[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Mar 15 08:19:02 UTC 2017
The branch, master has been updated
via c5e101a passdb: Remove pdb_ipa
from acad0ad testprogs: Correctly expand shell parameters
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c5e101af2b16c2869bf5c8f8aa90876aa6450f55
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 25 17:44:38 2017 +0100
passdb: Remove pdb_ipa
The version used these days can be found under
https://pagure.io/freeipa/blob/master/f/daemons/ipa-sam
Having a stale copy in Samba only confuses things.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 15 09:18:21 CET 2017 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/passdb/pdb_ipa.c | 1511 ------------------------------------------
source3/passdb/pdb_ipa.h | 28 -
source3/passdb/pdb_ldap.c | 3 -
source3/passdb/wscript_build | 2 +-
4 files changed, 1 insertion(+), 1543 deletions(-)
delete mode 100644 source3/passdb/pdb_ipa.c
delete mode 100644 source3/passdb/pdb_ipa.h
Changeset truncated at 500 lines:
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
deleted file mode 100644
index ca305aa..0000000
--- a/source3/passdb/pdb_ipa.c
+++ /dev/null
@@ -1,1511 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- IPA helper functions for SAMBA
- Copyright (C) Sumit Bose <sbose at redhat.com> 2010
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "passdb.h"
-#include "libcli/security/dom_sid.h"
-#include "../librpc/ndr/libndr.h"
-#include "librpc/gen_ndr/samr.h"
-#include "secrets.h"
-
-#include "smbldap.h"
-#include "passdb/pdb_ldap.h"
-#include "passdb/pdb_ipa.h"
-#include "passdb/pdb_ldap_schema.h"
-#include "lib/util/base64.h"
-
-#define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
-#define IPA_MAGIC_ID_STR "999"
-
-#define LDAP_TRUST_CONTAINER "ou=system"
-#define LDAP_ATTRIBUTE_CN "cn"
-#define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType"
-#define LDAP_ATTRIBUTE_TRUST_ATTRIBUTES "sambaTrustAttributes"
-#define LDAP_ATTRIBUTE_TRUST_DIRECTION "sambaTrustDirection"
-#define LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET "sambaTrustPosixOffset"
-#define LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE "sambaSupportedEncryptionTypes"
-#define LDAP_ATTRIBUTE_TRUST_PARTNER "sambaTrustPartner"
-#define LDAP_ATTRIBUTE_FLAT_NAME "sambaFlatName"
-#define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "sambaTrustAuthOutgoing"
-#define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming"
-#define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier"
-#define LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO "sambaTrustForestTrustInfo"
-#define LDAP_ATTRIBUTE_OBJECTCLASS "objectClass"
-
-#define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal"
-#define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux"
-#define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName"
-
-#define LDAP_OBJ_IPAOBJECT "ipaObject"
-#define LDAP_OBJ_IPAHOST "ipaHost"
-#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
-
-#define LDAP_OBJ_GROUPOFNAMES "groupOfNames"
-#define LDAP_OBJ_NESTEDGROUP "nestedGroup"
-#define LDAP_OBJ_IPAUSERGROUP "ipaUserGroup"
-#define LDAP_OBJ_POSIXGROUP "posixGroup"
-
-#define HAS_KRB_PRINCIPAL (1<<0)
-#define HAS_KRB_PRINCIPAL_AUX (1<<1)
-#define HAS_IPAOBJECT (1<<2)
-#define HAS_IPAHOST (1<<3)
-#define HAS_POSIXACCOUNT (1<<4)
-#define HAS_GROUPOFNAMES (1<<5)
-#define HAS_NESTEDGROUP (1<<6)
-#define HAS_IPAUSERGROUP (1<<7)
-#define HAS_POSIXGROUP (1<<8)
-
-struct ipasam_privates {
- bool server_is_ipa;
- NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *,
- struct samu *sampass);
- NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *,
- struct samu *sampass);
- NTSTATUS (*ldapsam_create_user)(struct pdb_methods *my_methods,
- TALLOC_CTX *tmp_ctx, const char *name,
- uint32_t acb_info, uint32_t *rid);
- NTSTATUS (*ldapsam_create_dom_group)(struct pdb_methods *my_methods,
- TALLOC_CTX *tmp_ctx,
- const char *name,
- uint32_t *rid);
-};
-
-static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods,
- const char *domain,
- char** pwd,
- struct dom_sid *sid,
- time_t *pass_last_set_time)
-{
- return false;
-}
-
-static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods,
- const char* domain,
- const char* pwd,
- const struct dom_sid *sid)
-{
- return false;
-}
-
-static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods,
- const char *domain)
-{
- return false;
-}
-
-static char *get_account_dn(const char *name)
-{
- char *escape_name;
- char *dn;
-
- escape_name = escape_rdn_val_string_alloc(name);
- if (!escape_name) {
- return NULL;
- }
-
- if (name[strlen(name)-1] == '$') {
- dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
- lp_ldap_machine_suffix(talloc_tos()));
- } else {
- dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
- lp_ldap_user_suffix(talloc_tos()));
- }
-
- SAFE_FREE(escape_name);
-
- return dn;
-}
-
-static char *trusted_domain_dn(struct ldapsam_privates *ldap_state,
- const char *domain)
-{
- return talloc_asprintf(talloc_tos(), "%s=%s,%s,%s",
- LDAP_ATTRIBUTE_CN, domain,
- LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
-}
-
-static char *trusted_domain_base_dn(struct ldapsam_privates *ldap_state)
-{
- return talloc_asprintf(talloc_tos(), "%s,%s",
- LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
-}
-
-static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *filter, LDAPMessage **entry)
-{
- int rc;
- char *base_dn = NULL;
- LDAPMessage *result = NULL;
- uint32_t num_result;
-
- base_dn = trusted_domain_base_dn(ldap_state);
- if (base_dn == NULL) {
- return false;
- }
-
- rc = smbldap_search(ldap_state->smbldap_state, base_dn,
- LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result);
- TALLOC_FREE(base_dn);
-
- if (result != NULL) {
- smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- }
-
- if (rc == LDAP_NO_SUCH_OBJECT) {
- *entry = NULL;
- return true;
- }
-
- if (rc != LDAP_SUCCESS) {
- return false;
- }
-
- num_result = ldap_count_entries(priv2ld(ldap_state), result);
-
- if (num_result > 1) {
- DEBUG(1, ("get_trusted_domain_int: more than one "
- "%s object with filter '%s'?!\n",
- LDAP_OBJ_TRUSTED_DOMAIN, filter));
- return false;
- }
-
- if (num_result == 0) {
- DEBUG(1, ("get_trusted_domain_int: no "
- "%s object with filter '%s'.\n",
- LDAP_OBJ_TRUSTED_DOMAIN, filter));
- *entry = NULL;
- } else {
- *entry = ldap_first_entry(priv2ld(ldap_state), result);
- }
-
- return true;
-}
-
-static bool get_trusted_domain_by_name_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *domain,
- LDAPMessage **entry)
-{
- char *filter = NULL;
-
- filter = talloc_asprintf(talloc_tos(),
- "(&(objectClass=%s)(|(%s=%s)(%s=%s)(cn=%s)))",
- LDAP_OBJ_TRUSTED_DOMAIN,
- LDAP_ATTRIBUTE_FLAT_NAME, domain,
- LDAP_ATTRIBUTE_TRUST_PARTNER, domain, domain);
- if (filter == NULL) {
- return false;
- }
-
- return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
-}
-
-static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *sid, LDAPMessage **entry)
-{
- char *filter = NULL;
-
- filter = talloc_asprintf(talloc_tos(), "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_TRUSTED_DOMAIN,
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid);
- if (filter == NULL) {
- return false;
- }
-
- return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
-}
-
-static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
- LDAPMessage *entry,
- const char *attr,
- uint32_t *val)
-{
- char *dummy;
- long int l;
- char *endptr;
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
- attr, talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n", attr));
- *val = 0;
- return true;
- }
-
- l = strtoul(dummy, &endptr, 10);
- TALLOC_FREE(dummy);
-
- if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
- return false;
- }
-
- *val = l;
-
- return true;
-}
-
-static void get_data_blob_from_ldap_msg(TALLOC_CTX *mem_ctx,
- struct ldapsam_privates *ldap_state,
- LDAPMessage *entry, const char *attr,
- DATA_BLOB *_blob)
-{
- char *dummy;
- DATA_BLOB blob;
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, attr,
- talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n", attr));
- ZERO_STRUCTP(_blob);
- } else {
- blob = base64_decode_data_blob(dummy);
- if (blob.length == 0) {
- ZERO_STRUCTP(_blob);
- } else {
- _blob->length = blob.length;
- _blob->data = talloc_steal(mem_ctx, blob.data);
- }
- }
- TALLOC_FREE(dummy);
-}
-
-static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
- struct ldapsam_privates *ldap_state,
- LDAPMessage *entry,
- struct pdb_trusted_domain **_td)
-{
- char *dummy;
- bool res;
- struct pdb_trusted_domain *td;
-
- if (entry == NULL) {
- return false;
- }
-
- td = talloc_zero(mem_ctx, struct pdb_trusted_domain);
- if (td == NULL) {
- return false;
- }
-
- /* All attributes are MAY */
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
- talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER));
- ZERO_STRUCT(td->security_identifier);
- } else {
- res = string_to_sid(&td->security_identifier, dummy);
- TALLOC_FREE(dummy);
- if (!res) {
- return false;
- }
- }
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
- &td->trust_auth_incoming);
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
- &td->trust_auth_outgoing);
-
- td->netbios_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
- entry,
- LDAP_ATTRIBUTE_FLAT_NAME,
- td);
- if (td->netbios_name == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_FLAT_NAME));
- }
-
- td->domain_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
- entry,
- LDAP_ATTRIBUTE_TRUST_PARTNER,
- td);
- if (td->domain_name == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_TRUST_PARTNER));
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_DIRECTION,
- &td->trust_direction);
- if (!res) {
- return false;
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
- &td->trust_attributes);
- if (!res) {
- return false;
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_TYPE,
- &td->trust_type);
- if (!res) {
- return false;
- }
-
- td->trust_posix_offset = talloc(td, uint32_t);
- if (td->trust_posix_offset == NULL) {
- return false;
- }
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET,
- td->trust_posix_offset);
- if (!res) {
- return false;
- }
-
- td->supported_enc_type = talloc(td, uint32_t);
- if (td->supported_enc_type == NULL) {
- return false;
- }
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE,
- td->supported_enc_type);
- if (!res) {
- return false;
- }
-
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
- &td->trust_forest_trust_info);
-
- *_td = td;
-
- return true;
-}
-
-static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- const char *domain,
- struct pdb_trusted_domain **td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
-
- DEBUG(10, ("ipasam_get_trusted_domain called for domain %s\n", domain));
-
- if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
- &entry)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (entry == NULL) {
- DEBUG(5, ("ipasam_get_trusted_domain: no such trusted domain: "
- "%s\n", domain));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_get_trusted_domain_by_sid(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- struct dom_sid *sid,
- struct pdb_trusted_domain **td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
- char *sid_str;
-
- sid_str = sid_string_tos(sid);
-
- DEBUG(10, ("ipasam_get_trusted_domain_by_sid called for sid %s\n",
- sid_str));
-
- if (!get_trusted_domain_by_sid_int(ldap_state, talloc_tos(), sid_str,
- &entry)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (entry == NULL) {
- DEBUG(5, ("ipasam_get_trusted_domain_by_sid: no trusted domain "
- "with sid: %s\n", sid_str));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry,
- LDAPMod ***mods, const char *attribute,
- const uint32_t val)
-{
- char *dummy;
-
- dummy = talloc_asprintf(talloc_tos(), "%lu", (unsigned long) val);
- if (dummy == NULL) {
- return false;
- }
- smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
- TALLOC_FREE(dummy);
-
- return true;
-}
-
-static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods,
- const char* domain,
- const struct pdb_trusted_domain *td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
- LDAPMod **mods;
- bool res;
- char *trusted_dn = NULL;
- int ret;
-
- DEBUG(10, ("ipasam_set_trusted_domain called for domain %s\n", domain));
-
--
Samba Shared Repository
More information about the samba-cvs
mailing list