUG(10,("ads_check_posix_schema_mapping: nothing to do\n")); + return ADS_ERROR(LDAP_SUCCESS); + + case WB_POSIX_MAP_SFU: + case WB_POSIX_MAP_SFU20: + case WB_POSIX_MAP_RFC2307: + break; + + default: + DEBUG(0,("ads_check_posix_schema_mapping: " + "unknown enum %d\n", map_type)); + return ADS_ERROR(LDAP_PARAM_ERROR); + } if ( (ctx = talloc_init("ads_check_posix_schema_mapping")) == NULL ) { return ADS_ERROR(LDAP_NO_MEMORY); @@ -228,14 +252,25 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, goto done; } - if (map_type == WB_POSIX_MAP_SFU) { - status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu, - ARRAY_SIZE(oids_sfu), - &oids_out, &names_out, &num_names); - } else { - status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_rfc2307, - ARRAY_SIZE(oids_rfc2307), - &oids_out, &names_out, &num_names); + switch (map_type) { + case WB_POSIX_MAP_SFU: + status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu, + ARRAY_SIZE(oids_sfu), + &oids_out, &names_out, &num_names); + break; + case WB_POSIX_MAP_SFU20: + status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu20, + ARRAY_SIZE(oids_sfu20), + &oids_out, &names_out, &num_names); + break; + case WB_POSIX_MAP_RFC2307: + status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_rfc2307, + ARRAY_SIZE(oids_rfc2307), + &oids_out, &names_out, &num_names); + break; + default: + status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + break; } if (!ADS_ERR_OK(status)) { @@ -249,31 +284,36 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, DEBUGADD(10,("\tOID %s has name: %s\n", oids_out[i], names_out[i])); if (strequal(ADS_ATTR_RFC2307_UIDNUMBER_OID, oids_out[i]) || - strequal(ADS_ATTR_SFU_UIDNUMBER_OID, oids_out[i])) { + strequal(ADS_ATTR_SFU_UIDNUMBER_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_UIDNUMBER_OID, oids_out[i])) { schema->posix_uidnumber_attr = talloc_strdup(schema, names_out[i]); continue; } if (strequal(ADS_ATTR_RFC2307_GIDNUMBER_OID, oids_out[i]) || - strequal(ADS_ATTR_SFU_GIDNUMBER_OID, oids_out[i])) { + strequal(ADS_ATTR_SFU_GIDNUMBER_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_GIDNUMBER_OID, oids_out[i])) { schema->posix_gidnumber_attr = talloc_strdup(schema, names_out[i]); continue; } if (strequal(ADS_ATTR_RFC2307_HOMEDIR_OID, oids_out[i]) || - strequal(ADS_ATTR_SFU_HOMEDIR_OID, oids_out[i])) { + strequal(ADS_ATTR_SFU_HOMEDIR_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_HOMEDIR_OID, oids_out[i])) { schema->posix_homedir_attr = talloc_strdup(schema, names_out[i]); continue; } if (strequal(ADS_ATTR_RFC2307_SHELL_OID, oids_out[i]) || - strequal(ADS_ATTR_SFU_SHELL_OID, oids_out[i])) { + strequal(ADS_ATTR_SFU_SHELL_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_SHELL_OID, oids_out[i])) { schema->posix_shell_attr = talloc_strdup(schema, names_out[i]); continue; } if (strequal(ADS_ATTR_RFC2307_GECOS_OID, oids_out[i]) || - strequal(ADS_ATTR_SFU_GECOS_OID, oids_out[i])) { + strequal(ADS_ATTR_SFU_GECOS_OID, oids_out[i]) || + strequal(ADS_ATTR_SFU20_GECOS_OID, oids_out[i])) { schema->posix_gecos_attr = talloc_strdup(schema, names_out[i]); } } @@ -293,9 +333,7 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, status = ADS_ERROR(LDAP_SUCCESS); done: - if (ctx) { - talloc_destroy(ctx); - } + TALLOC_FREE(ctx); return status; } diff --git a/source3/nsswitch/idmap_ad.c b/source3/nsswitch/idmap_ad.c index aadbb2419d..4f898c3fa0 100644 --- a/source3/nsswitch/idmap_ad.c +++ b/source3/nsswitch/idmap_ad.c @@ -143,6 +143,7 @@ static ADS_STRUCT *ad_idmap_cached_connection(void) /* Otherwise, set the schema model */ if ( (ad_map_type == WB_POSIX_MAP_SFU) || + (ad_map_type == WB_POSIX_MAP_SFU20) || (ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; @@ -196,6 +197,8 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom) if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) ad_map_type = WB_POSIX_MAP_SFU; + else if ( strequal(schema_mode, "sfu20" ) ) + ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) ad_map_type = WB_POSIX_MAP_RFC2307; else @@ -673,7 +676,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) } /* - * nss_info_{sfu,rfc2307} + * nss_info_{sfu,sfu20,rfc2307} */ /************************************************************************ @@ -693,11 +696,32 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU; + ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } +/************************************************************************ + Initialize the {sfu,rfc2307} state + ***********************************************************************/ + +static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) +{ + /* Sanity check if we have previously been called with a + different schema model */ + + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_SFU20) ) + { + DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " + "Mixed schema models not supported!\n")); + return NT_STATUS_NOT_SUPPORTED; + } + + ad_map_type = WB_POSIX_MAP_SFU20; + + return NT_STATUS_OK; +} static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) { /* Sanity check if we have previously been called with a @@ -711,7 +735,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_RFC2307; + ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -795,6 +819,13 @@ static struct nss_info_methods nss_sfu_methods = { .close_fn = nss_ad_close }; +static struct nss_info_methods nss_sfu20_methods = { + .init = nss_sfu20_init, + .get_nss_info = nss_ad_get_info, + .close_fn = nss_ad_close +}; + + /************************************************************************ Initialize the plugins @@ -805,6 +836,7 @@ NTSTATUS idmap_ad_init(void) static NTSTATUS status_idmap_ad = NT_STATUS_UNSUCCESSFUL; static NTSTATUS status_nss_rfc2307 = NT_STATUS_UNSUCCESSFUL; static NTSTATUS status_nss_sfu = NT_STATUS_UNSUCCESSFUL; + static NTSTATUS status_nss_sfu20 = NT_STATUS_UNSUCCESSFUL; /* Always register the AD method first in order to get the idmap_domain interface called */ @@ -830,6 +862,13 @@ NTSTATUS idmap_ad_init(void) return status_nss_sfu; } + if ( !NT_STATUS_IS_OK( status_nss_sfu20 ) ) { + status_nss_sfu20 = smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION, + "sfu20", &nss_sfu20_methods ); + if ( !NT_STATUS_IS_OK(status_nss_sfu20) ) + return status_nss_sfu20; + } + return NT_STATUS_OK; } |