The branch, master has been updated via bfa7964 s3-ipasam: Add aliases for trusted domain user via 7763816 s3-netlogon: Implement NetrServerGetTrustInfo and NetrGetForestTrustInformation via 9ebbbb7 s3-ldap: Add sambaTrustForestTrustInfo to LDAP schemata via d638f4a s3-lsa: Implement lsaRSetForestTrustInformation via 92ea55e s4-smbtorture: Fix for RPC-LSA-FOREST-TRUST. via cc3b67f s3-ipasam: add IPA specific attributes via 33655d2 s3-lsa: Add and remove trusted domain account via 7d53893 s3-lsa: fix return code of _lsa_QueryTrustedDomainInfoByName() via 8fa440c s3-ipasam: add pdb_ipasam_capabilities() and pdb_ipasam_get_domain_info() via a357ac0 s4-smbtorture: Two fixes for forest trust test against samba. via a8ab5d5 s3-lsa: Extract auth info from trustDomainPasswords via ba28fb0 s3-ldap: Update LDAP schemata to include sambaTrustedDomain. via 0b27317 s3-lsa: Use pdb_get_trusted_domain_by_sid in _lsa_QueryTrustedDomainInfo() via fbd846f s3-lsa: fix lsa_QueryTrustedDomainInfo via 72de982 s3-ipasam: add ipasam_get_trusted_domain_by_sid() via b4bc1f8 s3-ipasam: add wrapper for ipasam_enum_trusteddoms() via 4d22986 s3-lsa: implement _lsa_OpenTrustedDomainByName(). via cdd4df7 s3-lsa: implement _lsa_OpenTrustedDomain(). via 13c5211 s3-lsa: Implement _lsa_EnumTrustedDomainsEx() via 86771d8 s3-lsa: implement _lsa_CloseTrustedDomainEx(). via 06245d1 s3-lsa: implement _lsa_QueryTrustedDomainInfoByName(). via b9eda2a s3-lsa: implement _lsa_QueryTrustedDomainInfoBySid(). via 1ce0d97 s3-lsa: implement _lsa_QueryTrustedDomainInfo(). via bb94708 s3-lsa: make _lsa_DeleteTrustedDomain() use pdb_del_trusted_domain(). via 12d16af s3-lsa: implement _lsa_DeleteTrustedDomain(). via f6004a1 s3-lsa: make lsa_lookup_trusted_domain_by_name() use pdb_get_trusted_domain(). via 387e37e s3-lsa: add lsa_lookup_trusted_domain_by_name and lsa_lookup_trusted_domain_by_sid. via 39c9f59 s3-lsa: implement _lsa_CreateTrustedDomain(). via 55bc1cf s3-lsa: implement _lsa_CreateTrustedDomainEx(). via 162fd0e s3-lsa: Let _lsa_CreateTrustedDomainEx2() use pdb_set_trusted_domain(). via a6bd93b s3-lsa: implement _lsa_CreateTrustedDomainEx2(). via 424dc1b s3-lsa: add LSA_HANDLE_TRUST_TYPE. via 5b41211 s3-lsa: add create_lsa_policy_handle(). via 4e60954 s3-ipasam: implement enum_trusted_domains via 8ddbb48 s3-ipasam: implement {get,set,del}_trusted_domain via c96fd89 s3-passdb: make priv2ld() public via b4dd65d s3-passdb: add {get,set,del,enum}_trusted_domain calls via 2e78022 s3-ipasam: Disable old trustdom_pw calls via 4fa210d s3-passdb: Add minimal stub for IPA passdb backend from 1354d3d s3-auth Fix memory leak in security=share and force user =
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit bfa7964da8e69e35b7a156fc4fdba753d7dee1cc Author: Sumit Bose <sb...@redhat.com> Date: Tue Sep 7 14:30:34 2010 +0200 s3-ipasam: Add aliases for trusted domain user Signed-off-by: Günther Deschner <g...@samba.org> Autobuild-User: Günther Deschner <g...@samba.org> Autobuild-Date: Wed Feb 16 12:58:13 CET 2011 on sn-devel-104 commit 77638169681ce5da6a3f7705b16a8f2b5d261671 Author: Sumit Bose <sb...@redhat.com> Date: Fri Sep 3 11:56:31 2010 +0200 s3-netlogon: Implement NetrServerGetTrustInfo and NetrGetForestTrustInformation Signed-off-by: Günther Deschner <g...@samba.org> commit 9ebbbb7456e501c3b43677cd96d880e7320765b8 Author: Sumit Bose <sb...@redhat.com> Date: Thu Sep 2 18:22:16 2010 +0200 s3-ldap: Add sambaTrustForestTrustInfo to LDAP schemata Signed-off-by: Günther Deschner <g...@samba.org> commit d638f4a3b8243317541e10a6014d6de631ddee37 Author: Sumit Bose <sb...@redhat.com> Date: Thu Sep 2 18:13:38 2010 +0200 s3-lsa: Implement lsaRSetForestTrustInformation Signed-off-by: Günther Deschner <g...@samba.org> commit 92ea55e84e3137a331814cc45d7ac9d4e2100904 Author: Sumit Bose <sb...@redhat.com> Date: Thu Sep 2 18:11:47 2010 +0200 s4-smbtorture: Fix for RPC-LSA-FOREST-TRUST. Signed-off-by: Günther Deschner <g...@samba.org> commit cc3b67fa1feba8d8d177a2b3d8a13dadeb1b1990 Author: Sumit Bose <sb...@redhat.com> Date: Fri Sep 3 09:39:45 2010 +0200 s3-ipasam: add IPA specific attributes Signed-off-by: Günther Deschner <g...@samba.org> commit 33655d28b00d8d92a34b5f613ce814828c731599 Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 30 18:09:12 2010 +0200 s3-lsa: Add and remove trusted domain account Signed-off-by: Günther Deschner <g...@samba.org> commit 7d53893dee24d63914f076f0e352f73aa5046fbd Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 30 15:57:36 2010 +0200 s3-lsa: fix return code of _lsa_QueryTrustedDomainInfoByName() Signed-off-by: Günther Deschner <g...@samba.org> commit 8fa440c8207966871ecfee1221a207a46ec02f7d Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 30 15:55:52 2010 +0200 s3-ipasam: add pdb_ipasam_capabilities() and pdb_ipasam_get_domain_info() Signed-off-by: Günther Deschner <g...@samba.org> commit a357ac022278a2e4b4970ec747a576ef91ebb75f Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 30 15:21:11 2010 +0200 s4-smbtorture: Two fixes for forest trust test against samba. Signed-off-by: Günther Deschner <g...@samba.org> commit a8ab5d582da062b433234764a10873b9941de42e Author: Sumit Bose <sb...@redhat.com> Date: Thu Aug 26 14:44:04 2010 +0200 s3-lsa: Extract auth info from trustDomainPasswords Signed-off-by: Günther Deschner <g...@samba.org> commit ba28fb025f141a7f3e80ce176f0e98d44acfca6b Author: Sumit Bose <sb...@redhat.com> Date: Wed Aug 25 14:37:25 2010 +0200 s3-ldap: Update LDAP schemata to include sambaTrustedDomain. Signed-off-by: Günther Deschner <g...@samba.org> commit 0b27317a5c8a22d1e794857b6d287fda37bb943b Author: Sumit Bose <sb...@redhat.com> Date: Tue Aug 24 18:18:00 2010 +0200 s3-lsa: Use pdb_get_trusted_domain_by_sid in _lsa_QueryTrustedDomainInfo() Signed-off-by: Günther Deschner <g...@samba.org> commit fbd846f4278d8efb08c1f511c5a9ed32b6cda41c Author: Sumit Bose <sb...@redhat.com> Date: Tue Aug 24 18:16:06 2010 +0200 s3-lsa: fix lsa_QueryTrustedDomainInfo Signed-off-by: Günther Deschner <g...@samba.org> commit 72de98228926627673edb99fb83c84f0b835baf5 Author: Sumit Bose <sb...@redhat.com> Date: Tue Aug 24 13:48:18 2010 +0200 s3-ipasam: add ipasam_get_trusted_domain_by_sid() Signed-off-by: Günther Deschner <g...@samba.org> commit b4bc1f8f5ce534bb564465e8f706f69ea1e28f57 Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 23 15:25:11 2010 +0200 s3-ipasam: add wrapper for ipasam_enum_trusteddoms() Signed-off-by: Günther Deschner <g...@samba.org> commit 4d22986541efc052ee7f41dceccfa48471b32fe2 Author: Günther Deschner <g...@samba.org> Date: Mon Oct 19 19:02:24 2009 +0200 s3-lsa: implement _lsa_OpenTrustedDomainByName(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit cdd4df72d73dce810e23dbf18de2d8d74b02dd22 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 02:26:37 2009 +0200 s3-lsa: implement _lsa_OpenTrustedDomain(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 13c5211fa91a0232fb0519ca3b6ef220b3939b5f Author: Sumit Bose <sb...@redhat.com> Date: Mon Aug 23 11:20:37 2010 +0200 s3-lsa: Implement _lsa_EnumTrustedDomainsEx() Signed-off-by: Günther Deschner <g...@samba.org> commit 86771d8258710fe7a52ece13025c19efc0b179e6 Author: Günther Deschner <g...@samba.org> Date: Thu Oct 29 16:15:22 2009 +0100 s3-lsa: implement _lsa_CloseTrustedDomainEx(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 06245d13356bb2f7e00ec6ff020aff8758c9da32 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 12:50:33 2009 +0200 s3-lsa: implement _lsa_QueryTrustedDomainInfoByName(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit b9eda2ac987d6e9182a4a10922f3c785c7ba263f Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 12:48:30 2009 +0200 s3-lsa: implement _lsa_QueryTrustedDomainInfoBySid(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 1ce0d9791be5265a13af8761f545b6c81dee2966 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 03:00:13 2009 +0200 s3-lsa: implement _lsa_QueryTrustedDomainInfo(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit bb947089af3f9de7451b765542526924e6e97308 Author: Sumit Bose <sb...@redhat.com> Date: Fri Aug 20 09:28:29 2010 +0200 s3-lsa: make _lsa_DeleteTrustedDomain() use pdb_del_trusted_domain(). Signed-off-by: Günther Deschner <g...@samba.org> commit 12d16af9d6a5a790f8d0849c9a3e1d01cbb2266d Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 02:27:51 2009 +0200 s3-lsa: implement _lsa_DeleteTrustedDomain(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit f6004a1cfd484ecc908bfc77883f03e9fbf3ab88 Author: Sumit Bose <sb...@redhat.com> Date: Fri Aug 20 11:28:43 2010 +0200 s3-lsa: make lsa_lookup_trusted_domain_by_name() use pdb_get_trusted_domain(). Signed-off-by: Günther Deschner <g...@samba.org> commit 387e37efcec387a1b13014e8bcf9bd8e7786f632 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 11:55:09 2009 +0200 s3-lsa: add lsa_lookup_trusted_domain_by_name and lsa_lookup_trusted_domain_by_sid. Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 39c9f59dbab09fb2ce12218dfe798c169e450490 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 14:34:06 2009 +0200 s3-lsa: implement _lsa_CreateTrustedDomain(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 55bc1cfae38beec6da00c8f6e1d730519e0b7626 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 27 00:15:56 2009 +0100 s3-lsa: implement _lsa_CreateTrustedDomainEx(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 162fd0e89104d885ef9269e0aba0db88eb1fb4ad Author: Sumit Bose <sb...@redhat.com> Date: Tue Aug 17 17:20:57 2010 +0200 s3-lsa: Let _lsa_CreateTrustedDomainEx2() use pdb_set_trusted_domain(). Signed-off-by: Günther Deschner <g...@samba.org> commit a6bd93b8c359c5ab672a9546e77c3ae581b96cbd Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 02:27:17 2009 +0200 s3-lsa: implement _lsa_CreateTrustedDomainEx2(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 424dc1b6a3926f8de805b3a7b63732a48218908b Author: Günther Deschner <g...@samba.org> Date: Mon Oct 19 18:48:07 2009 +0200 s3-lsa: add LSA_HANDLE_TRUST_TYPE. Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 5b412117b2d47fa38b5a21ac421ffb347645aaac Author: Günther Deschner <g...@samba.org> Date: Fri Oct 30 11:09:52 2009 +0100 s3-lsa: add create_lsa_policy_handle(). Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit 4e60954071cfd48aa019fbfe56e23507dfd058fd Author: Sumit Bose <sb...@redhat.com> Date: Fri Aug 20 11:58:23 2010 +0200 s3-ipasam: implement enum_trusted_domains Signed-off-by: Günther Deschner <g...@samba.org> commit 8ddbb4886915fe7c0106815bcea3d4030503d75d Author: Sumit Bose <sb...@redhat.com> Date: Fri Jul 16 11:01:49 2010 +0200 s3-ipasam: implement {get,set,del}_trusted_domain Signed-off-by: Günther Deschner <g...@samba.org> commit c96fd895b9d45005560a7ffdedee567b60e7921e Author: Sumit Bose <sb...@redhat.com> Date: Thu Jul 15 16:52:32 2010 +0200 s3-passdb: make priv2ld() public Signed-off-by: Günther Deschner <g...@samba.org> commit b4dd65d3f99022bd5fe7e320d7e36da5432592bb Author: Sumit Bose <sb...@redhat.com> Date: Thu Jul 15 16:22:42 2010 +0200 s3-passdb: add {get,set,del,enum}_trusted_domain calls Signed-off-by: Günther Deschner <g...@samba.org> commit 2e78022066f305143bfbe4cdef757051c8305f1d Author: Sumit Bose <sb...@redhat.com> Date: Thu Jul 15 11:21:48 2010 +0200 s3-ipasam: Disable old trustdom_pw calls Signed-off-by: Günther Deschner <g...@samba.org> commit 4fa210d76a6fb1a9392653c8313c8ffac1f41bb7 Author: Sumit Bose <sb...@redhat.com> Date: Wed Jul 14 15:08:02 2010 +0200 s3-passdb: Add minimal stub for IPA passdb backend Signed-off-by: Günther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: examples/LDAP/samba-nds.schema | 49 + examples/LDAP/samba-schema-FDS.ldif | 22 + examples/LDAP/samba-schema-netscapeds5.x | 10 + examples/LDAP/samba.ldif | 32 + examples/LDAP/samba.schema | 55 + examples/LDAP/samba.schema.at.IBM-DS | 19 +- examples/LDAP/samba.schema.oc.IBM-DS | 2 + source3/Makefile.in | 6 +- source3/configure.in | 3 +- source3/include/passdb.h | 31 + source3/include/proto.h | 14 + source3/include/smbldap.h | 7 + source3/passdb/pdb_interface.c | 81 ++ source3/passdb/pdb_ipa.c | 972 ++++++++++++++++++ source3/passdb/pdb_ldap.c | 4 +- source3/passdb/wscript_build | 2 +- source3/rpc_server/lsa/srv_lsa_nt.c | 1452 +++++++++++++++++++++++++-- source3/rpc_server/netlogon/srv_netlog_nt.c | 261 +++++- source4/torture/rpc/forest_trust.c | 15 +- 19 files changed, 2922 insertions(+), 115 deletions(-) create mode 100644 source3/passdb/pdb_ipa.c Changeset truncated at 500 lines: diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 2fc220f..7ba8665 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -284,6 +284,50 @@ changetype: modify add: attributetypes attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) ####################################################################### ## objectClasses used by Samba 3.0 schema ## @@ -359,3 +403,8 @@ dn: cn=schema changetype: modify add: objectClasses objectClasses: ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' DESC 'Samba Privilege' SUP top AUXILIARY MUST ( sambaSID ) MAY ( sambaPrivilegeList )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) ) diff --git a/examples/LDAP/samba-schema-FDS.ldif b/examples/LDAP/samba-schema-FDS.ldif index fb16486..981dada 100644 --- a/examples/LDAP/samba-schema-FDS.ldif +++ b/examples/LDAP/samba-schema-FDS.ldif @@ -119,6 +119,24 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DES attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) # attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +# +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) ## ####################################################################### ## objectClasses: used by Samba 3.0 schema ## @@ -162,3 +180,7 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCT ## Trusted Domain Relationships ## objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) ) +## +## used for IPA_ldapsam +## +objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) ) diff --git a/examples/LDAP/samba-schema-netscapeds5.x b/examples/LDAP/samba-schema-netscapeds5.x index 8125adc..8bf0e93 100644 --- a/examples/LDAP/samba-schema-netscapeds5.x +++ b/examples/LDAP/samba-schema-netscapeds5.x @@ -36,6 +36,7 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY objectClasses: ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) X-ORIGIN 'user defined' ) objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL DESC 'Samba Trusted Domain Password' MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) X-ORIGIN 'user defined') +objectClasses: ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE X-ORIGIN 'user defined' ) @@ -65,3 +66,12 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined') attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined') +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) diff --git a/examples/LDAP/samba.ldif b/examples/LDAP/samba.ldif index f6eb320..b820602 100644 --- a/examples/LDAP/samba.ldif +++ b/examples/LDAP/samba.ldif @@ -142,6 +142,33 @@ olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextP assword' DESC 'Previous clear text password (used for trusted domain password s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'T + ype of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE ) +olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' D + ESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DE + SC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC + 'Fully qualified name of the domain with which a trust exists' EQUALITY case + IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'Ne + tBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15{128} ) +olcAttributeTypes: {52}( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' + DESC 'Authentication information for the outgoing portion of a trust' EQUALIT + Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +olcAttributeTypes: {53}( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' + DESC 'Authentication information for the incoming portion of a trust' EQUALIT + Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier + ' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExact + IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustIn + fo' DESC 'Forest trust information for a trusted domain object' EQUALITY case + ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s @@ -183,3 +210,8 @@ olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sa mbaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoptio n $ description ) ) +olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC + 'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp + e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla + tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti + fier $ sambaTrustForestTrustInfo ) ) diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index 8f82ddd..df5267a 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -469,6 +469,50 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +attributetype ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' + DESC 'Type of trust' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' + DESC 'Trust attributes for a trusted domain' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' + DESC 'Direction of a trust' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' + DESC 'Fully qualified name of the domain with which a trust exists' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' + DESC 'NetBIOS name of a domain' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' + DESC 'Authentication information for the outgoing portion of a trust' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' + DESC 'Authentication information for the incoming portion of a trust' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' + DESC 'SID of a trusted domain' + EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' + DESC 'Forest trust information for a trusted domain object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) ####################################################################### @@ -573,3 +617,14 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURA ## DESC 'Samba Privilege' ## MUST ( sambaSID ) ## MAY ( sambaPrivilegeList ) ) + +## +## used for IPA_ldapsam +## +objectclasses ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL + DESC 'Samba Trusted Domain Object' + MUST ( cn ) + MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ + sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ + sambaTrustAuthIncoming $ sambaSecurityIdentifier $ + sambaTrustForestTrustInfo) ) diff --git a/examples/LDAP/samba.schema.at.IBM-DS b/examples/LDAP/samba.schema.at.IBM-DS index 85860f9..a375284 100644 --- a/examples/LDAP/samba.schema.at.IBM-DS +++ b/examples/LDAP/samba.schema.at.IBM-DS @@ -1,4 +1,4 @@ -## Samba 3.0 schema for IBM Directory Server 5.1 - object classes only +## Samba 3.0 schema for IBM Directory Server 5.1 - attribute Types only attributetypes=( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.24 DBNAME( 'sambaLMPassword' 'sambaLMPassword' ) ACCESS-CLASS critical ) @@ -93,3 +93,20 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnec attributetypes=( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributetypes=( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) diff --git a/examples/LDAP/samba.schema.oc.IBM-DS b/examples/LDAP/samba.schema.oc.IBM-DS index 736d586..ba31a31 100644 --- a/examples/LDAP/samba.schema.oc.IBM-DS +++ b/examples/LDAP/samba.schema.oc.IBM-DS @@ -19,3 +19,5 @@ objectclasses=( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DES objectclasses=( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) objectclasses=( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL DESC 'Samba Trust Password' MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet )) + +objectclasses=( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL DESC 'Samba Trusted Domain Object' MUST ( cn ) MAY ( sambaTrustTyp e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo ) ) diff --git a/source3/Makefile.in b/source3/Makefile.in index 7dbb012..eb6d4a7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2756,9 +2756,11 @@ bin/sam.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SAM_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_SAM_OBJ) -bin/ldapsam.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_ldap.o passdb/pdb_nds.o +bin/ldapsam.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_ldap.o passdb/pdb_nds.o \ + passdb/pdb_ipa.o @echo "Building plugin $@" - @$(SHLD_MODULE) passdb/pdb_ldap.o passdb/pdb_nds.o $(LDAP_LIBS) + @$(SHLD_MODULE) passdb/pdb_ldap.o passdb/pdb_nds.o passdb/pdb_ipa.o \ + $(LDAP_LIBS) bin/ads.@SHLIBEXT@: $(BINARY_PREREQS) passdb/pdb_ads.o @echo "Building plugin $@" diff --git a/source3/configure.in b/source3/configure.in index d102ea5..31ba9f6 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6759,7 +6759,8 @@ if test x"$MODULE_DEFAULT_vfs_notify_fam" = xSTATIC -o \ AC_SUBST(SMBD_FAM_LIBS) fi -SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o passdb/pdb_nds.o, "bin/ldapsam.$SHLIBEXT", PDB, +SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o passdb/pdb_nds.o passdb/pdb_ipa.o, + "bin/ldapsam.$SHLIBEXT", PDB, [ PASSDB_LIBS="$PASSDB_LIBS $LDAP_LIBS" ] ) SMB_MODULE(pdb_ads, passdb/pdb_ads.o \$(TLDAP_OBJ), "bin/ads.$SHLIBEXT", PDB) SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index dc50533..77956cb 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -225,6 +225,18 @@ struct pdb_domain_info { struct GUID guid; }; +struct pdb_trusted_domain { + char *domain_name; + char *netbios_name; + struct dom_sid security_identifier; + DATA_BLOB trust_auth_incoming; + DATA_BLOB trust_auth_outgoing; + uint32_t trust_direction; + uint32_t trust_type; + uint32_t trust_attributes; + DATA_BLOB trust_forest_trust_info; +}; + /* * trusted domain entry/entries returned by secrets_get_trusted_domains * (used in _lsa_enum_trust_dom call) @@ -438,6 +450,25 @@ struct pdb_methods TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct trustdom_info ***domains); + + NTSTATUS (*get_trusted_domain)(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const char *domain, + struct pdb_trusted_domain **td); + NTSTATUS (*get_trusted_domain_by_sid)(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td); + NTSTATUS (*set_trusted_domain)(struct pdb_methods *methods, + const char* domain, + const struct pdb_trusted_domain *td); + NTSTATUS (*del_trusted_domain)(struct pdb_methods *methods, + const char *domain); + NTSTATUS (*enum_trusted_domains)(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + uint32_t *num_domains, + struct pdb_trusted_domain ***domains); + void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); diff --git a/source3/include/proto.h b/source3/include/proto.h index 83ac33a..3a964c3 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3873,12 +3873,22 @@ bool pdb_set_trusteddom_pw(const char* domain, const char* pwd, bool pdb_del_trusteddom_pw(const char *domain); NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct trustdom_info ***domains); +NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, + struct pdb_trusted_domain **td); +NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, + struct pdb_trusted_domain **td); +NTSTATUS pdb_set_trusted_domain(const char* domain, + const struct pdb_trusted_domain *td); +NTSTATUS pdb_del_trusted_domain(const char *domain); +NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains, + struct pdb_trusted_domain ***domains); NTSTATUS make_pdb_method( struct pdb_methods **methods ) ; /* The following definitions come from passdb/pdb_ldap.c */ struct ldapsam_privates; +LDAP *priv2ld(struct ldapsam_privates *priv); const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver ); NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *location); NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location); @@ -3899,6 +3909,10 @@ int pdb_nds_set_password( const char *pwd ); NTSTATUS pdb_nds_init(void); +/* The following definitions come from passdb/pdb_nds.c */ + +NTSTATUS pdb_ipa_init(void); + /* The following definitions come from passdb/pdb_smbpasswd.c */ NTSTATUS pdb_smbpasswd_init(void) ; diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index ffe618d..14fe76f 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -41,6 +41,7 @@ struct smbldap_state; #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" #define LDAP_OBJ_TRUST_PASSWORD "sambaTrustPassword" #define LDAP_OBJ_TRUSTDOM_PASSWORD "sambaTrustedDomainPassword" +#define LDAP_OBJ_TRUSTED_DOMAIN "sambaTrustedDomain" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -175,6 +176,8 @@ struct smbldap_state { /* struct used by both pdb_ldap.c and pdb_nds.c */ +struct ipasam_privates; + struct ldapsam_privates { struct smbldap_state *smbldap_state; @@ -194,6 +197,10 @@ struct ldapsam_privates { /* Is this NDS ldap? */ int is_nds_ldap; + /* Is this IPA ldap? */ + int is_ipa_ldap; + struct ipasam_privates *ipasam_privates; + /* ldap server location parameter */ char *location; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index b48f409..c286cc1 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -2098,6 +2098,81 @@ static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods, return secrets_trusted_domains(mem_ctx, num_domains, domains); } +/******************************************************************* + trusted_domain methods + *******************************************************************/ + +NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, + struct pdb_trusted_domain **td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusted_domain(pdb, mem_ctx, domain, td); +} + +NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td); +} + +NTSTATUS pdb_set_trusted_domain(const char* domain, + const struct pdb_trusted_domain *td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->set_trusted_domain(pdb, domain, td); +} + +NTSTATUS pdb_del_trusted_domain(const char *domain) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->del_trusted_domain(pdb, domain); +} + +NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains, + struct pdb_trusted_domain ***domains) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains); +} + +static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const char *domain, + struct pdb_trusted_domain **td) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods, + const char* domain, + const struct pdb_trusted_domain *td) -- Samba Shared Repository