The branch, master has been updated
via 3626579 s3: Fix tldap_make_mod_blob_int() debug messages
via 2bafb4c s3-net: Add delete op for net trust utility
via 11c3427 s3-net: Add net trust utility
via 6681e45 s3-pdb_ipa: Create DN for new object
via 1cbe59e s3-pdb_ipa: Add ipasam_create_dom_group()
via afdc905 s3-net: add IPA provision
via 2ee1d09 s3-pdb_ipa: Add ipasam_create_user()
via c47df01 s3-pdb_ipa: Detect IPA server
via ca22bef s3-pdb_ipa: Use new smbldap_make_mod_blob() without a
return value
via f3b1a68 s3-smbldap: make octet_strings/DATA_BLOBs const.
via 02c6940 s3-ipasam: rename of smbldap_make_mod_blob to
_smbldap_make_mod_blob.
via c4974ee s3-smbldap: support storing octet_strings/DATA_BLOBs.
via db76adc s3-pdb_ipa: Fix indentation
from 6d0be9e s4-test: fixed a problem with very verbose NDR debug
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3626579cc27cb03fba2100be1a2686651bd3f003
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 13:46:18 2011 +0200
s3: Fix tldap_make_mod_blob_int() debug messages
Signed-off-by: Günther Deschner <g...@samba.org>
Autobuild-User: Günther Deschner <g...@samba.org>
Autobuild-Date: Wed Apr 6 13:10:30 CEST 2011 on sn-devel-104
commit 2bafb4ccbb99dfde533acad7bf0162ca2618c716
Author: Sumit Bose <sb...@redhat.com>
Date: Thu Mar 31 17:46:56 2011 +0200
s3-net: Add delete op for net trust utility
Signed-off-by: Günther Deschner <g...@samba.org>
commit 11c342724fe23ef532063a7731c2a6d19614cf78
Author: Sumit Bose <sb...@redhat.com>
Date: Thu Mar 24 12:10:13 2011 +0100
s3-net: Add net trust utility
Signed-off-by: Günther Deschner <g...@samba.org>
commit 6681e451c98cd1716b5a68a02e0840a7ae768c36
Author: Sumit Bose <sb...@redhat.com>
Date: Wed Mar 23 12:09:22 2011 +0100
s3-pdb_ipa: Create DN for new object
Signed-off-by: Günther Deschner <g...@samba.org>
commit 1cbe59e174c3ea66dfb57ab7f4ea493168b4867e
Author: Sumit Bose <sb...@redhat.com>
Date: Fri Mar 18 11:39:37 2011 +0100
s3-pdb_ipa: Add ipasam_create_dom_group()
Signed-off-by: Günther Deschner <g...@samba.org>
commit afdc9055b5f883a10f3b1fb74a0c40ad9d7fb199
Author: Sumit Bose <sb...@redhat.com>
Date: Fri Mar 18 11:37:15 2011 +0100
s3-net: add IPA provision
Signed-off-by: Günther Deschner <g...@samba.org>
commit 2ee1d09f33a1076549e1d331ba23a31384aae150
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 13:23:05 2011 +0200
s3-pdb_ipa: Add ipasam_create_user()
Signed-off-by: Günther Deschner <g...@samba.org>
commit c47df017dda71f9eecea74575c7d7292e543e5ec
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 13:20:19 2011 +0200
s3-pdb_ipa: Detect IPA server
Signed-off-by: Günther Deschner <g...@samba.org>
commit ca22befb9c2f4bf96944fc70650435dc11b4ea3a
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 13:14:47 2011 +0200
s3-pdb_ipa: Use new smbldap_make_mod_blob() without a return value
Signed-off-by: Günther Deschner <g...@samba.org>
commit f3b1a68f5f540fa3674c5594ad3ede1568bab6cb
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 14:16:44 2011 +0200
s3-smbldap: make octet_strings/DATA_BLOBs const.
Signed-off-by: Günther Deschner <g...@samba.org>
commit 02c6940964f8db0c7e78b9e6d8e4a7a404331285
Author: Günther Deschner <g...@samba.org>
Date: Wed Apr 6 11:33:12 2011 +0200
s3-ipasam: rename of smbldap_make_mod_blob to _smbldap_make_mod_blob.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit c4974eec01d32f2c777aa3fca02210bb6c255d79
Author: Günther Deschner <g...@samba.org>
Date: Thu Oct 29 23:36:14 2009 +0100
s3-smbldap: support storing octet_strings/DATA_BLOBs.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit db76adc308217e92ada425703cbdbfce289d009b
Author: Sumit Bose <sb...@redhat.com>
Date: Mon Apr 4 13:07:37 2011 +0200
s3-pdb_ipa: Fix indentation
Signed-off-by: Günther Deschner <g...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 1 +
source3/include/smbldap.h | 4 +
source3/lib/smbldap.c | 112 ++++++--
source3/lib/tldap_util.c | 6 +-
source3/passdb/pdb_ipa.c | 628 +++++++++++++++++++++++++++++++++------
source3/utils/net_proto.h | 3 +
source3/utils/net_rpc.c | 8 +
source3/utils/net_rpc_trust.c | 654 +++++++++++++++++++++++++++++++++++++++++
source3/utils/net_sam.c | 139 ++++++++--
source3/wscript_build | 1 +
10 files changed, 1414 insertions(+), 142 deletions(-)
create mode 100644 source3/utils/net_rpc_trust.c
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f70eb63..0854114 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1160,6 +1160,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
utils/net_serverid.o \
utils/net_eventlog.o \
utils/net_printing.o \
+ utils/net_rpc_trust.o \
$(LIBNDR_NTPRINTING_OBJ) \
$(LIBNDR_PREG_OBJ) \
$(LIBCLI_SPOOLSS_OBJ) \
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 5be9a92..7bb9895 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -138,9 +138,13 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key );
const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] );
void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute,
const char *value);
+void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char
*attribute, const DATA_BLOB *newblob);
void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
LDAPMod ***mods,
const char *attribute, const char *newval);
+void smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, const DATA_BLOB *newblob);
bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
const char *attribute, char *value,
int max_len);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 207f435..fe43237 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -506,7 +506,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
manage memory used by the array, by each struct, and values
***********************************************************************/
- void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute,
const char *value)
+static void smbldap_set_mod_internal(LDAPMod *** modlist, int modop, const
char *attribute, const char *value, const DATA_BLOB *blob)
{
LDAPMod **mods;
int i;
@@ -557,7 +557,27 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
mods[i + 1] = NULL;
}
- if (value != NULL) {
+ if (blob && (modop & LDAP_MOD_BVALUES)) {
+ j = 0;
+ if (mods[i]->mod_bvalues != NULL) {
+ for (; mods[i]->mod_bvalues[j] != NULL; j++);
+ }
+ mods[i]->mod_bvalues = SMB_REALLOC_ARRAY(mods[i]->mod_bvalues,
struct berval *, j + 2);
+
+ if (mods[i]->mod_bvalues == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+
+ mods[i]->mod_bvalues[j] = SMB_MALLOC_P(struct berval);
+ SMB_ASSERT(mods[i]->mod_bvalues[j] != NULL);
+
+ mods[i]->mod_bvalues[j]->bv_val = (char *)memdup(blob->data,
blob->length);
+ SMB_ASSERT(mods[i]->mod_bvalues[j]->bv_val != NULL);
+ mods[i]->mod_bvalues[j]->bv_len = blob->length;
+
+ mods[i]->mod_bvalues[j + 1] = NULL;
+ } else if (value != NULL) {
char *utf8_value = NULL;
size_t converted_size;
@@ -586,17 +606,30 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
*modlist = mods;
}
+ void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute,
const char *value)
+{
+ smbldap_set_mod_internal(modlist, modop, attribute, value, NULL);
+}
+
+ void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char
*attribute, const DATA_BLOB *value)
+{
+ smbldap_set_mod_internal(modlist, modop | LDAP_MOD_BVALUES, attribute,
NULL, value);
+}
+
/**********************************************************************
Set attribute to newval in LDAP, regardless of what value the
attribute had in LDAP before.
*********************************************************************/
- void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
- LDAPMod ***mods,
- const char *attribute, const char *newval)
+static void smbldap_make_mod_internal(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, int op,
+ const char *newval,
+ const DATA_BLOB *newblob)
{
char oldval[2048]; /* current largest allowed value is mungeddial */
bool existed;
+ DATA_BLOB oldblob = data_blob_null;
if (attribute == NULL) {
/* This can actually happen for ldapsam_compat where we for
@@ -605,24 +638,33 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
}
if (existing != NULL) {
- existed = smbldap_get_single_attribute(ldap_struct, existing,
attribute, oldval, sizeof(oldval));
+ if (op & LDAP_MOD_BVALUES) {
+ existed = smbldap_talloc_single_blob(talloc_tos(),
ldap_struct, existing, attribute, &oldblob);
+ } else {
+ existed = smbldap_get_single_attribute(ldap_struct,
existing, attribute, oldval, sizeof(oldval));
+ }
} else {
existed = False;
*oldval = '\0';
}
- /* all of our string attributes are case insensitive */
-
- if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) {
+ if (existed) {
+ bool equal = false;
+ if (op & LDAP_MOD_BVALUES) {
+ equal = (newblob && (data_blob_cmp(&oldblob, newblob)
== 0));
+ } else {
+ /* all of our string attributes are case insensitive */
+ equal = (newval && (StrCaseCmp(oldval, newval) == 0));
+ }
- /* Believe it or not, but LDAP will deny a delete and
- an add at the same time if the values are the
- same... */
- DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n",
attribute));
- return;
- }
+ if (equal) {
+ /* Believe it or not, but LDAP will deny a delete and
+ an add at the same time if the values are the
+ same... */
+ DEBUG(10,("smbldap_make_mod: attribute |%s| not
changed.\n", attribute));
+ return;
+ }
- if (existed) {
/* There has been no value before, so don't delete it.
* Here's a possible race: We might end up with
* duplicate attributes */
@@ -634,20 +676,48 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
* in Novell NDS. In NDS you have to first remove attribute and
then
* you could add new value */
- DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values
|%s|\n", attribute, oldval));
- smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
+ if (op & LDAP_MOD_BVALUES) {
+ DEBUG(10,("smbldap_make_mod: deleting attribute |%s|
blob\n", attribute));
+ smbldap_set_mod_blob(mods, LDAP_MOD_DELETE, attribute,
&oldblob);
+ } else {
+ DEBUG(10,("smbldap_make_mod: deleting attribute |%s|
values |%s|\n", attribute, oldval));
+ smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute,
oldval);
+ }
}
/* Regardless of the real operation (add or modify)
we add the new value here. We rely on deleting
the old value, should it exist. */
- if ((newval != NULL) && (strlen(newval) > 0)) {
- DEBUG(10,("smbldap_make_mod: adding attribute |%s| value
|%s|\n", attribute, newval));
- smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
+ if (op & LDAP_MOD_BVALUES) {
+ if (newblob && newblob->length) {
+ DEBUG(10,("smbldap_make_mod: adding attribute |%s|
blob\n", attribute));
+ smbldap_set_mod_blob(mods, LDAP_MOD_ADD, attribute,
newblob);
+ }
+ } else {
+ if ((newval != NULL) && (strlen(newval) > 0)) {
+ DEBUG(10,("smbldap_make_mod: adding attribute |%s|
value |%s|\n", attribute, newval));
+ smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
+ }
}
}
+ void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, const char *newval)
+{
+ smbldap_make_mod_internal(ldap_struct, existing, mods, attribute,
+ 0, newval, NULL);
+}
+
+ void smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, const DATA_BLOB *newblob)
+{
+ smbldap_make_mod_internal(ldap_struct, existing, mods, attribute,
+ LDAP_MOD_BVALUES, NULL, newblob);
+}
+
/**********************************************************************
Some varients of the LDAP rebind code do not pass in the third 'arg'
pointer to a void*, so we try and work around it by assuming that the
diff --git a/source3/lib/tldap_util.c b/source3/lib/tldap_util.c
index a908301..0c22d65 100644
--- a/source3/lib/tldap_util.c
+++ b/source3/lib/tldap_util.c
@@ -236,7 +236,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message
*existing,
/* Believe it or not, but LDAP will deny a delete and
an add at the same time if the values are the
same... */
- DEBUG(10,("smbldap_make_mod_blob: attribute |%s| not "
+ DEBUG(10,("tldap_make_mod_blob_int: attribute |%s| not "
"changed.\n", attrib));
return true;
}
@@ -250,7 +250,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message
*existing,
* Novell NDS. In NDS you have to first remove attribute and
* then you could add new value */
- DEBUG(10, ("smbldap_make_mod_blob: deleting attribute |%s|\n",
+ DEBUG(10, ("tldap_make_mod_blob_int: deleting attribute |%s|\n",
attrib));
if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods,
TLDAP_MOD_DELETE,
@@ -264,7 +264,7 @@ static bool tldap_make_mod_blob_int(struct tldap_message
*existing,
the old value, should it exist. */
if (newval.data != NULL) {
- DEBUG(10, ("smbldap_make_mod: adding attribute |%s| value len "
+ DEBUG(10, ("tldap_make_mod_blob_int: adding attribute |%s|
value len "
"%d\n", attrib, (int)newval.length));
if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods,
TLDAP_MOD_ADD,
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
index d19deef..c98f33e 100644
--- a/source3/passdb/pdb_ipa.c
+++ b/source3/passdb/pdb_ipa.c
@@ -22,9 +22,13 @@
#include "passdb.h"
#include "libcli/security/dom_sid.h"
#include "../librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/samr.h"
#include "smbldap.h"
+#define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
+#define IPA_MAGIC_ID_STR "999"
+
#define LDAP_TRUST_CONTAINER "ou=system"
#define LDAP_ATTRIBUTE_CN "cn"
#define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType"
@@ -36,37 +40,65 @@
#define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming"
#define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier"
#define LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO "sambaTrustForestTrustInfo"
+#define LDAP_ATTRIBUTE_OBJECTCLASS "objectClass"
#define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal"
#define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux"
#define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName"
+#define LDAP_OBJ_IPAOBJECT "ipaObject"
+#define LDAP_OBJ_IPAHOST "ipaHost"
+#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
+
+#define LDAP_OBJ_GROUPOFNAMES "groupOfNames"
+#define LDAP_OBJ_NESTEDGROUP "nestedGroup"
+#define LDAP_OBJ_IPAUSERGROUP "ipaUserGroup"
+#define LDAP_OBJ_POSIXGROUP "posixGroup"
+
+#define HAS_KRB_PRINCIPAL (1<<0)
+#define HAS_KRB_PRINCIPAL_AUX (1<<1)
+#define HAS_IPAOBJECT (1<<2)
+#define HAS_IPAHOST (1<<3)
+#define HAS_POSIXACCOUNT (1<<4)
+#define HAS_GROUPOFNAMES (1<<5)
+#define HAS_NESTEDGROUP (1<<6)
+#define HAS_IPAUSERGROUP (1<<7)
+#define HAS_POSIXGROUP (1<<8)
+
struct ipasam_privates {
+ bool server_is_ipa;
NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *,
struct samu *sampass);
NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *,
struct samu *sampass);
+ NTSTATUS (*ldapsam_create_user)(struct pdb_methods *my_methods,
+ TALLOC_CTX *tmp_ctx, const char *name,
+ uint32_t acb_info, uint32_t *rid);
+ NTSTATUS (*ldapsam_create_dom_group)(struct pdb_methods *my_methods,
+ TALLOC_CTX *tmp_ctx,
+ const char *name,
+ uint32_t *rid);
};
static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods,
- const char *domain,
- char** pwd,
- struct dom_sid *sid,
- time_t *pass_last_set_time)
+ const char *domain,
+ char** pwd,
+ struct dom_sid *sid,
+ time_t *pass_last_set_time)
{
return false;
}
static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods,
- const char* domain,
- const char* pwd,
- const struct dom_sid *sid)
+ const char* domain,
+ const char* pwd,
+ const struct dom_sid *sid)
{
return false;
}
static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods,
- const char *domain)
+ const char *domain)
{
return false;
}
@@ -416,23 +448,6 @@ static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct,
LDAPMessage *entry,
return true;
}
-static bool smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *entry,
- LDAPMod ***mods, const char *attribute,
- DATA_BLOB blob)
-{
- char *dummy;
-
- dummy = base64_encode_data_blob(talloc_tos(), blob);
- if (dummy == NULL) {
- return false;
- }
-
- smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
- TALLOC_FREE(dummy);
-
- return true;
-}
-
static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods,
const char* domain,
const struct pdb_trusted_domain *td)
@@ -505,33 +520,21 @@ static NTSTATUS ipasam_set_trusted_domain(struct
pdb_methods *methods,
}
if (td->trust_auth_outgoing.data != NULL) {
- res = smbldap_make_mod_blob(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
- td->trust_auth_outgoing);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+ smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
+ LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
+ &td->trust_auth_outgoing);
}
if (td->trust_auth_incoming.data != NULL) {
- res = smbldap_make_mod_blob(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
- td->trust_auth_incoming);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+ smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
+ LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
+ &td->trust_auth_incoming);
}
if (td->trust_forest_trust_info.data != NULL) {
- res = smbldap_make_mod_blob(priv2ld(ldap_state), entry,
- &mods,
-
LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
- td->trust_forest_trust_info);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+ smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
+ LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
+ &td->trust_forest_trust_info);
}
talloc_autofree_ldapmod(talloc_tos(), mods);
@@ -554,7 +557,7 @@ static NTSTATUS ipasam_set_trusted_domain(struct
pdb_methods *methods,
}
static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods,
- const char *domain)
+ const char *domain)
{
int ret;
struct ldapsam_privates *ldap_state =
@@ -663,9 +666,9 @@ static NTSTATUS ipasam_enum_trusted_domains(struct
pdb_methods *methods,
}
static NTSTATUS ipasam_enum_trusteddoms(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- uint32_t *num_domains,
- struct trustdom_info ***domains)
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_domains,
+ struct trustdom_info ***domains)
{
NTSTATUS status;
struct pdb_trusted_domain **td;
@@ -715,7 +718,7 @@ static struct pdb_domain_info
*pdb_ipasam_get_domain_info(struct pdb_methods *pd
{
struct pdb_domain_info *info;
NTSTATUS status;
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates
*)pdb_methods->private_data;
+ struct ldapsam_privates *ldap_state = pdb_methods->private_data;
info = talloc(mem_ctx, struct pdb_domain_info);
if (info == NULL) {
@@ -734,7 +737,6 @@ static struct pdb_domain_info
*pdb_ipasam_get_domain_info(struct pdb_methods *pd
}
strlower_m(info->dns_domain);
info->dns_forest = talloc_strdup(info, info->dns_domain);
-
sid_copy(&info->sid, &ldap_state->domain_sid);
status = GUID_from_string("testguid", &info->guid);
@@ -806,63 +808,327 @@ static NTSTATUS modify_ipa_password_exop(struct
ldapsam_privates *ldap_state,
return NT_STATUS_OK;
}
-static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
- struct samu *sampass)
+static NTSTATUS ipasam_get_objectclasses(struct ldapsam_privates *ldap_state,
+ const char *dn, LDAPMessage *entry,
+ uint32_t *has_objectclass)
+{
+ char **objectclasses;
+ size_t c;
+
+ objectclasses = ldap_get_values(priv2ld(ldap_state), entry,
+ LDAP_ATTRIBUTE_OBJECTCLASS);
+ if (objectclasses == NULL) {
+ DEBUG(0, ("Entry [%s] does not have any objectclasses.\n", dn));
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ *has_objectclass = 0;
+ for (c = 0; objectclasses[c] != NULL; c++) {
+ if (strequal(objectclasses[c], LDAP_OBJ_KRB_PRINCIPAL)) {
+ *has_objectclass |= HAS_KRB_PRINCIPAL;
+ } else if (strequal(objectclasses[c],
+ LDAP_OBJ_KRB_PRINCIPAL_AUX)) {
+ *has_objectclass |= HAS_KRB_PRINCIPAL_AUX;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_IPAOBJECT)) {
+ *has_objectclass |= HAS_IPAOBJECT;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_IPAHOST)) {
+ *has_objectclass |= HAS_IPAHOST;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXACCOUNT)) {
+ *has_objectclass |= HAS_POSIXACCOUNT;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_GROUPOFNAMES)) {
+ *has_objectclass |= HAS_GROUPOFNAMES;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_NESTEDGROUP)) {
+ *has_objectclass |= HAS_NESTEDGROUP;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_IPAUSERGROUP)) {
+ *has_objectclass |= HAS_IPAUSERGROUP;
+ } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXGROUP)) {
+ *has_objectclass |= HAS_POSIXGROUP;
+ }
+ }
+ ldap_value_free(objectclasses);
+
+ return NT_STATUS_OK;
+}
+
+enum obj_type {
+ IPA_NO_OBJ = 0,
+ IPA_USER_OBJ,
+ IPA_GROUP_OBJ
+};
+
+static NTSTATUS find_obj(struct ldapsam_privates *ldap_state, const char *name,
+ enum obj_type type, char **_dn,
+ uint32_t *_has_objectclass)
{
- char *dn;
- LDAPMod **mods = NULL;
int ret;
- char *princ;
- const char *domain;
- char *domain_with_dot;
+ char *username;
+ char *filter;
--
Samba Shared Repository
