summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/include/ads.h16
-rw-r--r--source3/libads/ldap_schema.c72
-rw-r--r--source3/nsswitch/idmap_ad.c45
4 files changed, 110 insertions, 25 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 47b13357d3..9910f0feb5 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1787,7 +1787,7 @@ installmodules: modules installdirs
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) sam.@SHLIBEXT@ sam_ignoredomain.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) domain.@SHLIBEXT@ trustdomain.@SHLIBEXT@ ntdomain.@SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin.@SHLIBEXT@ guest.@SHLIBEXT@ fixed_challenge.@SHLIBEXT@ name_to_ntstatus.@SHLIBEXT@
- @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@
+ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ sfu20.@SHLIBEXT@
installscripts: installdirs
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS)
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 8b1536f83f..52ef27347e 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -10,8 +10,9 @@ enum wb_posix_mapping {
WB_POSIX_MAP_UNKNOWN = -1,
WB_POSIX_MAP_TEMPLATE = 0,
WB_POSIX_MAP_SFU = 1,
- WB_POSIX_MAP_RFC2307 = 2,
- WB_POSIX_MAP_UNIXINFO = 3
+ WB_POSIX_MAP_SFU20 = 2,
+ WB_POSIX_MAP_RFC2307 = 3,
+ WB_POSIX_MAP_UNIXINFO = 4
};
typedef struct {
@@ -121,15 +122,22 @@ typedef void **ADS_MODLIST;
#define ADS_PERMIT_MODIFY_OID "1.2.840.113556.1.4.1413"
#define ADS_ASQ_OID "1.2.840.113556.1.4.1504"
#define ADS_EXTENDED_DN_OID "1.2.840.113556.1.4.529"
-#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801"
+#define ADS_SD_FLAGS_OID "1.2.840.113556.1.4.801"
-/* ldap attribute oids (Services for Unix) */
+/* ldap attribute oids (Services for Unix 3.0, 3.5) */
#define ADS_ATTR_SFU_UIDNUMBER_OID "1.2.840.113556.1.6.18.1.310"
#define ADS_ATTR_SFU_GIDNUMBER_OID "1.2.840.113556.1.6.18.1.311"
#define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344"
#define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312"
#define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337"
+/* ldap attribute oids (Services for Unix 2.0) */
+#define ADS_ATTR_SFU20_UIDNUMBER_OID "1.2.840.113556.1.4.7000.187.70"
+#define ADS_ATTR_SFU20_GIDNUMBER_OID "1.2.840.113556.1.4.7000.187.71"
+#define ADS_ATTR_SFU20_HOMEDIR_OID "1.2.840.113556.1.4.7000.187.106"
+#define ADS_ATTR_SFU20_SHELL_OID "1.2.840.113556.1.4.7000.187.72"
+#define ADS_ATTR_SFU20_GECOS_OID "1.2.840.113556.1.4.7000.187.97"
+
/* ldap attribute oids (RFC2307) */
#define ADS_ATTR_RFC2307_UIDNUMBER_OID "1.3.6.1.1.1.1.0"
#define ADS_ATTR_RFC2307_GIDNUMBER_OID "1.3.6.1.1.1.1.1"
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index 5d91d98549..a8b93cbdbc 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -205,13 +205,37 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
ADS_ATTR_SFU_SHELL_OID,
ADS_ATTR_SFU_GECOS_OID};
+ const char *oids_sfu20[] = { ADS_ATTR_SFU20_UIDNUMBER_OID,
+ ADS_ATTR_SFU20_GIDNUMBER_OID,
+ ADS_ATTR_SFU20_HOMEDIR_OID,
+ ADS_ATTR_SFU20_SHELL_OID,
+ ADS_ATTR_SFU20_GECOS_OID};
+
const char *oids_rfc2307[] = { ADS_ATTR_RFC2307_UIDNUMBER_OID,
ADS_ATTR_RFC2307_GIDNUMBER_OID,
ADS_ATTR_RFC2307_HOMEDIR_OID,
ADS_ATTR_RFC2307_SHELL_OID,
ADS_ATTR_RFC2307_GECOS_OID };
- DEBUG(10,("ads_check_posix_schema_mapping\n"));
+ DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type));
+
+ switch (map_type) {
+
+ case WB_POSIX_MAP_TEMPLATE:
+ case WB_POSIX_MAP_UNIXINFO:
+ DEBUG(10,("ads_check_posix_schema_mapping: nothing to do\n"));
+ return ADS_ERROR(LDAP_SUCCESS);
+
+ case WB_POSIX_MAP_SFU:
+ case WB_POSIX_MAP_SFU20:
+ case WB_POSIX_MAP_RFC2307:
+ break;
+
+ default:
+ DEBUG(0,("ads_check_posix_schema_mapping: "
+ "unknown enum %d\n", map_type));
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
if ( (ctx = talloc_init("ads_check_posix_schema_mapping")) == NULL ) {
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -228,14 +252,25 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
goto done;
}
- if (map_type == WB_POSIX_MAP_SFU) {
- status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu,
- ARRAY_SIZE(oids_sfu),
- &oids_out, &names_out, &num_names);
- } else {
- status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_rfc2307,
- ARRAY_SIZE(oids_rfc2307),
- &oids_out, &names_out, &num_names);
+ switch (map_type) {
+ case WB_POSIX_MAP_SFU:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu,
+ ARRAY_SIZE(oids_sfu),
+ &oids_out, &names_out, &num_names);
+ break;
+ case WB_POSIX_MAP_SFU20:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu20,
+ ARRAY_SIZE(oids_sfu20),
+ &oids_out, &names_out, &num_names);
+ break;
+ case WB_POSIX_MAP_RFC2307:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_rfc2307,
+ ARRAY_SIZE(oids_rfc2307),
+ &oids_out, &names_out, &num_names);
+ break;
+ default:
+ status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ break;
}
if (!ADS_ERR_OK(status)) {
@@ -249,31 +284,36 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
DEBUGADD(10,("\tOID %s has name: %s\n", oids_out[i], names_out[i]));
if (strequal(ADS_ATTR_RFC2307_UIDNUMBER_OID, oids_out[i]) ||
- strequal(ADS_ATTR_SFU_UIDNUMBER_OID, oids_out[i])) {
+ strequal(ADS_ATTR_SFU_UIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_UIDNUMBER_OID, oids_out[i])) {
schema->posix_uidnumber_attr = talloc_strdup(schema, names_out[i]);
continue;
}
if (strequal(ADS_ATTR_RFC2307_GIDNUMBER_OID, oids_out[i]) ||
- strequal(ADS_ATTR_SFU_GIDNUMBER_OID, oids_out[i])) {
+ strequal(ADS_ATTR_SFU_GIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_GIDNUMBER_OID, oids_out[i])) {
schema->posix_gidnumber_attr = talloc_strdup(schema, names_out[i]);
continue;
}
if (strequal(ADS_ATTR_RFC2307_HOMEDIR_OID, oids_out[i]) ||
- strequal(ADS_ATTR_SFU_HOMEDIR_OID, oids_out[i])) {
+ strequal(ADS_ATTR_SFU_HOMEDIR_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_HOMEDIR_OID, oids_out[i])) {
schema->posix_homedir_attr = talloc_strdup(schema, names_out[i]);
continue;
}
if (strequal(ADS_ATTR_RFC2307_SHELL_OID, oids_out[i]) ||
- strequal(ADS_ATTR_SFU_SHELL_OID, oids_out[i])) {
+ strequal(ADS_ATTR_SFU_SHELL_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_SHELL_OID, oids_out[i])) {
schema->posix_shell_attr = talloc_strdup(schema, names_out[i]);
continue;
}
if (strequal(ADS_ATTR_RFC2307_GECOS_OID, oids_out[i]) ||
- strequal(ADS_ATTR_SFU_GECOS_OID, oids_out[i])) {
+ strequal(ADS_ATTR_SFU_GECOS_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_GECOS_OID, oids_out[i])) {
schema->posix_gecos_attr = talloc_strdup(schema, names_out[i]);
}
}
@@ -293,9 +333,7 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
status = ADS_ERROR(LDAP_SUCCESS);
done:
- if (ctx) {
- talloc_destroy(ctx);
- }
+ TALLOC_FREE(ctx);
return status;
}
diff --git a/source3/nsswitch/idmap_ad.c b/source3/nsswitch/idmap_ad.c
index aadbb2419d..4f898c3fa0 100644
--- a/source3/nsswitch/idmap_ad.c
+++ b/source3/nsswitch/idmap_ad.c
@@ -143,6 +143,7 @@ static ADS_STRUCT *ad_idmap_cached_connection(void)
/* Otherwise, set the schema model */
if ( (ad_map_type == WB_POSIX_MAP_SFU) ||
+ (ad_map_type == WB_POSIX_MAP_SFU20) ||
(ad_map_type == WB_POSIX_MAP_RFC2307) )
{
ADS_STATUS schema_status;
@@ -196,6 +197,8 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
if ( schema_mode && schema_mode[0] ) {
if ( strequal(schema_mode, "sfu") )
ad_map_type = WB_POSIX_MAP_SFU;
+ else if ( strequal(schema_mode, "sfu20" ) )
+ ad_map_type = WB_POSIX_MAP_SFU20;
else if ( strequal(schema_mode, "rfc2307" ) )
ad_map_type = WB_POSIX_MAP_RFC2307;
else
@@ -673,7 +676,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
}
/*
- * nss_info_{sfu,rfc2307}
+ * nss_info_{sfu,sfu20,rfc2307}
*/
/************************************************************************
@@ -693,11 +696,32 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e )
return NT_STATUS_NOT_SUPPORTED;
}
- ad_map_type = WB_POSIX_MAP_SFU;
+ ad_map_type = WB_POSIX_MAP_SFU;
return NT_STATUS_OK;
}
+/************************************************************************
+ Initialize the {sfu,rfc2307} state
+ ***********************************************************************/
+
+static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e )
+{
+ /* Sanity check if we have previously been called with a
+ different schema model */
+
+ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
+ (ad_map_type != WB_POSIX_MAP_SFU20) )
+ {
+ DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. "
+ "Mixed schema models not supported!\n"));
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ ad_map_type = WB_POSIX_MAP_SFU20;
+
+ return NT_STATUS_OK;
+}
static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
{
/* Sanity check if we have previously been called with a
@@ -711,7 +735,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
return NT_STATUS_NOT_SUPPORTED;
}
- ad_map_type = WB_POSIX_MAP_RFC2307;
+ ad_map_type = WB_POSIX_MAP_RFC2307;
return NT_STATUS_OK;
}
@@ -795,6 +819,13 @@ static struct nss_info_methods nss_sfu_methods = {
.close_fn = nss_ad_close
};
+static struct nss_info_methods nss_sfu20_methods = {
+ .init = nss_sfu20_init,
+ .get_nss_info = nss_ad_get_info,
+ .close_fn = nss_ad_close
+};
+
+
/************************************************************************
Initialize the plugins
@@ -805,6 +836,7 @@ NTSTATUS idmap_ad_init(void)
static NTSTATUS status_idmap_ad = NT_STATUS_UNSUCCESSFUL;
static NTSTATUS status_nss_rfc2307 = NT_STATUS_UNSUCCESSFUL;
static NTSTATUS status_nss_sfu = NT_STATUS_UNSUCCESSFUL;
+ static NTSTATUS status_nss_sfu20 = NT_STATUS_UNSUCCESSFUL;
/* Always register the AD method first in order to get the
idmap_domain interface called */
@@ -830,6 +862,13 @@ NTSTATUS idmap_ad_init(void)
return status_nss_sfu;
}
+ if ( !NT_STATUS_IS_OK( status_nss_sfu20 ) ) {
+ status_nss_sfu20 = smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION,
+ "sfu20", &nss_sfu20_methods );
+ if ( !NT_STATUS_IS_OK(status_nss_sfu20) )
+ return status_nss_sfu20;
+ }
+
return NT_STATUS_OK;
}