[SCM] Samba Shared Repository - branch master updated - 0744c32678da3757d5e16802e4c153bae72b961a

Michael Adam obnox at samba.org
Mon Dec 1 04:34:23 GMT 2008


The branch, master has been updated
       via  0744c32678da3757d5e16802e4c153bae72b961a (commit)
       via  c77435caaf46734429fc3cea2e612cc17ca0d7ae (commit)
       via  37be1f6d086084206b5153a15c2ac2e18793cceb (commit)
       via  a7e60befdce5f6d131cbe5789cc94dbd2624fd38 (commit)
       via  af6f1b4085d82e44277b2505875f667065586eb6 (commit)
       via  09d05bcffe9553d28876daed86ea0761f2506997 (commit)
       via  1048c2ccbea1ce76719a6ac320ec9104e896db8f (commit)
       via  82ee6d2f7d254a704574744bf9f25dcb0e2ab7cf (commit)
       via  484fa90aefe131d5dd67c458b365045dbf6c7e78 (commit)
       via  be233ae32a573ba5048dff9d9fa30869493cf4ff (commit)
       via  73fddcd656718fcd2aeb1b452e4f8a8c2b19fa65 (commit)
       via  11d5b1a21a4ca3bbc9b9233a6afb2cb4546b736e (commit)
       via  7b4e54359fcd455c4aaf6a4c3d9f510d7ab17c02 (commit)
       via  5f5fa28c5d95c0ab117a33061c318eabd4a92246 (commit)
       via  67cc93c4a237921d2b54d20bfde5eb6754c13271 (commit)
       via  757a1f5132747807f7870097fab358b150f2790b (commit)
      from  8340d100f6048776f6fd87704a10e7c103714ae7 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0744c32678da3757d5e16802e4c153bae72b961a
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 04:22:33 2008 +0100

    s3:winbindd/nss_info: remove unused variable from nss_init()
    
    Michael

commit c77435caaf46734429fc3cea2e612cc17ca0d7ae
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 04:22:02 2008 +0100

    s3:winbindd/nss_info: make nss_domain_list_add_domain() static
    
    Michael

commit 37be1f6d086084206b5153a15c2ac2e18793cceb
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 02:01:44 2008 +0100

    s3:winbindd/nss_info: fix default backend handling for ad backends.
    
    This fixes "winbind nss info = rfc2307" (or sfu or sfu20).
    Originally, only explicitly configured domains (like "rfc2307:domain")
    worked with the ad module, since the domain name was not passed
    backe to the module. This is fixed by recording the first backend
    listed without domain in the "winbind nss info" parameter as the
    default backend, and creating new nss_domain entries (using this default
    backend) on the fly as requests for domains which are not explicitly
    configured are encountered.
    
    Michael

commit a7e60befdce5f6d131cbe5789cc94dbd2624fd38
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 00:56:50 2008 +0100

    s3:winbindd/nss_info: whitespace cleanup.
    
    Remove trailing spaces and fix tab / space mixup.
    
    Michael

commit af6f1b4085d82e44277b2505875f667065586eb6
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 23:00:19 2008 +0100

    s3:winbindd_cache: add debugging to get_nss_info_cached()
    
    Michael

commit 09d05bcffe9553d28876daed86ea0761f2506997
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:57:41 2008 +0100

    s3:winbindd/nss_info: add entry debug message to nss_get_info()
    
    Michael

commit 1048c2ccbea1ce76719a6ac320ec9104e896db8f
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:54:42 2008 +0100

    s3:winbindd/nss_info: add debugging to nss_init()
    
    Michael

commit 82ee6d2f7d254a704574744bf9f25dcb0e2ab7cf
Author: Michael Adam <obnox at samba.org>
Date:   Sun Nov 30 22:50:26 2008 +0100

    s3:winbindd/idmap_ad: add entry debug message to nss_ad_get_info()
    
    Michael

commit 484fa90aefe131d5dd67c458b365045dbf6c7e78
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 23:09:49 2008 +0100

    s3:winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661)
    
    This initial fix does at least work for explicitly configured domains.
    
    The patch has a few disadvantages:
    
    1. It does work only for explicitly configured domains, not with
       the default backend (idmap backend = ad), since it relies on the
       domain name being passed in via the idmap_domain. One workaround
       for this would be to create clones of the default idmap_domain
       for domains not explicitly configured.
    
    2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection.
       The problem here is that only the NetBIOS domain name (workgroup
       name) is passed in via the idmap_domain struct, and the module
       has to establish a connection to the domain based on that information.
       find_domain_from_name_noinit() has the disadvantage that it uses the state
       of the domain list at fork time (unless used from the main winbindd).
       But this should be ok as long as the primary domain was reachable at
       start time.
    
    For nss_info, the situation is similar - This will only work for domains
    explicitly configured in smb.conf as follows:
    "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4"
    Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20)
    will fail since the domain name is not passed in with the nss_domain_entry.
    
    Michael

commit be233ae32a573ba5048dff9d9fa30869493cf4ff
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 22:23:34 2008 +0100

    s3:winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to common function.
    
    Michael

commit 73fddcd656718fcd2aeb1b452e4f8a8c2b19fa65
Author: Michael Adam <obnox at samba.org>
Date:   Wed Nov 26 15:16:22 2008 +0100

    s3:winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info()
    
    in preparation to using the idmap_ad_context there
    
    Michael

commit 11d5b1a21a4ca3bbc9b9233a6afb2cb4546b736e
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:40:42 2008 +0100

    s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_sid_to_unixid
    
    Michael

commit 7b4e54359fcd455c4aaf6a4c3d9f510d7ab17c02
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:40:01 2008 +0100

    s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_unixid_to_sid
    
    Michael

commit 5f5fa28c5d95c0ab117a33061c318eabd4a92246
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:08:46 2008 +0100

    s3:winbindd/idmap: add diagnostic entry debug msg to idmap_find_domain().
    
    Michael

commit 67cc93c4a237921d2b54d20bfde5eb6754c13271
Author: Michael Adam <obnox at samba.org>
Date:   Fri Nov 28 10:05:19 2008 +0100

    s3:winbindd/idmap_util: unify entering debug messages and add ouput of domain
    
    Michael

commit 757a1f5132747807f7870097fab358b150f2790b
Author: Michael Adam <obnox at samba.org>
Date:   Mon Dec 1 04:17:55 2008 +0100

    s3:winbindd/nss_info: change nss_map_{to|from}_alias to take nss_domain_entry
    
    instead of just the domain name
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source3/include/nss_info.h               |   10 +-
 source3/winbindd/idmap.c                 |   10 +
 source3/winbindd/idmap_ad.c              |  414 +++++++++++++++++++-----------
 source3/winbindd/idmap_adex/idmap_adex.c |   16 +-
 source3/winbindd/idmap_hash/idmap_hash.c |    6 +-
 source3/winbindd/idmap_util.c            |   12 +-
 source3/winbindd/nss_info.c              |  151 +++++++----
 source3/winbindd/nss_info_template.c     |    4 +-
 source3/winbindd/winbindd_cache.c        |    7 +
 9 files changed, 405 insertions(+), 225 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/nss_info.h b/source3/include/nss_info.h
index e756136..0224be0 100644
--- a/source3/include/nss_info.h
+++ b/source3/include/nss_info.h
@@ -66,10 +66,12 @@ struct nss_info_methods {
 				  TALLOC_CTX *ctx, 
 				  ADS_STRUCT *ads, LDAPMessage *msg,
 				  char **homedir, char **shell, char **gecos, gid_t *p_gid);
-	NTSTATUS (*map_to_alias)( TALLOC_CTX *mem_ctx, const char *domain,
-				  const char *name, char **alias );
-	NTSTATUS (*map_from_alias)( TALLOC_CTX *mem_ctx, const char *domain,
-				    const char *alias, char **name );
+	NTSTATUS (*map_to_alias)(TALLOC_CTX *mem_ctx,
+				 struct nss_domain_entry *e,
+				 const char *name, char **alias);
+	NTSTATUS (*map_from_alias)(TALLOC_CTX *mem_ctx,
+				   struct nss_domain_entry *e,
+				   const char *alias, char **name);
 	NTSTATUS (*close_fn)( void );
 };
 
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 054df9b..aaba7e5 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -461,6 +461,9 @@ static struct idmap_domain *idmap_find_domain(const char *domname)
 	struct idmap_domain *result;
 	int i;
 
+	DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
+		   domname?domname:"NULL"));
+
 	/*
 	 * Always init the default domain, we can't go without one
 	 */
@@ -725,6 +728,10 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id)
 	struct idmap_domain *dom;
 	struct id_map *maps[2];
 
+	 DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d "
+		    "(type %d)\n",
+		    domname?domname:"NULL", id->xid.id, id->xid.type));
+
 	maps[0] = id;
 	maps[1] = NULL;
 
@@ -751,6 +758,9 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
 	struct idmap_domain *dom;
 	struct id_map *maps[2];
 
+	 DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n",
+		    domain?domain:"NULL", sid_string_dbg(id->sid)));
+
 	maps[0] = id;
 	maps[1] = NULL;
 
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 60a2d86..05d7d98 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -9,6 +9,7 @@
  * Copyright (C) Andrew Bartlett <abartlet at samba.org> 2003
  * Copyright (C) Gerald (Jerry) Carter 2004-2007
  * Copyright (C) Luke Howard 2001-2004
+ * Copyright (C) Michael Adam 2008
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,6 +26,7 @@
  */
 
 #include "includes.h"
+#include "winbindd.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_IDMAP
@@ -43,31 +45,39 @@
 struct idmap_ad_context {
 	uint32_t filter_low_id;
 	uint32_t filter_high_id;
+	ADS_STRUCT *ads;
+	struct posix_schema *ad_schema;
+	enum wb_posix_mapping ad_map_type; /* WB_POSIX_MAP_UNKNOWN */
 };
 
 NTSTATUS init_module(void);
 
-static ADS_STRUCT *ad_idmap_ads = NULL;
-static struct posix_schema *ad_schema = NULL;
-static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN;
-
 /************************************************************************
  ***********************************************************************/
 
-static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
+static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom)
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
 	bool local = False;
 	fstring dc_name;
 	struct sockaddr_storage dc_ip;
+	struct idmap_ad_context *ctx;
+	char *ldap_server = NULL;
+	char *realm = NULL;
+	struct winbindd_domain *wb_dom;
+
+	DEBUG(10, ("ad_idmap_cached_connection: called for domain '%s'\n",
+		   dom->name));
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
 
-	if (ad_idmap_ads != NULL) {
+	if (ctx->ads != NULL) {
 
 		time_t expire;
 		time_t now = time(NULL);
 
-		ads = ad_idmap_ads;
+		ads = ctx->ads;
 
 		expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
 
@@ -76,15 +86,15 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 			  (uint32)expire-(uint32)now, (uint32) expire, (uint32) now));
 
 		if ( ads->config.realm && (expire > time(NULL))) {
-			return ads;
+			return ADS_SUCCESS;
 		} else {
 			/* we own this ADS_STRUCT so make sure it goes away */
 			DEBUG(7,("Deleting expired krb5 credential cache\n"));
 			ads->is_mine = True;
 			ads_destroy( &ads );
 			ads_kdestroy(WINBIND_CCACHE_NAME);
-			ad_idmap_ads = NULL;
-			TALLOC_FREE( ad_schema );			
+			ctx->ads = NULL;
+			TALLOC_FREE( ctx->ad_schema );
 		}
 	}
 
@@ -93,9 +103,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 		setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
 	}
 
-	if ( (ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL ) {
+	/*
+	 * At this point we only have the NetBIOS domain name.
+	 * Check if we can get server nam and realm from SAF cache
+	 * and the domain list.
+	 */
+	ldap_server = saf_fetch(dom->name);
+	DEBUG(10, ("ldap_server from saf cache: '%s'\n", ldap_server?ldap_server:""));
+
+	wb_dom = find_domain_from_name_noinit(dom->name);
+	if (wb_dom == NULL) {
+		DEBUG(10, ("find_domain_from_name_noinit did not find domain '%s'\n",
+			   dom->name));
+		realm = NULL;
+	} else {
+		DEBUG(10, ("find_domain_from_name_noinit found realm '%s' for "
+			  " domain '%s'\n", wb_dom->alt_name, dom->name));
+		realm = wb_dom->alt_name;
+	}
+
+	if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) {
 		DEBUG(1,("ads_init failed\n"));
-		return NULL;
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 	}
 
 	/* the machine acct password might have change - fetch it every time */
@@ -107,54 +136,57 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
 
 	/* setup server affinity */
 
-	get_dc_name( NULL, ads->auth.realm, dc_name, &dc_ip );
+	get_dc_name(dom->name, realm, dc_name, &dc_ip );
 	
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(1, ("ad_idmap_init: failed to connect to AD\n"));
 		ads_destroy(&ads);
-		return NULL;
+		return status;
 	}
 
 	ads->is_mine = False;
 
-	ad_idmap_ads = ads;
+	ctx->ads = ads;
 
-	return ads;
+	return ADS_SUCCESS;
 }
 
 /************************************************************************
  ***********************************************************************/
 
-static ADS_STRUCT *ad_idmap_cached_connection(void)
+static ADS_STATUS ad_idmap_cached_connection(struct idmap_domain *dom)
 {
-	ADS_STRUCT *ads = ad_idmap_cached_connection_internal();
-	
-	if ( !ads )
-		return NULL;
+	ADS_STATUS status;
+	struct idmap_ad_context * ctx;
+
+	status = ad_idmap_cached_connection_internal(dom);
+	if (!ADS_ERR_OK(status)) {
+		return status;
+	}
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
 
 	/* if we have a valid ADS_STRUCT and the schema model is
 	   defined, then we can return here. */
 
-	if ( ad_schema )
-		return ads;
+	if ( ctx->ad_schema ) {
+		return ADS_SUCCESS;
+	}
 
 	/* Otherwise, set the schema model */
 
-	if ( (ad_map_type ==  WB_POSIX_MAP_SFU) ||
-	     (ad_map_type ==  WB_POSIX_MAP_SFU20) || 
-	     (ad_map_type ==  WB_POSIX_MAP_RFC2307) ) 
+	if ( (ctx->ad_map_type ==  WB_POSIX_MAP_SFU) ||
+	     (ctx->ad_map_type ==  WB_POSIX_MAP_SFU20) ||
+	     (ctx->ad_map_type ==  WB_POSIX_MAP_RFC2307) )
 	{
-		ADS_STATUS schema_status;
-		
-		schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema);
-		if ( !ADS_ERR_OK(schema_status) ) {
+		status = ads_check_posix_schema_mapping(NULL, ctx->ads, ctx->ad_map_type, &ctx->ad_schema);
+		if ( !ADS_ERR_OK(status) ) {
 			DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n"));
-			return NULL;			
 		}
 	}
 	
-	return ads;
+	return status;
 }
 
 /************************************************************************
@@ -190,17 +222,18 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom,
 		}
 	}
 
+	/* default map type */
+	ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
+
 	/* schema mode */
-	if ( ad_map_type == WB_POSIX_MAP_UNKNOWN )
-		ad_map_type = WB_POSIX_MAP_RFC2307;
 	schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL);
 	if ( schema_mode && schema_mode[0] ) {
 		if ( strequal(schema_mode, "sfu") )
-			ad_map_type = WB_POSIX_MAP_SFU;
+			ctx->ad_map_type = WB_POSIX_MAP_SFU;
 		else if ( strequal(schema_mode, "sfu20" ) )
-			ad_map_type = WB_POSIX_MAP_SFU20;
+			ctx->ad_map_type = WB_POSIX_MAP_SFU20;
 		else if ( strequal(schema_mode, "rfc2307" ) )
-			ad_map_type = WB_POSIX_MAP_RFC2307;
+			ctx->ad_map_type = WB_POSIX_MAP_RFC2307;
 		else
 			DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n",
 				 schema_mode));
@@ -256,7 +289,6 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
 	TALLOC_CTX *memctx;
 	struct idmap_ad_context *ctx;
 	ADS_STATUS rc;
-	ADS_STRUCT *ads;
 	const char *attrs[] = { "sAMAccountType", 
 				"objectSid",
 				NULL, /* uidnumber */
@@ -284,14 +316,16 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if ( (ads = ad_idmap_cached_connection()) == NULL ) {
-		DEBUG(1, ("ADS uninitialized\n"));
+	rc = ad_idmap_cached_connection(dom);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
+		/* ret = ads_ntstatus(rc); */
 		goto done;
 	}
 
-	attrs[2] = ad_schema->posix_uidnumber_attr;
-	attrs[3] = ad_schema->posix_gidnumber_attr;
+	attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
+	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 again:
 	bidx = idx;
@@ -308,7 +342,7 @@ again:
 							   ATYPE_INTERDOMAIN_TRUST);
 			}
 			u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)",
-							  ad_schema->posix_uidnumber_attr,
+							  ctx->ad_schema->posix_uidnumber_attr,
 							  (unsigned long)ids[idx]->xid.id);
 			CHECK_ALLOC_DONE(u_filter);
 			break;
@@ -322,7 +356,7 @@ again:
 							   ATYPE_SECURITY_LOCAL_GROUP);
 			}
 			g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)",
-							  ad_schema->posix_gidnumber_attr,
+							  ctx->ad_schema->posix_gidnumber_attr,
 							  (unsigned long)ids[idx]->xid.id);
 			CHECK_ALLOC_DONE(g_filter);
 			break;
@@ -348,14 +382,14 @@ again:
 	filter = talloc_asprintf_append_buffer(filter, ")");
 	CHECK_ALLOC_DONE(filter);
 
-	rc = ads_search_retry(ads, &res, filter, attrs);
+	rc = ads_search_retry(ctx->ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if ( (count = ads_count_replies(ads, res)) == 0 ) {
+	if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) {
 		DEBUG(10, ("No IDs found\n"));
 	}
 
@@ -368,9 +402,9 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, entry);
+			entry = ads_first_entry(ctx->ads, entry);
 		} else { /* following ones */
-			entry = ads_next_entry(ads, entry);
+			entry = ads_next_entry(ctx->ads, entry);
 		}
 
 		if ( !entry ) {
@@ -379,13 +413,13 @@ again:
 		}
 
 		/* first check if the SID is present */
-		if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
+		if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) {
 			DEBUG(2, ("Could not retrieve SID from entry\n"));
 			continue;
 		}
 
 		/* get type */
-		if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
+		if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) {
 			DEBUG(1, ("could not get SAM account type\n"));
 			continue;
 		}
@@ -405,9 +439,9 @@ again:
 			continue;
 		}
 
-		if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? 
-				                 ad_schema->posix_uidnumber_attr : 
-				                 ad_schema->posix_gidnumber_attr, 
+		if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ?
+				                 ctx->ad_schema->posix_uidnumber_attr :
+				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
 			DEBUG(1, ("Could not get unix ID\n"));
@@ -439,7 +473,7 @@ again:
 	}
 
 	if (res) {
-		ads_msgfree(ads, res);
+		ads_msgfree(ctx->ads, res);
 	}
 
 	if (ids[idx]) { /* still some values to map */
@@ -468,7 +502,6 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 	TALLOC_CTX *memctx;
 	struct idmap_ad_context *ctx;
 	ADS_STATUS rc;
-	ADS_STRUCT *ads;
 	const char *attrs[] = { "sAMAccountType", 
 				"objectSid",
 				NULL, /* attr_uidnumber */
@@ -495,14 +528,22 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if ( (ads = ad_idmap_cached_connection()) == NULL ) {
-		DEBUG(1, ("ADS uninitialized\n"));
+	rc = ad_idmap_cached_connection(dom);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc)));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		/* ret = ads_ntstatus(rc); */
+		goto done;
+	}
+
+	if (ctx->ad_schema == NULL) {
+		DEBUG(0, ("haven't got ctx->ad_schema ! \n"));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	attrs[2] = ad_schema->posix_uidnumber_attr;
-	attrs[3] = ad_schema->posix_gidnumber_attr;
+	attrs[2] = ctx->ad_schema->posix_uidnumber_attr;
+	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 again:
 	filter = talloc_asprintf(memctx, "(&(|"
@@ -529,14 +570,14 @@ again:
 	CHECK_ALLOC_DONE(filter);
 	DEBUG(10, ("Filter: [%s]\n", filter));
 
-	rc = ads_search_retry(ads, &res, filter, attrs);
+	rc = ads_search_retry(ctx->ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if ( (count = ads_count_replies(ads, res)) == 0 ) {
+	if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) {
 		DEBUG(10, ("No IDs found\n"));
 	}
 
@@ -549,9 +590,9 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, entry);
+			entry = ads_first_entry(ctx->ads, entry);
 		} else { /* following ones */
-			entry = ads_next_entry(ads, entry);
+			entry = ads_next_entry(ctx->ads, entry);
 		}
 
 		if ( !entry ) {
@@ -560,7 +601,7 @@ again:
 		}
 
 		/* first check if the SID is present */
-		if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
+		if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) {
 			DEBUG(2, ("Could not retrieve SID from entry\n"));
 			continue;
 		}
@@ -572,7 +613,7 @@ again:
 		}
 
 		/* get type */
-		if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
+		if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) {
 			DEBUG(1, ("could not get SAM account type\n"));
 			continue;
 		}
@@ -592,9 +633,9 @@ again:
 			continue;
 		}
 
-		if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? 
-				                 ad_schema->posix_uidnumber_attr : 
-				                 ad_schema->posix_gidnumber_attr, 
+		if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ?
+				                 ctx->ad_schema->posix_uidnumber_attr :
+				                 ctx->ad_schema->posix_gidnumber_attr,
 				     &id)) 
 		{
 			DEBUG(1, ("Could not get unix ID\n"));
@@ -619,7 +660,7 @@ again:
 	}
 
 	if (res) {
-		ads_msgfree(ads, res);
+		ads_msgfree(ctx->ads, res);
 	}
 
 	if (ids[idx]) { /* still some values to map */
@@ -644,16 +685,18 @@ done:
 
 static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
 {
-	ADS_STRUCT *ads = ad_idmap_ads;
+	struct idmap_ad_context * ctx;
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list