From 6a4957d35d50e6508917aca62b282ae4904187c8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 22:59:40 +0100 Subject: UNFINISHED - s3:idmap_ad: multi-domain Michael --- source3/winbindd/idmap_ad.c | 152 ++++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 60a2d8642a..5904b4f624 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -43,31 +43,33 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; + ADS_STRUCT *ad_idmap_ads; + struct posix_schema *ad_schema; + enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; }; NTSTATUS init_module(void); -static ADS_STRUCT *ad_idmap_ads = NULL; -static struct posix_schema *ad_schema = NULL; -static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; - /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(void) +static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ad_idmap_ads != NULL) { + if (ctx->ad_idmap_ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ad_idmap_ads; + ads = ctx->ad_idmap_ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -83,8 +85,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ad_idmap_ads = NULL; - TALLOC_FREE( ad_schema ); + ctx->ad_idmap_ads = NULL; + TALLOC_FREE(ctx->ad_schema); } } @@ -118,7 +120,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = False; - ad_idmap_ads = ads; + ctx->ad_idmap_ads = ads; return ads; } @@ -126,28 +128,31 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(void) +static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); - + ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom); + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + if ( !ads ) return NULL; /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ad_schema ) + if ( ctx->ad_schema ) return ads; /* Otherwise, set the schema model */ - if ( (ad_map_type == WB_POSIX_MAP_SFU) || - (ad_map_type == WB_POSIX_MAP_SFU20) || - (ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || + (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || + (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; - schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); + schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema); if ( !ADS_ERR_OK(schema_status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); return NULL; @@ -191,16 +196,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } /* schema mode */ - if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ad_map_type = WB_POSIX_MAP_RFC2307; + if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN ) + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -284,14 +289,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -308,7 +313,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ad_schema->posix_uidnumber_attr, + ctx->ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -322,7 +327,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ad_schema->posix_gidnumber_attr, + ctx->ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -405,10 +410,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -495,14 +500,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -592,10 +597,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -653,7 +658,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) ad_idmap_ads = NULL; } - TALLOC_FREE( ad_schema ); + TALLOC_FREE( ctx->ad_schema ); return NT_STATUS_OK; } @@ -671,15 +676,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU) ) { DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } @@ -689,15 +694,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU20) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU20) ) { DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; return NT_STATUS_OK; } @@ -707,15 +712,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) ) { DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -725,7 +730,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *ctx, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -744,6 +749,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Only do query if we are online */ if (idmap_is_offline()) { @@ -755,7 +763,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ads_internal = ad_idmap_cached_connection(); - if ( !ads_internal || !ad_schema ) { + if ( !ads_internal || !ctx->ad_schema ) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -766,12 +774,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -781,13 +789,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ad_schema->posix_homedir_attr; - attrs[1] = ad_schema->posix_shell_attr; - attrs[2] = ad_schema->posix_gecos_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[0] = ctx->ad_schema->posix_homedir_attr; + attrs[1] = ctx->ad_schema->posix_shell_attr; + attrs[2] = ctx->ad_schema->posix_gecos_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -801,12 +809,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -835,6 +843,9 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -852,12 +863,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ad_schema->posix_uid_attr; + attrs[0] = ctx->ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -873,7 +884,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr ); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -908,6 +919,9 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -925,14 +939,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ad_schema->posix_uid_attr, + ctx->ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; -- cgit