[PATCH] Supplement nss info gecos from displayName

Ralph Böhme rb at sernet.de
Mon Jul 27 17:12:53 UTC 2015 

Hi!

Attached is a small patchset that tries to address a shortcoming in
winbind pulling gecos information from AD.

Either winbind nss info sfu, sfu20 and rfc2307 will end up querying
the gecos attribute, which will be empty in most cases, as neither
Samba AD nor Windows with IDMU assigns a value to it by default.

As a result Samba servers pulling nss info via winbind will show empty
gecos fields. Wouldn't it make sense to pull the gecos info from
another attribute like displayName in case gecos is empty?

Review&comments appreciated. Thanks!

-Ralph

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
-------------- next part --------------
From b9eefc901f491e58e5d315fa1db18113cc6cfc4a Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Mon, 27 Jul 2015 16:55:46 +0200
Subject: [PATCH 1/2] s3-libads: ldap_schema: zero initialize schema

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/libads/ldap_schema.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index 7368be8..f3a94c9 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -252,7 +252,7 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
-	if ( (schema = talloc(mem_ctx, struct posix_schema)) == NULL ) {
+	if ( (schema = talloc_zero(mem_ctx, struct posix_schema)) == NULL ) {
 		TALLOC_FREE( ctx );
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
-- 
1.9.1


From 82350aa8b9f0aa619d362c4e7f593b6f64863582 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Mon, 27 Jul 2015 17:00:37 +0200
Subject: [PATCH 2/2] s3-libads: use displayName as fallback for empty gecos

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/libads/ldap_schema.c | 14 +++++++++++---
 source3/libads/ldap_schema.h |  3 +++
 source3/winbindd/idmap_ad.c  | 13 +++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index f3a94c9..1100603 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -212,21 +212,24 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
 					ADS_ATTR_SFU_HOMEDIR_OID,
 					ADS_ATTR_SFU_SHELL_OID,
 					ADS_ATTR_SFU_GECOS_OID,
-					ADS_ATTR_SFU_UID_OID };
+					ADS_ATTR_SFU_UID_OID,
+					ADS_ATTR_DISPLAYNAME_OID };
 
 	const char *oids_sfu20[] = { 	ADS_ATTR_SFU20_UIDNUMBER_OID,
 					ADS_ATTR_SFU20_GIDNUMBER_OID,
 					ADS_ATTR_SFU20_HOMEDIR_OID,
 					ADS_ATTR_SFU20_SHELL_OID,
 					ADS_ATTR_SFU20_GECOS_OID,
-					ADS_ATTR_SFU20_UID_OID };
+					ADS_ATTR_SFU20_UID_OID,
+					ADS_ATTR_DISPLAYNAME_OID };
 
 	const char *oids_rfc2307[] = {	ADS_ATTR_RFC2307_UIDNUMBER_OID,
 					ADS_ATTR_RFC2307_GIDNUMBER_OID,
 					ADS_ATTR_RFC2307_HOMEDIR_OID,
 					ADS_ATTR_RFC2307_SHELL_OID,
 					ADS_ATTR_RFC2307_GECOS_OID,
-					ADS_ATTR_RFC2307_UID_OID };
+					ADS_ATTR_RFC2307_UID_OID,
+					ADS_ATTR_DISPLAYNAME_OID};
 
 	DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type));
 
@@ -333,6 +336,11 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
 		    strequal(ADS_ATTR_SFU20_UID_OID, oids_out[i])) {
 			schema->posix_uid_attr = talloc_strdup(schema, names_out[i]);
 		}
+
+		if (strequal(ADS_ATTR_DISPLAYNAME_OID, oids_out[i])) {
+			schema->posix_displayName_attr = talloc_strdup(schema, names_out[i]);
+			continue;
+		}
 	}
 
 	if (!schema->posix_uidnumber_attr ||
diff --git a/source3/libads/ldap_schema.h b/source3/libads/ldap_schema.h
index fc4ed07..38f170d 100644
--- a/source3/libads/ldap_schema.h
+++ b/source3/libads/ldap_schema.h
@@ -31,6 +31,7 @@ struct posix_schema {
 	char *posix_gidnumber_attr;
 	char *posix_gecos_attr;
 	char *posix_uid_attr;
+	char *posix_displayName_attr;
 };
 
 /* ldap attribute oids (Services for Unix 3.0, 3.5) */
@@ -58,6 +59,8 @@ struct posix_schema {
 #define ADS_ATTR_RFC2307_GECOS_OID	"1.3.6.1.1.1.1.2"
 #define ADS_ATTR_RFC2307_UID_OID        "0.9.2342.19200300.100.1.1"
 
+#define ADS_ATTR_DISPLAYNAME_OID        "1.2.840.113556.1.2.13"
+
 enum wb_posix_mapping {
 	WB_POSIX_MAP_UNKNOWN    = -1,
 	WB_POSIX_MAP_TEMPLATE 	= 0,
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 047511f..e490c7f 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -678,6 +678,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
 			       NULL, /* attr_shell */
 			       NULL, /* attr_gecos */
 			       NULL, /* attr_gidnumber */
+			       NULL, /* gecos fallback */
 			       NULL };
 	char *filter = NULL;
 	LDAPMessage *msg_internal = NULL;
@@ -721,6 +722,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
 	attrs[1] = ctx->ad_schema->posix_shell_attr;
 	attrs[2] = ctx->ad_schema->posix_gecos_attr;
 	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
+	attrs[4] = ctx->ad_schema->posix_displayName_attr;
 
 	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
 	filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
@@ -746,6 +748,17 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
 			*gid = (uint32)-1;
 	}
 
+	if (*gecos == NULL) {
+		/*
+		 * gecos attribute most often doesn't have a value,
+		 * use the MS displayName attribute as a fallback.
+		 * Will still result in no value for gecos in case the
+		 * LDAP server doesn't use the MS schema.
+		 */
+		*gecos = ads_pull_string(ctx->ads, mem_ctx, msg_internal,
+					 ctx->ad_schema->posix_displayName_attr);
+	}
+
 	nt_status = NT_STATUS_OK;
 
 done:
-- 
1.9.1

More information about the samba-technical mailing list