The branch, master has been updated via 3626579 s3: Fix tldap_make_mod_blob_int() debug messages via 2bafb4c s3-net: Add delete op for net trust utility via 11c3427 s3-net: Add net trust utility via 6681e45 s3-pdb_ipa: Create DN for new object via 1cbe59e s3-pdb_ipa: Add ipasam_create_dom_group() via afdc905 s3-net: add IPA provision via 2ee1d09 s3-pdb_ipa: Add ipasam_create_user() via c47df01 s3-pdb_ipa: Detect IPA server via ca22bef s3-pdb_ipa: Use new smbldap_make_mod_blob() without a return value via f3b1a68 s3-smbldap: make octet_strings/DATA_BLOBs const. via 02c6940 s3-ipasam: rename of smbldap_make_mod_blob to _smbldap_make_mod_blob. via c4974ee s3-smbldap: support storing octet_strings/DATA_BLOBs. via db76adc s3-pdb_ipa: Fix indentation from 6d0be9e s4-test: fixed a problem with very verbose NDR debug
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3626579cc27cb03fba2100be1a2686651bd3f003 Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 13:46:18 2011 +0200 s3: Fix tldap_make_mod_blob_int() debug messages Signed-off-by: Günther Deschner <g...@samba.org> Autobuild-User: Günther Deschner <g...@samba.org> Autobuild-Date: Wed Apr 6 13:10:30 CEST 2011 on sn-devel-104 commit 2bafb4ccbb99dfde533acad7bf0162ca2618c716 Author: Sumit Bose <sb...@redhat.com> Date: Thu Mar 31 17:46:56 2011 +0200 s3-net: Add delete op for net trust utility Signed-off-by: Günther Deschner <g...@samba.org> commit 11c342724fe23ef532063a7731c2a6d19614cf78 Author: Sumit Bose <sb...@redhat.com> Date: Thu Mar 24 12:10:13 2011 +0100 s3-net: Add net trust utility Signed-off-by: Günther Deschner <g...@samba.org> commit 6681e451c98cd1716b5a68a02e0840a7ae768c36 Author: Sumit Bose <sb...@redhat.com> Date: Wed Mar 23 12:09:22 2011 +0100 s3-pdb_ipa: Create DN for new object Signed-off-by: Günther Deschner <g...@samba.org> commit 1cbe59e174c3ea66dfb57ab7f4ea493168b4867e Author: Sumit Bose <sb...@redhat.com> Date: Fri Mar 18 11:39:37 2011 +0100 s3-pdb_ipa: Add ipasam_create_dom_group() Signed-off-by: Günther Deschner <g...@samba.org> commit afdc9055b5f883a10f3b1fb74a0c40ad9d7fb199 Author: Sumit Bose <sb...@redhat.com> Date: Fri Mar 18 11:37:15 2011 +0100 s3-net: add IPA provision Signed-off-by: Günther Deschner <g...@samba.org> commit 2ee1d09f33a1076549e1d331ba23a31384aae150 Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 13:23:05 2011 +0200 s3-pdb_ipa: Add ipasam_create_user() Signed-off-by: Günther Deschner <g...@samba.org> commit c47df017dda71f9eecea74575c7d7292e543e5ec Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 13:20:19 2011 +0200 s3-pdb_ipa: Detect IPA server Signed-off-by: Günther Deschner <g...@samba.org> commit ca22befb9c2f4bf96944fc70650435dc11b4ea3a Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 13:14:47 2011 +0200 s3-pdb_ipa: Use new smbldap_make_mod_blob() without a return value Signed-off-by: Günther Deschner <g...@samba.org> commit f3b1a68f5f540fa3674c5594ad3ede1568bab6cb Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 14:16:44 2011 +0200 s3-smbldap: make octet_strings/DATA_BLOBs const. Signed-off-by: Günther Deschner <g...@samba.org> commit 02c6940964f8db0c7e78b9e6d8e4a7a404331285 Author: Günther Deschner <g...@samba.org> Date: Wed Apr 6 11:33:12 2011 +0200 s3-ipasam: rename of smbldap_make_mod_blob to _smbldap_make_mod_blob. Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit c4974eec01d32f2c777aa3fca02210bb6c255d79 Author: Günther Deschner <g...@samba.org> Date: Thu Oct 29 23:36:14 2009 +0100 s3-smbldap: support storing octet_strings/DATA_BLOBs. Guenther Signed-off-by: Günther Deschner <g...@samba.org> commit db76adc308217e92ada425703cbdbfce289d009b Author: Sumit Bose <sb...@redhat.com> Date: Mon Apr 4 13:07:37 2011 +0200 s3-pdb_ipa: Fix indentation Signed-off-by: Günther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/Makefile.in | 1 + source3/include/smbldap.h | 4 + source3/lib/smbldap.c | 112 ++++++-- source3/lib/tldap_util.c | 6 +- source3/passdb/pdb_ipa.c | 628 +++++++++++++++++++++++++++++++++------ source3/utils/net_proto.h | 3 + source3/utils/net_rpc.c | 8 + source3/utils/net_rpc_trust.c | 654 +++++++++++++++++++++++++++++++++++++++++ source3/utils/net_sam.c | 139 ++++++++-- source3/wscript_build | 1 + 10 files changed, 1414 insertions(+), 142 deletions(-) create mode 100644 source3/utils/net_rpc_trust.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index f70eb63..0854114 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1160,6 +1160,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ utils/net_serverid.o \ utils/net_eventlog.o \ utils/net_printing.o \ + utils/net_rpc_trust.o \ $(LIBNDR_NTPRINTING_OBJ) \ $(LIBNDR_PREG_OBJ) \ $(LIBCLI_SPOOLSS_OBJ) \ diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 5be9a92..7bb9895 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -138,9 +138,13 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] ); void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); +void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *newblob); void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval); +void smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, const DATA_BLOB *newblob); bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, char *value, int max_len); diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 207f435..fe43237 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -506,7 +506,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { manage memory used by the array, by each struct, and values ***********************************************************************/ - void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) +static void smbldap_set_mod_internal(LDAPMod *** modlist, int modop, const char *attribute, const char *value, const DATA_BLOB *blob) { LDAPMod **mods; int i; @@ -557,7 +557,27 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { mods[i + 1] = NULL; } - if (value != NULL) { + if (blob && (modop & LDAP_MOD_BVALUES)) { + j = 0; + if (mods[i]->mod_bvalues != NULL) { + for (; mods[i]->mod_bvalues[j] != NULL; j++); + } + mods[i]->mod_bvalues = SMB_REALLOC_ARRAY(mods[i]->mod_bvalues, struct berval *, j + 2); + + if (mods[i]->mod_bvalues == NULL) { + smb_panic("smbldap_set_mod: out of memory!"); + /* notreached. */ + } + + mods[i]->mod_bvalues[j] = SMB_MALLOC_P(struct berval); + SMB_ASSERT(mods[i]->mod_bvalues[j] != NULL); + + mods[i]->mod_bvalues[j]->bv_val = (char *)memdup(blob->data, blob->length); + SMB_ASSERT(mods[i]->mod_bvalues[j]->bv_val != NULL); + mods[i]->mod_bvalues[j]->bv_len = blob->length; + + mods[i]->mod_bvalues[j + 1] = NULL; + } else if (value != NULL) { char *utf8_value = NULL; size_t converted_size; @@ -586,17 +606,30 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { *modlist = mods; } + void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) +{ + smbldap_set_mod_internal(modlist, modop, attribute, value, NULL); +} + + void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *value) +{ + smbldap_set_mod_internal(modlist, modop | LDAP_MOD_BVALUES, attribute, NULL, value); +} + /********************************************************************** Set attribute to newval in LDAP, regardless of what value the attribute had in LDAP before. *********************************************************************/ - void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, - LDAPMod ***mods, - const char *attribute, const char *newval) +static void smbldap_make_mod_internal(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, int op, + const char *newval, + const DATA_BLOB *newblob) { char oldval[2048]; /* current largest allowed value is mungeddial */ bool existed; + DATA_BLOB oldblob = data_blob_null; if (attribute == NULL) { /* This can actually happen for ldapsam_compat where we for @@ -605,24 +638,33 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { } if (existing != NULL) { - existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval)); + if (op & LDAP_MOD_BVALUES) { + existed = smbldap_talloc_single_blob(talloc_tos(), ldap_struct, existing, attribute, &oldblob); + } else { + existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval)); + } } else { existed = False; *oldval = '\0'; } - /* all of our string attributes are case insensitive */ - - if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) { + if (existed) { + bool equal = false; + if (op & LDAP_MOD_BVALUES) { + equal = (newblob && (data_blob_cmp(&oldblob, newblob) == 0)); + } else { + /* all of our string attributes are case insensitive */ + equal = (newval && (StrCaseCmp(oldval, newval) == 0)); + } - /* Believe it or not, but LDAP will deny a delete and - an add at the same time if the values are the - same... */ - DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n", attribute)); - return; - } + if (equal) { + /* Believe it or not, but LDAP will deny a delete and + an add at the same time if the values are the + same... */ + DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n", attribute)); + return; + } - if (existed) { /* There has been no value before, so don't delete it. * Here's a possible race: We might end up with * duplicate attributes */ @@ -634,20 +676,48 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { * in Novell NDS. In NDS you have to first remove attribute and then * you could add new value */ - DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval)); - smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); + if (op & LDAP_MOD_BVALUES) { + DEBUG(10,("smbldap_make_mod: deleting attribute |%s| blob\n", attribute)); + smbldap_set_mod_blob(mods, LDAP_MOD_DELETE, attribute, &oldblob); + } else { + DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval)); + smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); + } } /* Regardless of the real operation (add or modify) we add the new value here. We rely on deleting the old value, should it exist. */ - if ((newval != NULL) && (strlen(newval) > 0)) { - DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute, newval)); - smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); + if (op & LDAP_MOD_BVALUES) { + if (newblob && newblob->length) { + DEBUG(10,("smbldap_make_mod: adding attribute |%s| blob\n", attribute)); + smbldap_set_mod_blob(mods, LDAP_MOD_ADD, attribute, newblob); + } + } else { + if ((newval != NULL) && (strlen(newval) > 0)) { + DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute, newval)); + smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); + } } } + void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, const char *newval) +{ + smbldap_make_mod_internal(ldap_struct, existing, mods, attribute, + 0, newval, NULL); +} + + void smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, const DATA_BLOB *newblob) +{ + smbldap_make_mod_internal(ldap_struct, existing, mods, attribute, + LDAP_MOD_BVALUES, NULL, newblob); +} + /********************************************************************** Some varients of the LDAP rebind code do not pass in the third 'arg' pointer to a void*, so we try and work around it by assuming that the diff --git a/source3/lib/tldap_util.c b/source3/lib/tldap_util.c index a908301..0c22d65 100644 --- a/source3/lib/tldap_util.c +++ b/source3/lib/tldap_util.c @@ -236,7 +236,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message *existing, /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the same... */ - DEBUG(10,("smbldap_make_mod_blob: attribute |%s| not " + DEBUG(10,("tldap_make_mod_blob_int: attribute |%s| not " "changed.\n", attrib)); return true; } @@ -250,7 +250,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message *existing, * Novell NDS. In NDS you have to first remove attribute and * then you could add new value */ - DEBUG(10, ("smbldap_make_mod_blob: deleting attribute |%s|\n", + DEBUG(10, ("tldap_make_mod_blob_int: deleting attribute |%s|\n", attrib)); if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods, TLDAP_MOD_DELETE, @@ -264,7 +264,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message *existing, the old value, should it exist. */ if (newval.data != NULL) { - DEBUG(10, ("smbldap_make_mod: adding attribute |%s| value len " + DEBUG(10, ("tldap_make_mod_blob_int: adding attribute |%s| value len " "%d\n", attrib, (int)newval.length)); if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods, TLDAP_MOD_ADD, diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c index d19deef..c98f33e 100644 --- a/source3/passdb/pdb_ipa.c +++ b/source3/passdb/pdb_ipa.c @@ -22,9 +22,13 @@ #include "passdb.h" #include "libcli/security/dom_sid.h" #include "../librpc/ndr/libndr.h" +#include "librpc/gen_ndr/samr.h" #include "smbldap.h" +#define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1" +#define IPA_MAGIC_ID_STR "999" + #define LDAP_TRUST_CONTAINER "ou=system" #define LDAP_ATTRIBUTE_CN "cn" #define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType" @@ -36,37 +40,65 @@ #define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming" #define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier" #define LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO "sambaTrustForestTrustInfo" +#define LDAP_ATTRIBUTE_OBJECTCLASS "objectClass" #define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal" #define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux" #define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName" +#define LDAP_OBJ_IPAOBJECT "ipaObject" +#define LDAP_OBJ_IPAHOST "ipaHost" +#define LDAP_OBJ_POSIXACCOUNT "posixAccount" + +#define LDAP_OBJ_GROUPOFNAMES "groupOfNames" +#define LDAP_OBJ_NESTEDGROUP "nestedGroup" +#define LDAP_OBJ_IPAUSERGROUP "ipaUserGroup" +#define LDAP_OBJ_POSIXGROUP "posixGroup" + +#define HAS_KRB_PRINCIPAL (1<<0) +#define HAS_KRB_PRINCIPAL_AUX (1<<1) +#define HAS_IPAOBJECT (1<<2) +#define HAS_IPAHOST (1<<3) +#define HAS_POSIXACCOUNT (1<<4) +#define HAS_GROUPOFNAMES (1<<5) +#define HAS_NESTEDGROUP (1<<6) +#define HAS_IPAUSERGROUP (1<<7) +#define HAS_POSIXGROUP (1<<8) + struct ipasam_privates { + bool server_is_ipa; NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *, struct samu *sampass); NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *, struct samu *sampass); + NTSTATUS (*ldapsam_create_user)(struct pdb_methods *my_methods, + TALLOC_CTX *tmp_ctx, const char *name, + uint32_t acb_info, uint32_t *rid); + NTSTATUS (*ldapsam_create_dom_group)(struct pdb_methods *my_methods, + TALLOC_CTX *tmp_ctx, + const char *name, + uint32_t *rid); }; static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods, - const char *domain, - char** pwd, - struct dom_sid *sid, - time_t *pass_last_set_time) + const char *domain, + char** pwd, + struct dom_sid *sid, + time_t *pass_last_set_time) { return false; } static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods, - const char* domain, - const char* pwd, - const struct dom_sid *sid) + const char* domain, + const char* pwd, + const struct dom_sid *sid) { return false; } static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods, - const char *domain) + const char *domain) { return false; } @@ -416,23 +448,6 @@ static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry, return true; } -static bool smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *entry, - LDAPMod ***mods, const char *attribute, - DATA_BLOB blob) -{ - char *dummy; - - dummy = base64_encode_data_blob(talloc_tos(), blob); - if (dummy == NULL) { - return false; - } - - smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy); - TALLOC_FREE(dummy); - - return true; -} - static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, const char* domain, const struct pdb_trusted_domain *td) @@ -505,33 +520,21 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, } if (td->trust_auth_outgoing.data != NULL) { - res = smbldap_make_mod_blob(priv2ld(ldap_state), entry, - &mods, - LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING, - td->trust_auth_outgoing); - if (!res) { - return NT_STATUS_UNSUCCESSFUL; - } + smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING, + &td->trust_auth_outgoing); } if (td->trust_auth_incoming.data != NULL) { - res = smbldap_make_mod_blob(priv2ld(ldap_state), entry, - &mods, - LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING, - td->trust_auth_incoming); - if (!res) { - return NT_STATUS_UNSUCCESSFUL; - } + smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING, + &td->trust_auth_incoming); } if (td->trust_forest_trust_info.data != NULL) { - res = smbldap_make_mod_blob(priv2ld(ldap_state), entry, - &mods, - LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO, - td->trust_forest_trust_info); - if (!res) { - return NT_STATUS_UNSUCCESSFUL; - } + smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO, + &td->trust_forest_trust_info); } talloc_autofree_ldapmod(talloc_tos(), mods); @@ -554,7 +557,7 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, } static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods, - const char *domain) + const char *domain) { int ret; struct ldapsam_privates *ldap_state = @@ -663,9 +666,9 @@ static NTSTATUS ipasam_enum_trusted_domains(struct pdb_methods *methods, } static NTSTATUS ipasam_enum_trusteddoms(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - uint32_t *num_domains, - struct trustdom_info ***domains) + TALLOC_CTX *mem_ctx, + uint32_t *num_domains, + struct trustdom_info ***domains) { NTSTATUS status; struct pdb_trusted_domain **td; @@ -715,7 +718,7 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd { struct pdb_domain_info *info; NTSTATUS status; - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)pdb_methods->private_data; + struct ldapsam_privates *ldap_state = pdb_methods->private_data; info = talloc(mem_ctx, struct pdb_domain_info); if (info == NULL) { @@ -734,7 +737,6 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd } strlower_m(info->dns_domain); info->dns_forest = talloc_strdup(info, info->dns_domain); - sid_copy(&info->sid, &ldap_state->domain_sid); status = GUID_from_string("testguid", &info->guid); @@ -806,63 +808,327 @@ static NTSTATUS modify_ipa_password_exop(struct ldapsam_privates *ldap_state, return NT_STATUS_OK; } -static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state, - struct samu *sampass) +static NTSTATUS ipasam_get_objectclasses(struct ldapsam_privates *ldap_state, + const char *dn, LDAPMessage *entry, + uint32_t *has_objectclass) +{ + char **objectclasses; + size_t c; + + objectclasses = ldap_get_values(priv2ld(ldap_state), entry, + LDAP_ATTRIBUTE_OBJECTCLASS); + if (objectclasses == NULL) { + DEBUG(0, ("Entry [%s] does not have any objectclasses.\n", dn)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + *has_objectclass = 0; + for (c = 0; objectclasses[c] != NULL; c++) { + if (strequal(objectclasses[c], LDAP_OBJ_KRB_PRINCIPAL)) { + *has_objectclass |= HAS_KRB_PRINCIPAL; + } else if (strequal(objectclasses[c], + LDAP_OBJ_KRB_PRINCIPAL_AUX)) { + *has_objectclass |= HAS_KRB_PRINCIPAL_AUX; + } else if (strequal(objectclasses[c], LDAP_OBJ_IPAOBJECT)) { + *has_objectclass |= HAS_IPAOBJECT; + } else if (strequal(objectclasses[c], LDAP_OBJ_IPAHOST)) { + *has_objectclass |= HAS_IPAHOST; + } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXACCOUNT)) { + *has_objectclass |= HAS_POSIXACCOUNT; + } else if (strequal(objectclasses[c], LDAP_OBJ_GROUPOFNAMES)) { + *has_objectclass |= HAS_GROUPOFNAMES; + } else if (strequal(objectclasses[c], LDAP_OBJ_NESTEDGROUP)) { + *has_objectclass |= HAS_NESTEDGROUP; + } else if (strequal(objectclasses[c], LDAP_OBJ_IPAUSERGROUP)) { + *has_objectclass |= HAS_IPAUSERGROUP; + } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXGROUP)) { + *has_objectclass |= HAS_POSIXGROUP; + } + } + ldap_value_free(objectclasses); + + return NT_STATUS_OK; +} + +enum obj_type { + IPA_NO_OBJ = 0, + IPA_USER_OBJ, + IPA_GROUP_OBJ +}; + +static NTSTATUS find_obj(struct ldapsam_privates *ldap_state, const char *name, + enum obj_type type, char **_dn, + uint32_t *_has_objectclass) { - char *dn; - LDAPMod **mods = NULL; int ret; - char *princ; - const char *domain; - char *domain_with_dot; + char *username; + char *filter; -- Samba Shared Repository