summaryrefslogtreecommitdiff
path: root/source3/winbindd/idmap_ad.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd/idmap_ad.c')
-rw-r--r--source3/winbindd/idmap_ad.c152
1 files changed, 69 insertions, 83 deletions
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 5904b4f624..60a2d8642a 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -43,33 +43,31 @@
struct idmap_ad_context {
uint32_t filter_low_id;
uint32_t filter_high_id;
- ADS_STRUCT *ad_idmap_ads;
- struct posix_schema *ad_schema;
- enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN;
};
NTSTATUS init_module(void);
+static ADS_STRUCT *ad_idmap_ads = NULL;
+static struct posix_schema *ad_schema = NULL;
+static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN;
+
/************************************************************************
***********************************************************************/
-static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom)
+static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
{
ADS_STRUCT *ads;
ADS_STATUS status;
bool local = False;
fstring dc_name;
struct sockaddr_storage dc_ip;
- struct idmap_ad_context *ctx;
-
- ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
- if (ctx->ad_idmap_ads != NULL) {
+ if (ad_idmap_ads != NULL) {
time_t expire;
time_t now = time(NULL);
- ads = ctx->ad_idmap_ads;
+ ads = ad_idmap_ads;
expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
@@ -85,8 +83,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom)
ads->is_mine = True;
ads_destroy( &ads );
ads_kdestroy(WINBIND_CCACHE_NAME);
- ctx->ad_idmap_ads = NULL;
- TALLOC_FREE(ctx->ad_schema);
+ ad_idmap_ads = NULL;
+ TALLOC_FREE( ad_schema );
}
}
@@ -120,7 +118,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom)
ads->is_mine = False;
- ctx->ad_idmap_ads = ads;
+ ad_idmap_ads = ads;
return ads;
}
@@ -128,31 +126,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom)
/************************************************************************
***********************************************************************/
-static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom)
+static ADS_STRUCT *ad_idmap_cached_connection(void)
{
- ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom);
- struct idmap_ad_context *ctx;
-
- ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
-
+ ADS_STRUCT *ads = ad_idmap_cached_connection_internal();
+
if ( !ads )
return NULL;
/* if we have a valid ADS_STRUCT and the schema model is
defined, then we can return here. */
- if ( ctx->ad_schema )
+ if ( ad_schema )
return ads;
/* Otherwise, set the schema model */
- if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) ||
- (ctx->ad_map_type == WB_POSIX_MAP_SFU20) ||
- (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) )
+ if ( (ad_map_type == WB_POSIX_MAP_SFU) ||
+ (ad_map_type == WB_POSIX_MAP_SFU20) ||
+ (ad_map_type == WB_POSIX_MAP_RFC2307) )
{
ADS_STATUS schema_status;
- schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema);
+ schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema);
if ( !ADS_ERR_OK(schema_status) ) {
DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n"));
return NULL;
@@ -196,16 +191,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom,
}
/* schema mode */
- if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN )
- ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
+ if ( ad_map_type == WB_POSIX_MAP_UNKNOWN )
+ ad_map_type = WB_POSIX_MAP_RFC2307;
schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL);
if ( schema_mode && schema_mode[0] ) {
if ( strequal(schema_mode, "sfu") )
- ctx->ad_map_type = WB_POSIX_MAP_SFU;
+ ad_map_type = WB_POSIX_MAP_SFU;
else if ( strequal(schema_mode, "sfu20" ) )
- ctx->ad_map_type = WB_POSIX_MAP_SFU20;
+ ad_map_type = WB_POSIX_MAP_SFU20;
else if ( strequal(schema_mode, "rfc2307" ) )
- ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
+ ad_map_type = WB_POSIX_MAP_RFC2307;
else
DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n",
schema_mode));
@@ -289,14 +284,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
return NT_STATUS_NO_MEMORY;
}
- if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) {
+ if ( (ads = ad_idmap_cached_connection()) == NULL ) {
DEBUG(1, ("ADS uninitialized\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
- attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
+ attrs[2] = ad_schema->posix_uidnumber_attr;
+ attrs[3] = ad_schema->posix_gidnumber_attr;
again:
bidx = idx;
@@ -313,7 +308,7 @@ again:
ATYPE_INTERDOMAIN_TRUST);
}
u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)",
- ctx->ad_schema->posix_uidnumber_attr,
+ ad_schema->posix_uidnumber_attr,
(unsigned long)ids[idx]->xid.id);
CHECK_ALLOC_DONE(u_filter);
break;
@@ -327,7 +322,7 @@ again:
ATYPE_SECURITY_LOCAL_GROUP);
}
g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)",
- ctx->ad_schema->posix_gidnumber_attr,
+ ad_schema->posix_gidnumber_attr,
(unsigned long)ids[idx]->xid.id);
CHECK_ALLOC_DONE(g_filter);
break;
@@ -410,10 +405,10 @@ again:
continue;
}
- if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
- ctx->ad_schema->posix_uidnumber_attr :
- ctx->ad_schema->posix_gidnumber_attr,
- &id))
+ if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
+ ad_schema->posix_uidnumber_attr :
+ ad_schema->posix_gidnumber_attr,
+ &id))
{
DEBUG(1, ("Could not get unix ID\n"));
continue;
@@ -500,14 +495,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
return NT_STATUS_NO_MEMORY;
}
- if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) {
+ if ( (ads = ad_idmap_cached_connection()) == NULL ) {
DEBUG(1, ("ADS uninitialized\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
- attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
+ attrs[2] = ad_schema->posix_uidnumber_attr;
+ attrs[3] = ad_schema->posix_gidnumber_attr;
again:
filter = talloc_asprintf(memctx, "(&(|"
@@ -597,10 +592,10 @@ again:
continue;
}
- if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
- ctx->ad_schema->posix_uidnumber_attr :
- ctx->ad_schema->posix_gidnumber_attr,
- &id))
+ if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
+ ad_schema->posix_uidnumber_attr :
+ ad_schema->posix_gidnumber_attr,
+ &id))
{
DEBUG(1, ("Could not get unix ID\n"));
continue;
@@ -658,7 +653,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
ad_idmap_ads = NULL;
}
- TALLOC_FREE( ctx->ad_schema );
+ TALLOC_FREE( ad_schema );
return NT_STATUS_OK;
}
@@ -676,15 +671,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e )
/* Sanity check if we have previously been called with a
different schema model */
- if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
- (ctx->ad_map_type != WB_POSIX_MAP_SFU) )
+ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
+ (ad_map_type != WB_POSIX_MAP_SFU) )
{
DEBUG(0,("nss_sfu_init: Posix Map type has already been set. "
"Mixed schema models not supported!\n"));
return NT_STATUS_NOT_SUPPORTED;
}
- ctx->ad_map_type = WB_POSIX_MAP_SFU;
+ ad_map_type = WB_POSIX_MAP_SFU;
return NT_STATUS_OK;
}
@@ -694,15 +689,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e )
/* Sanity check if we have previously been called with a
different schema model */
- if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
- (ctx->ad_map_type != WB_POSIX_MAP_SFU20) )
+ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
+ (ad_map_type != WB_POSIX_MAP_SFU20) )
{
DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. "
"Mixed schema models not supported!\n"));
return NT_STATUS_NOT_SUPPORTED;
}
- ctx->ad_map_type = WB_POSIX_MAP_SFU20;
+ ad_map_type = WB_POSIX_MAP_SFU20;
return NT_STATUS_OK;
}
@@ -712,15 +707,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
/* Sanity check if we have previously been called with a
different schema model */
- if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
- (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) )
+ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
+ (ad_map_type != WB_POSIX_MAP_RFC2307) )
{
DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. "
"Mixed schema models not supported!\n"));
return NT_STATUS_NOT_SUPPORTED;
}
- ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
+ ad_map_type = WB_POSIX_MAP_RFC2307;
return NT_STATUS_OK;
}
@@ -730,7 +725,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
***********************************************************************/
static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
const DOM_SID *sid,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *ctx,
ADS_STRUCT *ads,
LDAPMessage *msg,
char **homedir,
@@ -749,9 +744,6 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
char *sidstr = NULL;
- struct idmap_ad_context *ctx;
-
- ctx = talloc_get_type(e->state, struct idmap_ad_context);
/* Only do query if we are online */
if (idmap_is_offline()) {
@@ -763,7 +755,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
ads_internal = ad_idmap_cached_connection();
- if ( !ads_internal || !ctx->ad_schema ) {
+ if ( !ads_internal || !ad_schema ) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
@@ -774,12 +766,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
/* See if we can use the ADS connection struct swe were given */
if (ads) {
- *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr );
- *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr );
- *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr );
+ *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr );
+ *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr );
+ *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr );
if (gid) {
- if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) )
+ if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) )
*gid = (uint32)-1;
}
@@ -789,13 +781,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
/* Have to do our own query */
- attrs[0] = ctx->ad_schema->posix_homedir_attr;
- attrs[1] = ctx->ad_schema->posix_shell_attr;
- attrs[2] = ctx->ad_schema->posix_gecos_attr;
- attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
+ attrs[0] = ad_schema->posix_homedir_attr;
+ attrs[1] = ad_schema->posix_shell_attr;
+ attrs[2] = ad_schema->posix_gecos_attr;
+ attrs[3] = ad_schema->posix_gidnumber_attr;
sidstr = sid_binstring(sid);
- filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
+ filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr);
SAFE_FREE(sidstr);
if (!filter) {
@@ -809,12 +801,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
goto done;
}
- *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr);
- *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr);
- *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr);
+ *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr);
+ *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr);
+ *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr);
if (gid) {
- if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid))
+ if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid))
*gid = (uint32)-1;
}
@@ -843,9 +835,6 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx,
LDAPMessage *msg = NULL;
ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct idmap_ad_context *ctx;
-
- ctx = talloc_get_type(e->state, struct idmap_ad_context);
/* Check incoming parameters */
@@ -863,12 +852,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx,
ads_internal = ad_idmap_cached_connection();
- if (!ads_internal || !ctx->ad_schema) {
+ if (!ads_internal || !ad_schema) {
nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
goto done;
}
- attrs[0] = ctx->ad_schema->posix_uid_attr;
+ attrs[0] = ad_schema->posix_uid_attr;
filter = talloc_asprintf(mem_ctx,
"(sAMAccountName=%s)",
@@ -884,7 +873,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx,
goto done;
}
- *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr );
+ *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr );
if (!*alias) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -919,9 +908,6 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx,
ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
char *username;
- struct idmap_ad_context *ctx;
-
- ctx = talloc_get_type(e->state, struct idmap_ad_context);
/* Check incoming parameters */
@@ -939,14 +925,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx,
ads_internal = ad_idmap_cached_connection();
- if (!ads_internal || !ctx->ad_schema) {
+ if (!ads_internal || !ad_schema) {
nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
goto done;
}
filter = talloc_asprintf(mem_ctx,
"(%s=%s)",
- ctx->ad_schema->posix_uid_attr,
+ ad_schema->posix_uid_attr,
alias);
if (!filter) {
nt_status = NT_STATUS_NO_MEMORY;