[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Fri Apr 15 17:14:04 UTC 2016
The branch, master has been updated
via a9b6276 winbind: Base idmap_ad on tldap
via 8905a55 winbind: handle DC_NOT_FOUND in wb_xids2sids
via f00af55 winbind: handle DC_NOT_FOUND in wb_sids2xids
via 10ae56f winbind: Add wb_dsgetdcname_gencache_[gs]et
via d5e77a8 tldap: Add tldap_gensec_bind
via 830fd78 tldap: Add tldap_get/set_stream
via 154570d idmap_ad: Separate out the nss functions
from cade673 Mask general purpose signals for notifyd.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a9b6276fbf51aba7478319f785ff3e0c9d60b6fe
Author: Volker Lendecke <vl at samba.org>
Date: Sun Dec 27 16:22:22 2015 +0100
winbind: Base idmap_ad on tldap
The main reason for this is to do proper connection management. I tried hard,
but I failed trying to slowly migrate the ads_struct based code to something
saner. So I polished tldap, which thanks to metze does proper sasl.
This patch is pretty much a complete rewrite, so looking at it in diff -u
format does not really make sense. Look at the final output.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Apr 15 19:13:39 CEST 2016 on sn-devel-144
commit 8905a5544778fc87fbdfd063a20f62f349e27430
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 12 21:21:17 2016 +0100
winbind: handle DC_NOT_FOUND in wb_xids2sids
The idmap_ad child is designed to connect to domain controllers on
its own. Finding a DC is a nontrivial task that the child should not
do on its own, in particular it should not have to connect to "our"
DC's NETLOGON pipe separately. So when idmap_ad finds that it needs to
connect to a DC, it returns NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND. The
parent then asynchronously does the lookup and stores the DC info in
gencache. After that the parent re-does the idmap child call, during
which the child will find the DC-info in gencache.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f00af55ece7eaf1ba2b906fd040807177d296f15
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 12 21:21:17 2016 +0100
winbind: handle DC_NOT_FOUND in wb_sids2xids
The idmap_ad child is designed to connect to domain controllers on
its own. Finding a DC is a nontrivial task that the child should not
do on its own, in particular it should not have to connect to "our"
DC's NETLOGON pipe separately. So when idmap_ad finds that it needs to
connect to a DC, it returns NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND. The
parent then asynchronously does the lookup and stores the DC info in
gencache. After that the parent re-does the idmap child call, during
which the child will find the DC-info in gencache.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 10ae56f1423d433fc120457135b3be70c9d8e9ea
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 14:27:32 2016 +0100
winbind: Add wb_dsgetdcname_gencache_[gs]et
This is a sneaky way to pass the DC info from the parent winbind to children
and other users.
Not sure where exactly to put these routines. For now, put them into the parent
code to find the dcinfo from "our" dc.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d5e77a81daef2e6563936c328f784cd27e3aa7b1
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 18 16:41:41 2015 +0100
tldap: Add tldap_gensec_bind
This enables sasl sign/sealed connections via tldap
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 830fd785a24baab90601d13f2556559f99a416d2
Author: Volker Lendecke <vl at samba.org>
Date: Sun Dec 27 12:37:25 2015 +0100
tldap: Add tldap_get/set_stream
This will be used to replace a nonencrypted socket with a sasl sealed one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 154570d9e9067ea419ddd5eb6920964a0935711e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 29 16:03:04 2016 +0200
idmap_ad: Separate out the nss functions
The nss functions technically right now are part of the idmap modules. However,
there is no intrinsic reason for this mixture of concerns. I would like to
heavily modify the idmap_ad idmapping functions without modifying the nss
functions (yet!!). So as a first step this patch moves the nss functions
textually out of the way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/tldap.h | 4 +
source3/lib/tldap.c | 11 +
source3/lib/tldap_gensec_bind.c | 375 ++++++
source3/lib/tldap_gensec_bind.h | 40 +
source3/winbindd/idmap_ad.c | 1454 ++++++++++-------------
source3/winbindd/{idmap_ad.c => idmap_ad_nss.c} | 501 +-------
source3/winbindd/idmap_proto.h | 2 +
source3/winbindd/wb_dsgetdcname.c | 107 ++
source3/winbindd/wb_sids2xids.c | 64 +-
source3/winbindd/wb_xids2sids.c | 52 +
source3/winbindd/winbindd_proto.h | 5 +
source3/winbindd/wscript_build | 4 +-
source3/wscript_build | 1 +
13 files changed, 1314 insertions(+), 1306 deletions(-)
create mode 100644 source3/lib/tldap_gensec_bind.c
create mode 100644 source3/lib/tldap_gensec_bind.h
copy source3/winbindd/{idmap_ad.c => idmap_ad_nss.c} (52%)
Changeset truncated at 500 lines:
diff --git a/source3/include/tldap.h b/source3/include/tldap.h
index 0d7e55d..74279a4 100644
--- a/source3/include/tldap.h
+++ b/source3/include/tldap.h
@@ -117,6 +117,10 @@ bool tevent_req_ldap_error(struct tevent_req *req, TLDAPRC rc);
bool tevent_req_is_ldap_error(struct tevent_req *req, TLDAPRC *perr);
struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd);
+struct tstream_context *tldap_get_tstream(struct tldap_context *ld);
+void tldap_set_tstream(struct tldap_context *ld,
+ struct tstream_context *stream);
+
bool tldap_connection_ok(struct tldap_context *ld);
bool tldap_context_setattr(struct tldap_context *ld,
const char *name, const void *pptr);
diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c
index 6f42e61..5fcb43c 100644
--- a/source3/lib/tldap.c
+++ b/source3/lib/tldap.c
@@ -196,6 +196,17 @@ static size_t tldap_pending_reqs(struct tldap_context *ld)
return talloc_array_length(ld->pending);
}
+struct tstream_context *tldap_get_tstream(struct tldap_context *ld)
+{
+ return ld->conn;
+}
+
+void tldap_set_tstream(struct tldap_context *ld,
+ struct tstream_context *stream)
+{
+ ld->conn = stream;
+}
+
static struct tldap_ctx_attribute *tldap_context_findattr(
struct tldap_context *ld, const char *name)
{
diff --git a/source3/lib/tldap_gensec_bind.c b/source3/lib/tldap_gensec_bind.c
new file mode 100644
index 0000000..07f7956
--- /dev/null
+++ b/source3/lib/tldap_gensec_bind.c
@@ -0,0 +1,375 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Gensec based tldap auth
+ * Copyright (C) Volker Lendecke 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "tldap_gensec_bind.h"
+#include "tldap_util.h"
+#include "lib/util/tevent_unix.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/debug.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "lib/param/param.h"
+#include "source4/auth/gensec/gensec_tstream.h"
+
+struct tldap_gensec_bind_state {
+ struct tevent_context *ev;
+ struct tldap_context *ctx;
+ struct cli_credentials *creds;
+ const char *target_service;
+ const char *target_hostname;
+ const char *target_principal;
+ struct loadparm_context *lp_ctx;
+ uint32_t gensec_features;
+
+ bool first;
+ struct gensec_security *gensec;
+ NTSTATUS gensec_status;
+ DATA_BLOB gensec_output;
+};
+
+static void tldap_gensec_bind_got_mechs(struct tevent_req *subreq);
+static void tldap_gensec_update_done(struct tevent_req *subreq);
+static void tldap_gensec_bind_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_gensec_bind_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_gensec_bind_state *state;
+
+ const char *attrs[] = { "supportedSASLMechanisms" };
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tldap_gensec_bind_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = ctx;
+ state->creds = creds;
+ state->target_service = target_service;
+ state->target_hostname = target_hostname;
+ state->target_principal = target_principal;
+ state->lp_ctx = lp_ctx;
+ state->gensec_features = gensec_features;
+ state->first = true;
+
+ subreq = tldap_search_all_send(
+ state, state->ev, state->ctx, "", TLDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, ARRAY_SIZE(attrs),
+ false, NULL, 0, NULL, 0, 0, 1 /* sizelimit */, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_bind_got_mechs, req);
+ return req;
+}
+
+static void tldap_gensec_bind_got_mechs(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ struct tldap_message **msgs, *msg, *result;
+ struct tldap_attribute *attribs, *attrib;
+ int num_attribs;
+ size_t num_msgs;
+ TLDAPRC rc;
+ int i;
+ bool ok;
+ const char **sasl_mechs;
+ NTSTATUS status;
+
+ rc = tldap_search_all_recv(subreq, state, &msgs, &result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+
+ /*
+ * TODO: Inspect "Result"
+ */
+
+ num_msgs = talloc_array_length(msgs);
+ if (num_msgs != 1) {
+ DBG_DEBUG("num_msgs = %zu\n", num_msgs);
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ msg = msgs[0];
+
+ ok = tldap_entry_attributes(msg, &attribs, &num_attribs);
+ if (!ok) {
+ DBG_DEBUG("tldap_entry_attributes failed\n");
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ if (num_attribs != 1) {
+ DBG_DEBUG("num_attribs = %d\n", num_attribs);
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ attrib = &attribs[0];
+
+ sasl_mechs = talloc_array(state, const char *, attrib->num_values+1);
+ if (tevent_req_nomem(sasl_mechs, req)) {
+ return;
+ }
+
+ for (i=0; i<attrib->num_values; i++) {
+ DATA_BLOB *v = &attrib->values[i];
+ size_t len;
+
+ ok = convert_string_talloc(sasl_mechs, CH_UTF8, CH_UNIX,
+ v->data, v->length,
+ &sasl_mechs[i], &len);
+ if (!ok) {
+ DBG_DEBUG("convert_string_talloc failed\n");
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+ sasl_mechs[attrib->num_values] = NULL;
+
+ gensec_init();
+
+ status = gensec_client_start(
+ state, &state->gensec,
+ lpcfg_gensec_settings(state, state->lp_ctx));
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_client_start failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ status = gensec_set_credentials(state->gensec, state->creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_credentials failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ status = gensec_set_target_service(state->gensec,
+ state->target_service);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_service failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ if (state->target_hostname != NULL) {
+ status = gensec_set_target_hostname(state->gensec,
+ state->target_hostname);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_hostname failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+
+ if (state->target_principal != NULL) {
+ status = gensec_set_target_principal(state->gensec,
+ state->target_principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_principal failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+
+ gensec_want_feature(state->gensec, state->gensec_features);
+
+ status = gensec_start_mech_by_sasl_list(state->gensec, sasl_mechs);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_start_mech_by_sasl_list failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev, state->gensec,
+ data_blob_null);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_update_done, req);
+}
+
+static void tldap_gensec_update_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+
+ state->gensec_status = gensec_update_recv(
+ subreq, state, &state->gensec_output);
+
+ TALLOC_FREE(subreq);
+
+ if (!NT_STATUS_IS_OK(state->gensec_status) &&
+ !NT_STATUS_EQUAL(state->gensec_status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DBG_DEBUG("gensec_update failed: %s\n",
+ nt_errstr(state->gensec_status));
+ tevent_req_ldap_error(req, TLDAP_INVALID_CREDENTIALS);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(state->gensec_status) &&
+ (state->gensec_output.length == 0)) {
+
+ if (state->first) {
+ tevent_req_ldap_error(req, TLDAP_INVALID_CREDENTIALS);
+ } else {
+ tevent_req_done(req);
+ }
+ return;
+ }
+
+ state->first = false;
+
+ subreq = tldap_sasl_bind_send(
+ state, state->ev, state->ctx, "",
+ state->gensec->ops->sasl_name, &state->gensec_output,
+ NULL, 0, NULL, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_bind_done, req);
+}
+
+static void tldap_gensec_bind_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ DATA_BLOB input;
+ TLDAPRC rc;
+
+ rc = tldap_sasl_bind_recv(subreq, state, &input);
+ TALLOC_FREE(subreq);
+ if (!TLDAP_RC_IS_SUCCESS(rc) &&
+ !TLDAP_RC_EQUAL(rc, TLDAP_SASL_BIND_IN_PROGRESS)) {
+ tevent_req_ldap_error(req, rc);
+ return;
+ }
+
+ if (TLDAP_RC_IS_SUCCESS(rc) && NT_STATUS_IS_OK(state->gensec_status)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev, state->gensec, input);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_update_done, req);
+}
+
+TLDAPRC tldap_gensec_bind_recv(struct tevent_req *req)
+{
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ struct tstream_context *plain, *sec;
+ NTSTATUS status;
+ TLDAPRC rc;
+
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+
+ if ((state->gensec_features & GENSEC_FEATURE_SIGN) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SIGN)) {
+ return TLDAP_OPERATIONS_ERROR;
+ }
+ if ((state->gensec_features & GENSEC_FEATURE_SEAL) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SEAL)) {
+ return TLDAP_OPERATIONS_ERROR;
+ }
+
+ if (!gensec_have_feature(state->gensec, GENSEC_FEATURE_SIGN) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SEAL)) {
+ return TLDAP_SUCCESS;
+ }
+
+ /*
+ * The gensec ctx needs to survive as long as the ldap context
+ * lives
+ */
+ talloc_steal(state->ctx, state->gensec);
+
+ plain = tldap_get_tstream(state->ctx);
+
+ status = gensec_create_tstream(state->ctx, state->gensec,
+ plain, &sec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_create_tstream failed: %s\n",
+ nt_errstr(status));
+ return TLDAP_OPERATIONS_ERROR;
+ }
+
+ tldap_set_tstream(state->ctx, sec);
+
+ return TLDAP_SUCCESS;
+}
+
+TLDAPRC tldap_gensec_bind(
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_gensec_bind_send(frame, ev, ctx, creds, target_service,
+ target_hostname, target_principal, lp_ctx,
+ gensec_features);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_gensec_bind_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
diff --git a/source3/lib/tldap_gensec_bind.h b/source3/lib/tldap_gensec_bind.h
new file mode 100644
index 0000000..deddc23
--- /dev/null
+++ b/source3/lib/tldap_gensec_bind.h
@@ -0,0 +1,40 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Gensec based tldap bind
+ * Copyright (C) Volker Lendecke 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __TLDAP_GENSEC_BIND_H__
+#define __TLDAP_GENSEC_BIND_H__
+
+#include "replace.h"
+#include "tldap.h"
+#include "auth/credentials/credentials.h"
+
+struct tevent_req *tldap_gensec_bind_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features);
+TLDAPRC tldap_gensec_bind_recv(struct tevent_req *req);
+TLDAPRC tldap_gensec_bind(
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features);
+
+#endif
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index e5dea20..242b788 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -1,15 +1,7 @@
/*
- * idmap_ad: map between Active Directory and RFC 2307 or "Services for Unix" (SFU) Accounts
+ * idmap_ad: map between Active Directory and RFC 2307 accounts
*
- * Unix SMB/CIFS implementation.
- *
- * Winbind ADS backend functions
- *
- * Copyright (C) Andrew Tridgell 2001
- * Copyright (C) Andrew Bartlett <abartlet at samba.org> 2003
- * Copyright (C) Gerald (Jerry) Carter 2004-2007
- * Copyright (C) Luke Howard 2001-2004
- * Copyright (C) Michael Adam 2008,2010
+ * Copyright (C) Volker Lendecke 2015
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,990 +19,832 @@
#include "includes.h"
#include "winbindd.h"
-#include "../libds/common/flags.h"
-#include "ads.h"
-#include "libads/ldap_schema.h"
-#include "nss_info.h"
#include "idmap.h"
-#include "../libcli/ldap/ldap_ndr.h"
-#include "../libcli/security/security.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_IDMAP
--
Samba Shared Repository
More information about the samba-cvs
mailing list