The branch, master has been updated
via f3d140f docs-xml: Update idmap_rfc2307 manpage for new realm
handling
via 7cd99b4 idmap_rfc2307: Fix handling of cn realm
from b36c621 s3: smbd: When requesting posix open in
open_file_ntcreate() we need to set all posix flags.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f3d140fcaf7b2efba1309361c23e6beb73bf1270
Author: Christof Schmitt <[email protected]>
Date: Tue Dec 8 12:04:22 2015 -0700
docs-xml: Update idmap_rfc2307 manpage for new realm handling
Now there is only "realm" as a config option; it replaces "cn_realm" and
"ldap_realm".
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Mon Dec 14 15:43:55 CET 2015 on sn-devel-104
commit 7cd99b42075f09ee297569f1d030048c9e887d50
Author: Christof Schmitt <[email protected]>
Date: Tue Dec 8 11:52:41 2015 -0700
idmap_rfc2307: Fix handling of cn realm
When cn_realm was set, the idmap_rfc2307 module tried to determine the
realm from the AD connection struct. In case of referring to a different
domain using the ldap_domain config option, the wrong realm was used.
Since the LDAP-server case already requires having the realm in the
config, extend that to the AD case to fix the issue: Having LDAP records
with @realm in the cn, now always requires having the realm in the
config.
Now cn_realm and ldap_realm always would have to be specified together,
so replace the two options with a single "realm" option.
Signed-off-by: Christof Schmitt <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/idmap_rfc2307.8.xml | 13 +++---------
source3/winbindd/idmap_rfc2307.c | 39 +++++++++++++----------------------
2 files changed, 17 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/idmap_rfc2307.8.xml
b/docs-xml/manpages/idmap_rfc2307.8.xml
index 095e035..8df4d53 100644
--- a/docs-xml/manpages/idmap_rfc2307.8.xml
+++ b/docs-xml/manpages/idmap_rfc2307.8.xml
@@ -88,11 +88,11 @@
no.</para></listitem>
</varlistentry>
<varlistentry>
- <term>cn_realm = <yes | no></term>
+ <term>realm</term>
<listitem><para>Append @realm to cn for groups
(and users if user_cn is set) in
- LDAP. This option is not required, the default
- is no.</para></listitem>
+ LDAP queries. This option is not required, the default
+ is not to append the realm.</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_domain</term>
@@ -124,13 +124,6 @@
absent, an anonymous bind will be
performed.</para></listitem>
</varlistentry>
- <varlistentry>
- <term>ldap_realm</term>
- <listitem><para>Defines the realm to use in
- the user and group names. This is only
- required when using cn_realm together with a
- stand-alone ldap server.</para></listitem>
- </varlistentry>
</variablelist>
</refsect1>
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 6b3ab4a..3ef10f6 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -38,7 +38,6 @@ struct idmap_rfc2307_context {
const char *bind_path_user;
const char *bind_path_group;
const char *ldap_domain;
- bool cn_realm;
bool user_cn;
const char *realm;
@@ -82,9 +81,6 @@ static NTSTATUS idmap_rfc2307_ads_check_connection(struct
idmap_domain *dom)
status = ads_idmap_cached_connection(&ctx->ads, dom_name);
if (ADS_ERR_OK(status)) {
ctx->ldap = ctx->ads->ldap.ld;
- if (ctx->cn_realm) {
- ctx->realm = ctx->ads->server.realm;
- }
} else {
DEBUG(1, ("Could not connect to domain %s: %s\n", dom->name,
ads_errstr(status)));
@@ -172,7 +168,7 @@ static NTSTATUS idmap_rfc2307_init_ldap(struct
idmap_rfc2307_context *ctx,
NTSTATUS ret;
char *url;
char *secret = NULL;
- const char *ldap_url, *user_dn, *ldap_realm;
+ const char *ldap_url, *user_dn;
TALLOC_CTX *mem_ctx = ctx;
ldap_url = lp_parm_const_string(-1, config_option, "ldap_url", NULL);
@@ -204,21 +200,6 @@ static NTSTATUS idmap_rfc2307_init_ldap(struct
idmap_rfc2307_context *ctx,
ctx->search = idmap_rfc2307_ldap_search;
- if (ctx->cn_realm) {
- ldap_realm = lp_parm_const_string(-1, config_option,
- "ldap_realm", NULL);
- if (!ldap_realm) {
- DEBUG(1, ("ERROR: cn_realm set, "
- "but ldap_realm is missing\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- ctx->realm = talloc_strdup(mem_ctx, ldap_realm);
- if (!ctx->realm) {
- ret = NT_STATUS_NO_MEMORY;
- }
- }
-
done:
talloc_free(url);
return ret;
@@ -276,7 +257,7 @@ static void idmap_rfc2307_map_sid_results(struct
idmap_rfc2307_context *ctx,
continue;
}
- if (ctx->cn_realm) {
+ if (ctx->realm != NULL) {
/* Strip @realm from user or group name */
char *delim;
@@ -487,7 +468,7 @@ static NTSTATUS idmap_rfc_2307_sids_to_names(TALLOC_CTX
*mem_ctx,
switch(lsa_type) {
case SID_NAME_USER:
id->xid.type = map->type = ID_TYPE_UID;
- if (ctx->user_cn && ctx->cn_realm) {
+ if (ctx->user_cn && ctx->realm != NULL) {
name = talloc_asprintf(mem_ctx, "%s@%s",
name, ctx->realm);
}
@@ -497,7 +478,7 @@ static NTSTATUS idmap_rfc_2307_sids_to_names(TALLOC_CTX
*mem_ctx,
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
case SID_NAME_WKN_GRP:
- if (ctx->cn_realm) {
+ if (ctx->realm != NULL) {
name = talloc_asprintf(mem_ctx, "%s@%s",
name, ctx->realm);
}
@@ -781,7 +762,7 @@ static NTSTATUS idmap_rfc2307_initialize(struct
idmap_domain *domain)
{
struct idmap_rfc2307_context *ctx;
char *cfg_opt;
- const char *bind_path_user, *bind_path_group, *ldap_server;
+ const char *bind_path_user, *bind_path_group, *ldap_server, *realm;
NTSTATUS status;
ctx = talloc_zero(domain, struct idmap_rfc2307_context);
@@ -842,7 +823,15 @@ static NTSTATUS idmap_rfc2307_initialize(struct
idmap_domain *domain)
goto err;
}
- ctx->cn_realm = lp_parm_bool(-1, cfg_opt, "cn_realm", false);
+ realm = lp_parm_const_string(-1, cfg_opt, "realm", NULL);
+ if (realm) {
+ ctx->realm = talloc_strdup(ctx, realm);
+ if (ctx->realm == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto err;
+ }
+ }
+
ctx->user_cn = lp_parm_bool(-1, cfg_opt, "user_cn", false);
domain->private_data = ctx;
--
Samba Shared Repository
