[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - build_3.2.3_ctdb.50-79-gc59af65

Michael Adam obnox at samba.org
Mon Dec 1 01:54:35 GMT 2008


The branch, v3-2-ctdb has been updated
       via  c59af65901e6fa066e37b0c9da3f6e5b50e5704a (commit)
       via  0bd8f512c1736438c579aa9107319df5056cfee5 (commit)
       via  a6590a645d55876afdd038a641903d4ed998d4df (commit)
       via  743f9d1118947df647db1282cc0d44f6f7588cbc (commit)
       via  92f8b64f1b67abe732ada8f81c78240f5f32d0b4 (commit)
       via  58cdad02b677ae5819e596edea374f6d984c7db7 (commit)
       via  5451b7bc2b2c1cd18bb93c673dbaeb4a46887220 (commit)
       via  ca6abe224cfeb368e60ca7660be0fd762c3a1865 (commit)
       via  22e5a49d6dc67f0e0d55c1d41d906bbf546feabb (commit)
       via  918c415e6ddbca35e87010aa08693a23a0acc1a3 (commit)
       via  bd9f49e4d8a8d82f88fc005d447c89a6e865cb0a (commit)
       via  1793c8393318abe91f2b43c012495e600ab48174 (commit)
       via  c3f804a303d9a8e47658480ec79d9387599d3503 (commit)
       via  0fcb1409c95f5e994c10a4ac87699f156339a96c (commit)
      from  952c07ea24aa120eaaace2ab623b13211d75961a (commit)

http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb


- Log -----------------------------------------------------------------
commit c59af65901e6fa066e37b0c9da3f6e5b50e5704a
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 02:01:44 2008 +0100

    winbindd/nss_info: fix default backend handling for ad backends.
    
    This fixes "winbind nss info = rfc2307" (or sfu or sfu20).
    Originally, only explicitly configured domains (like "rfc2307:domain")
    worked with the ad module, since the domain name was not passed
    backe to the module. This is fixed by recording the first backend
    listed without domain in the "winbind nss info" parameter as the
    default backend, and creating new nss_domain entries (using this default
    backend) on the fly as requests for domains which are not explicitly
    configured are encountered.
    
    Michael

commit 0bd8f512c1736438c579aa9107319df5056cfee5
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 00:56:50 2008 +0100

    winbindd/nss_info: whitespace cleanup.
    
    Remove trailing spaces and fix tab / space mixup.
    
    Michael

commit a6590a645d55876afdd038a641903d4ed998d4df
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 23:00:19 2008 +0100

    winbindd_cache: add debugging to get_nss_info_cached()
    
    Michael

commit 743f9d1118947df647db1282cc0d44f6f7588cbc
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:57:41 2008 +0100

    winbindd/nss_info: add entry debug message to nss_get_info()
    
    Michael

commit 92f8b64f1b67abe732ada8f81c78240f5f32d0b4
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:54:42 2008 +0100

    winbindd/nss_info: add debugging to nss_init()
    
    Michael

commit 58cdad02b677ae5819e596edea374f6d984c7db7
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:50:26 2008 +0100

    winbindd/idmap_ad: add entry debug message to nss_ad_get_info()
    
    Michael

commit 5451b7bc2b2c1cd18bb93c673dbaeb4a46887220
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 23:09:49 2008 +0100

    winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661)
    
    This initial fix does at least work for explicitly configured domains.
    
    The patch has a few disadvantages:
    
    1. It does work only for explicitly configured domains, not with
       the default backend (idmap backend = ad), since it relies on the
       domain name being passed in via the idmap_domain. One workaround
       for this would be to create clones of the default idmap_domain
       for domains not explicitly configured.
    
    2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection.
       The problem here is that only the NetBIOS domain name (workgroup
       name) is passed in via the idmap_domain struct, and the module
       has to establish a connection to the domain based on that information.
       find_domain_from_name_noinit() has the disadvantage that it uses the state
       of the domain list at fork time (unless used from the main winbindd).
       But this should be ok as long as the primary domain was reachable at
       start time.
    
    For nss_info, the situation is similar - This will only work for domains
    explicitly configured in smb.conf as follows:
    "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4"
    Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20)
    will fail since the domain name is not passed in with the nss_domain_entry.
    
    Michael

commit ca6abe224cfeb368e60ca7660be0fd762c3a1865
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 22:23:34 2008 +0100

    winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to common function.
    
    Michael

commit 22e5a49d6dc67f0e0d55c1d41d906bbf546feabb
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 15:16:22 2008 +0100

    winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info()
    
    in preparation to using the idmap_ad_context there
    
    Michael

commit 918c415e6ddbca35e87010aa08693a23a0acc1a3
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:40:42 2008 +0100

    winbindd/idmap: add diagnostic entry debug msg to idmap_backends_sid_to_unixid
    
    Michael

commit bd9f49e4d8a8d82f88fc005d447c89a6e865cb0a
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:40:01 2008 +0100

    winbindd/idmap: add diagnostic entry debug msg to idmap_backends_unixid_to_sid
    
    Michael

commit 1793c8393318abe91f2b43c012495e600ab48174
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:08:46 2008 +0100

    winbindd/idmap: add diagnostic entry debug msg to idmap_find_domain().
    
    Michael

commit c3f804a303d9a8e47658480ec79d9387599d3503
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:05:19 2008 +0100

    winbindd/idmap_util: unify entering debug messages and add ouput of domain
    
    Michael

commit 0fcb1409c95f5e994c10a4ac87699f156339a96c
Author: Michael Adam <obnox at samba.org>
Date:   Sat Nov 29 00:15:15 2008 +0100

    Revert "Fix "getent passwd" with empty winbindd_idmap.tdb"
    
    This reverts commit ef6aa2d0665de3b42b6761bd53e005a7091dd512.
    
    Not passing the domain we have to idmap_sid_to[ug]id() from
    winbindd_fill_pwent() will ignore explicitly configured backends
    for the given domain and ask the default backend instead.
    This will taint the cache with mappings from the default backend
    even for sids that would get mapped by the explicit backend.
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source/winbindd/idmap.c          |   10 +
 source/winbindd/idmap_ad.c       |  366 ++++++++++++++++++++++++--------------
 source/winbindd/idmap_util.c     |   12 +-
 source/winbindd/nss_info.c       |  146 ++++++++++-----
 source/winbindd/winbindd_cache.c |    7 +
 source/winbindd/winbindd_user.c  |    4 +-
 6 files changed, 355 insertions(+), 190 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/idmap.c b/source/winbindd/idmap.c
index 154fbea..cf77e88 100644
--- a/source/winbindd/idmap.c
+++ b/source/winbindd/idmap.c
@@ -462,6 +462,9 @@ static struct idmap_domain *idmap_find_domain(const char *domname)
 	struct idmap_domain *result;
 	int i;
 
+	DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
+		   domname?domname:"NULL"));
+
 	/*
 	 * Always init the default domain, we can't go without one
 	 */
@@ -719,6 +722,10 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
 	struct idmap_domain *dom;
 	struct id_map *maps[2];
 
+	 DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
+		    "(type %d)\n",
+		    domname?domname:"NULL", id->xid.id, id->xid.type));
+
 	maps[0] = id;
 	maps[1] = NULL;
 
@@ -735,6 +742,9 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
 	struct idmap_domain *dom;
 	struct id_map *maps[2];
 
+	 DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n",
+		    domain?domain:"NULL", sid_string_dbg(id->sid)));
+
 	maps[0] = id;
 	maps[1] = NULL;
 
diff --git a/source/winbindd/idmap_ad.c b/source/winbindd/idmap_ad.c
index d7c8749..c2b4bc7 100644
--- a/source/winbindd/idmap_ad.c
+++ b/source/winbindd/idmap_ad.c
@@ -9,6 +9,7 @@
  * Copyright (C) Andrew Bartlett <abartlet at samba.org> 2003
  * Copyright (C) Gerald (Jerry) Carter 2004-2007
  * Copyright (C) Luke Howard 2001-2004
+ * Copyright (C) Michael Adam 2008
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,6 +26,7 @@
  */
 
 #include "includes.h"
+#include "winbindd.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -43,31 +45,39 @@
 struct idmap_ad_context {
 	uint32_t filter_low_id;
 	uint32_t filter_high_id;
+	ADS_STRUCT *ads;
+	struct posix_schema *ad_schema;
+	enum wb_posix_mapping ad_map_type; /* WB_POSIX_MAP_UNKNOWN */
 };
 
 NTSTATUS init_module(void);
 
-static ADS_STRUCT *ad_idmap_ads = NULL;
-static struct posix_schema *ad_schema = NULL;
-static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN;
-
 /************************************************************************
  ***********************************************************************/
 
-static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
+static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
 	bool local = False;
 	fstring dc_name;
 	struct sockaddr_storage dc_ip;
+	struct idmap_ad_context *ctx;
+	char *ldap_server = NULL;
+	char *realm = NULL;
+	struct winbindd_domain *wb_dom;
 
-	if (ad_idmap_ads != NULL) {
+	DEBUG(10, ("ad_idmap_cached_connection: called for domain '%s'\n",
+		   dom->name));
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
+
+	if (ctx->ads != NULL) {
 
 		time_t expire;
 		time_t now = time(NULL);
 
-		ads = ad_idmap_ads;
+		ads = ctx->ads;
 
 		expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
 
@@ -76,15 +86,15 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 			  (uint32)expire-(uint32)now, (uint32) expire, (uint32) now));
 
 		if ( ads->config.realm && (expire > time(NULL))) {
-			return ads;
+			return ADS_SUCCESS;
 		} else {
 			/* we own this ADS_STRUCT so make sure it goes away */
 			DEBUG(7,("Deleting expired krb5 credential cache\n"));
 			ads->is_mine = True;
 			ads_destroy( &ads );
 			ads_kdestroy(WINBIND_CCACHE_NAME);
-			ad_idmap_ads = NULL;
-			TALLOC_FREE( ad_schema );			
+			ctx->ads = NULL;
+			TALLOC_FREE( ctx->ad_schema );
 		}
 	}
 
@@ -93,9 +103,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 		setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
 	}
 
-	if ( (ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL ) {
+	/*
+	 * At this point we only have the NetBIOS domain name.
+	 * Check if we can get server nam and realm from SAF cache
+	 * and the domain list.
+	 */
+	ldap_server = saf_fetch(dom->name);
+	DEBUG(10, ("ldap_server from saf cache: '%s'\n", ldap_server?ldap_server:""));
+
+	wb_dom = find_domain_from_name_noinit(dom->name);
+	if (wb_dom == NULL) {
+		DEBUG(10, ("find_domain_from_name_noinit did not find domain '%s'\n",
+			   dom->name));
+		realm = NULL;
+	} else {
+		DEBUG(10, ("find_domain_from_name_noinit found realm '%s' for "
+			  " domain '%s'\n", wb_dom->alt_name, dom->name));
+		realm = wb_dom->alt_name;
+	}
+
+	if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) {
 		DEBUG(1,("ads_init failed\n"));
-		return NULL;
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 	}
 
 	/* the machine acct password might have change - fetch it every time */
@@ -107,54 +136,57 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 
 	/* setup server affinity */
 
-	get_dc_name( NULL, ads->auth.realm, dc_name, &dc_ip );
+	get_dc_name(dom->name, realm, dc_name, &dc_ip );
 	
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(1, ("ad_idmap_init: failed to connect to AD\n"));
 		ads_destroy(&ads);
-		return NULL;
+		return status;
 	}
 
 	ads->is_mine = False;
 
-	ad_idmap_ads = ads;
+	ctx->ads = ads;
 
-	return ads;
+	return ADS_SUCCESS;
 }
 
 /************************************************************************
  ***********************************************************************/
 
-static ADS_STRUCT *ad_idmap_cached_connection(void)
+static ADS_STATUS ad_idmap_cached_connection(struct idmap_domain *dom)
 {
-	ADS_STRUCT *ads = ad_idmap_cached_connection_internal();
-	
-	if ( !ads )
-		return NULL;
+	ADS_STATUS status;
+	struct idmap_ad_context * ctx;
+
+	status = ad_idmap_cached_connection_internal(dom);
+	if (!ADS_ERR_OK(status)) {
+		return status;
+	}
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
 
 	/* if we have a valid ADS_STRUCT and the schema model is
 	   defined, then we can return here. */
 
-	if ( ad_schema )
-		return ads;
+	if ( ctx->ad_schema ) {
+		return ADS_SUCCESS;
+	}
 
 	/* Otherwise, set the schema model */
 
-	if ( (ad_map_type ==  WB_POSIX_MAP_SFU) ||
-	     (ad_map_type ==  WB_POSIX_MAP_SFU20) || 
-	     (ad_map_type ==  WB_POSIX_MAP_RFC2307) ) 
+	if ( (ctx->ad_map_type ==  WB_POSIX_MAP_SFU) ||
+	     (ctx->ad_map_type ==  WB_POSIX_MAP_SFU20) ||
+	     (ctx->ad_map_type ==  WB_POSIX_MAP_RFC2307) )
 	{
-		ADS_STATUS schema_status;
-		
-		schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema);
-		if ( !ADS_ERR_OK(schema_status) ) {
+		status = ads_check_posix_schema_mapping(NULL, ctx->ads, ctx->ad_map_type, &ctx->ad_schema);
+		if ( !ADS_ERR_OK(status) ) {
 			DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n"));
-			return NULL;			
 		}
 	}
 	
-	return ads;
+	return status;
 }
 
 /************************************************************************
@@ -190,17 +222,18 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom,
 		}
 	}
 
+	/* default map type */
+	ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
+
 	/* schema mode */
-	if ( ad_map_type == WB_POSIX_MAP_UNKNOWN )
-		ad_map_type = WB_POSIX_MAP_RFC2307;
 	schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL);
 	if ( schema_mode && schema_mode[0] ) {
 		if ( strequal(schema_mode, "sfu") )
-			ad_map_type = WB_POSIX_MAP_SFU;
+			ctx->ad_map_type = WB_POSIX_MAP_SFU;
 		else if ( strequal(schema_mode, "sfu20" ) )
-			ad_map_type = WB_POSIX_MAP_SFU20;
+			ctx->ad_map_type = WB_POSIX_MAP_SFU20;
 		else if ( strequal(schema_mode, "rfc2307" ) )
-			ad_map_type = WB_POSIX_MAP_RFC2307;
+			ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
 		else
 			DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n",
 				 schema_mode));
@@ -256,7 +289,6 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
 	TALLOC_CTX *memctx;
 	struct idmap_ad_context *ctx;
 	ADS_STATUS rc;
-	ADS_STRUCT *ads;
 	const char *attrs[] = { "sAMAccountType", 
 				"objectSid",
 				NULL, /* uidnumber */
@@ -284,14 +316,16 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if ( (ads = ad_idmap_cached_connection()) == NULL ) {
-		DEBUG(1, ("ADS uninitialized\n"));
+	rc = ad_idmap_cached_connection(dom);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
+		/* ret = ads_ntstatus(rc); */
 		goto done;
 	}
 
-	attrs[2] = ad_schema->posix_uidnumber_attr;
-	attrs[3] = ad_schema->posix_gidnumber_attr;
+	attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
+	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 again:
 	bidx = idx;
@@ -308,7 +342,7 @@ again:
 							   ATYPE_INTERDOMAIN_TRUST);
 			}
 			u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)",
-							  ad_schema->posix_uidnumber_attr,
+							  ctx->ad_schema->posix_uidnumber_attr,
 							  (unsigned long)ids[idx]->xid.id);
 			CHECK_ALLOC_DONE(u_filter);
 			break;
@@ -322,7 +356,7 @@ again:
 							   ATYPE_SECURITY_LOCAL_GROUP);
 			}
 			g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)",
-							  ad_schema->posix_gidnumber_attr,
+							  ctx->ad_schema->posix_gidnumber_attr,
 							  (unsigned long)ids[idx]->xid.id);
 			CHECK_ALLOC_DONE(g_filter);
 			break;
@@ -348,14 +382,14 @@ again:
 	filter = talloc_asprintf_append_buffer(filter, ")");
 	CHECK_ALLOC_DONE(filter);
 
-	rc = ads_search_retry(ads, &res, filter, attrs);
+	rc = ads_search_retry(ctx->ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if ( (count = ads_count_replies(ads, res)) == 0 ) {
+	if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) {
 		DEBUG(10, ("No IDs found\n"));
 	}
 
@@ -368,9 +402,9 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, entry);
+			entry = ads_first_entry(ctx->ads, entry);
 		} else { /* following ones */
-			entry = ads_next_entry(ads, entry);
+			entry = ads_next_entry(ctx->ads, entry);
 		}
 
 		if ( !entry ) {
@@ -379,13 +413,13 @@ again:
 		}
 
 		/* first check if the SID is present */
-		if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
+		if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) {
 			DEBUG(2, ("Could not retrieve SID from entry\n"));
 			continue;
 		}
 
 		/* get type */
-		if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
+		if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) {
 			DEBUG(1, ("could not get SAM account type\n"));
 			continue;
 		}
@@ -405,9 +439,9 @@ again:
 			continue;
 		}
 
-		if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? 
-				                 ad_schema->posix_uidnumber_attr : 
-				                 ad_schema->posix_gidnumber_attr, 
+		if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ?
+				                 ctx->ad_schema->posix_uidnumber_attr :
+				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
 			DEBUG(1, ("Could not get unix ID\n"));
@@ -439,7 +473,7 @@ again:
 	}
 
 	if (res) {
-		ads_msgfree(ads, res);
+		ads_msgfree(ctx->ads, res);
 	}
 
 	if (ids[idx]) { /* still some values to map */
@@ -468,7 +502,6 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 	TALLOC_CTX *memctx;
 	struct idmap_ad_context *ctx;
 	ADS_STATUS rc;
-	ADS_STRUCT *ads;
 	const char *attrs[] = { "sAMAccountType", 
 				"objectSid",
 				NULL, /* attr_uidnumber */
@@ -495,14 +528,22 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if ( (ads = ad_idmap_cached_connection()) == NULL ) {
-		DEBUG(1, ("ADS uninitialized\n"));
+	rc = ad_idmap_cached_connection(dom);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc)));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		/* ret = ads_ntstatus(rc); */
+		goto done;
+	}
+
+	if (ctx->ad_schema == NULL) {
+		DEBUG(0, ("haven't got ctx->ad_schema ! \n"));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	attrs[2] = ad_schema->posix_uidnumber_attr;
-	attrs[3] = ad_schema->posix_gidnumber_attr;
+	attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
+	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 again:
 	filter = talloc_asprintf(memctx, "(&(|"
@@ -527,14 +568,14 @@ again:
 	CHECK_ALLOC_DONE(filter);
 	DEBUG(10, ("Filter: [%s]\n", filter));
 
-	rc = ads_search_retry(ads, &res, filter, attrs);
+	rc = ads_search_retry(ctx->ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if ( (count = ads_count_replies(ads, res)) == 0 ) {
+	if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) {
 		DEBUG(10, ("No IDs found\n"));
 	}
 
@@ -547,9 +588,9 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, entry);
+			entry = ads_first_entry(ctx->ads, entry);
 		} else { /* following ones */
-			entry = ads_next_entry(ads, entry);
+			entry = ads_next_entry(ctx->ads, entry);
 		}
 
 		if ( !entry ) {
@@ -558,7 +599,7 @@ again:
 		}
 
 		/* first check if the SID is present */
-		if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
+		if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) {
 			DEBUG(2, ("Could not retrieve SID from entry\n"));
 			continue;
 		}
@@ -570,7 +611,7 @@ again:
 		}
 
 		/* get type */
-		if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
+		if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) {
 			DEBUG(1, ("could not get SAM account type\n"));
 			continue;
 		}
@@ -590,9 +631,9 @@ again:
 			continue;
 		}
 
-		if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? 
-				                 ad_schema->posix_uidnumber_attr : 
-				                 ad_schema->posix_gidnumber_attr, 
+		if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ?
+				                 ctx->ad_schema->posix_uidnumber_attr :
+				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
 			DEBUG(1, ("Could not get unix ID\n"));
@@ -617,7 +658,7 @@ again:
 	}
 
 	if (res) {
-		ads_msgfree(ads, res);
+		ads_msgfree(ctx->ads, res);
 	}
 
 	if (ids[idx]) { /* still some values to map */
@@ -642,16 +683,18 @@ done:
 
 static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
 {
-	ADS_STRUCT *ads = ad_idmap_ads;
+	struct idmap_ad_context * ctx;
 
-	if (ads != NULL) {
+	ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
+
+	if (ctx->ads != NULL) {
 		/* we own this ADS_STRUCT so make sure it goes away */
-		ads->is_mine = True;
-		ads_destroy( &ads );
-		ad_idmap_ads = NULL;
+		ctx->ads->is_mine = True;
+		ads_destroy( &ctx->ads );
+		ctx->ads = NULL;
 	}
 
-	TALLOC_FREE( ad_schema );
+	TALLOC_FREE( ctx->ad_schema );
 	
 	return NT_STATUS_OK;
 }
@@ -664,66 +707,107 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
  Initialize the {sfu,sfu20,rfc2307} state
  ***********************************************************************/


-- 
SAMBA-CTDB repository


More information about the samba-cvs mailing list