9
9
* Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
10
10
* Copyright (C) Gerald (Jerry) Carter 2004-2007
11
11
* Copyright (C) Luke Howard 2001-2004
12
* Copyright (C) Michael Adam 2008
12
* Copyright (C) Michael Adam 2008,2010
14
14
* This program is free software; you can redistribute it and/or modify
15
15
* it under the terms of the GNU General Public License as published by
137
142
/* setup server affinity */
139
144
get_dc_name(dom->name, realm, dc_name, &dc_ip );
141
146
status = ads_connect(ads);
142
147
if (!ADS_ERR_OK(status)) {
143
DEBUG(1, ("ad_idmap_init: failed to connect to AD\n"));
148
DEBUG(1, ("ad_idmap_cached_connection_internal: failed to "
144
150
ads_destroy(&ads);
180
186
(ctx->ad_map_type == WB_POSIX_MAP_SFU20) ||
181
187
(ctx->ad_map_type == WB_POSIX_MAP_RFC2307) )
183
status = ads_check_posix_schema_mapping(NULL, ctx->ads, ctx->ad_map_type, &ctx->ad_schema);
189
status = ads_check_posix_schema_mapping(
190
ctx, ctx->ads, ctx->ad_map_type, &ctx->ad_schema);
184
191
if ( !ADS_ERR_OK(status) ) {
185
192
DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n"));
199
static int idmap_ad_context_destructor(struct idmap_ad_context *ctx)
201
if (ctx->ads != NULL) {
202
/* we own this ADS_STRUCT so make sure it goes away */
203
ctx->ads->is_mine = True;
204
ads_destroy( &ctx->ads );
192
210
/************************************************************************
193
211
***********************************************************************/
195
static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom,
213
static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
198
215
struct idmap_ad_context *ctx;
199
216
char *config_option;
200
const char *range = NULL;
201
217
const char *schema_mode = NULL;
203
if ( (ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context)) == NULL ) {
219
ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context);
204
221
DEBUG(0, ("Out of memory!\n"));
205
222
return NT_STATUS_NO_MEMORY;
224
talloc_set_destructor(ctx, idmap_ad_context_destructor);
208
if ( (config_option = talloc_asprintf(ctx, "idmap config %s", dom->name)) == NULL ) {
226
config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
227
if (config_option == NULL) {
209
228
DEBUG(0, ("Out of memory!\n"));
210
229
talloc_free(ctx);
211
230
return NT_STATUS_NO_MEMORY;
215
range = lp_parm_const_string(-1, config_option, "range", NULL);
216
if (range && range[0]) {
217
if ((sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) ||
218
(ctx->filter_low_id > ctx->filter_high_id)) {
219
DEBUG(1, ("ERROR: invalid filter range [%s]", range));
220
ctx->filter_low_id = 0;
221
ctx->filter_high_id = 0;
225
233
/* default map type */
226
234
ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
267
275
Search up to IDMAP_AD_MAX_IDS entries in maps for a match
268
276
***********************************************************************/
270
static struct id_map *find_map_by_sid(struct id_map **maps, DOM_SID *sid)
278
static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid)
274
282
for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
275
if (sid_equal(maps[i]->sid, sid)) {
283
if (dom_sid_equal(maps[i]->sid, sid)) {
457
(ctx->filter_low_id && (id < ctx->filter_low_id)) ||
458
(ctx->filter_high_id && (id > ctx->filter_high_id))) {
464
if (!idmap_unix_id_is_in_range(id, dom)) {
459
465
DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
460
id, ctx->filter_low_id, ctx->filter_high_id));
466
id, dom->low_id, dom->high_id));
571
577
ids[idx]->status = ID_UNKNOWN;
573
sidstr = sid_binstring(talloc_tos(), ids[idx]->sid);
579
sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), ids[idx]->sid);
574
580
filter = talloc_asprintf_append_buffer(filter, "(objectSid=%s)", sidstr);
576
582
TALLOC_FREE(sidstr);
577
583
CHECK_ALLOC_DONE(filter);
651
657
DEBUG(1, ("Could not get unix ID\n"));
655
(ctx->filter_low_id && (id < ctx->filter_low_id)) ||
656
(ctx->filter_high_id && (id > ctx->filter_high_id))) {
660
if (!idmap_unix_id_is_in_range(id, dom)) {
657
661
DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
658
id, ctx->filter_low_id, ctx->filter_high_id));
662
id, dom->low_id, dom->high_id));
693
/************************************************************************
694
***********************************************************************/
696
static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
698
struct idmap_ad_context * ctx;
700
ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
702
if (ctx->ads != NULL) {
703
/* we own this ADS_STRUCT so make sure it goes away */
704
ctx->ads->is_mine = True;
705
ads_destroy( &ctx->ads );
709
TALLOC_FREE( ctx->ad_schema );
715
698
* nss_info_{sfu,sfu20,rfc2307}
865
846
return NT_STATUS_INVALID_PARAMETER;
868
/* See if we can use the ADS connection struct swe were given */
871
DEBUG(10, ("nss_ad_get_info: using given ads connection and "
872
"LDAP message (%p)\n", msg));
874
*homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr );
875
*shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr );
876
*gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr );
879
if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) )
883
nt_status = NT_STATUS_OK;
887
849
/* Have to do our own query */
889
851
DEBUG(10, ("nss_ad_get_info: no ads connection given, doing our "
894
856
attrs[2] = ctx->ad_schema->posix_gecos_attr;
895
857
attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
897
sidstr = sid_binstring(mem_ctx, sid);
859
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
898
860
filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
899
861
TALLOC_FREE(sidstr);
1094
1056
return nt_status;
1098
/************************************************************************
1099
***********************************************************************/
1101
static NTSTATUS nss_ad_close( void )
1103
/* nothing to do. All memory is free()'d by the idmap close_fn() */
1105
return NT_STATUS_OK;
1108
1059
/************************************************************************
1109
1060
Function dispatch tables for the idmap and nss plugins
1110
1061
***********************************************************************/
1113
1064
.init = idmap_ad_initialize,
1114
1065
.unixids_to_sids = idmap_ad_unixids_to_sids,
1115
1066
.sids_to_unixids = idmap_ad_sids_to_unixids,
1116
.close_fn = idmap_ad_close
1119
1069
/* The SFU and RFC2307 NSS plugins share everything but the init
1120
1070
function which sets the intended schema model to use */
1122
1072
static struct nss_info_methods nss_rfc2307_methods = {
1123
1073
.init = nss_rfc2307_init,
1124
1074
.get_nss_info = nss_ad_get_info,
1125
1075
.map_to_alias = nss_ad_map_to_alias,
1126
1076
.map_from_alias = nss_ad_map_from_alias,
1127
.close_fn = nss_ad_close
1130
1079
static struct nss_info_methods nss_sfu_methods = {