[PATCH] Remove orphaned code
Volker Lendecke
vl at samba.org
Tue Mar 14 20:00:28 UTC 2017
Hi!
Review appreciated!
Thanks, Volker
-------------- next part --------------
>From 6a84187c03b3f390468d5addc07de8e9aab727e5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 25 Jan 2017 17:44:38 +0100
Subject: [PATCH] passdb: Remove pdb_ipa
The version used these days can be found under
https://pagure.io/freeipa/blob/master/f/daemons/ipa-sam
Having a stale copy in Samba only confuses things.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/pdb_ipa.c | 1511 ------------------------------------------
source3/passdb/pdb_ipa.h | 28 -
source3/passdb/pdb_ldap.c | 3 -
source3/passdb/wscript_build | 2 +-
4 files changed, 1 insertion(+), 1543 deletions(-)
delete mode 100644 source3/passdb/pdb_ipa.c
delete mode 100644 source3/passdb/pdb_ipa.h
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
deleted file mode 100644
index ca305aa..0000000
--- a/source3/passdb/pdb_ipa.c
+++ /dev/null
@@ -1,1511 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- IPA helper functions for SAMBA
- Copyright (C) Sumit Bose <sbose at redhat.com> 2010
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "includes.h"
-#include "passdb.h"
-#include "libcli/security/dom_sid.h"
-#include "../librpc/ndr/libndr.h"
-#include "librpc/gen_ndr/samr.h"
-#include "secrets.h"
-
-#include "smbldap.h"
-#include "passdb/pdb_ldap.h"
-#include "passdb/pdb_ipa.h"
-#include "passdb/pdb_ldap_schema.h"
-#include "lib/util/base64.h"
-
-#define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
-#define IPA_MAGIC_ID_STR "999"
-
-#define LDAP_TRUST_CONTAINER "ou=system"
-#define LDAP_ATTRIBUTE_CN "cn"
-#define LDAP_ATTRIBUTE_TRUST_TYPE "sambaTrustType"
-#define LDAP_ATTRIBUTE_TRUST_ATTRIBUTES "sambaTrustAttributes"
-#define LDAP_ATTRIBUTE_TRUST_DIRECTION "sambaTrustDirection"
-#define LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET "sambaTrustPosixOffset"
-#define LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE "sambaSupportedEncryptionTypes"
-#define LDAP_ATTRIBUTE_TRUST_PARTNER "sambaTrustPartner"
-#define LDAP_ATTRIBUTE_FLAT_NAME "sambaFlatName"
-#define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "sambaTrustAuthOutgoing"
-#define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "sambaTrustAuthIncoming"
-#define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "sambaSecurityIdentifier"
-#define LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO "sambaTrustForestTrustInfo"
-#define LDAP_ATTRIBUTE_OBJECTCLASS "objectClass"
-
-#define LDAP_OBJ_KRB_PRINCIPAL "krbPrincipal"
-#define LDAP_OBJ_KRB_PRINCIPAL_AUX "krbPrincipalAux"
-#define LDAP_ATTRIBUTE_KRB_PRINCIPAL "krbPrincipalName"
-
-#define LDAP_OBJ_IPAOBJECT "ipaObject"
-#define LDAP_OBJ_IPAHOST "ipaHost"
-#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
-
-#define LDAP_OBJ_GROUPOFNAMES "groupOfNames"
-#define LDAP_OBJ_NESTEDGROUP "nestedGroup"
-#define LDAP_OBJ_IPAUSERGROUP "ipaUserGroup"
-#define LDAP_OBJ_POSIXGROUP "posixGroup"
-
-#define HAS_KRB_PRINCIPAL (1<<0)
-#define HAS_KRB_PRINCIPAL_AUX (1<<1)
-#define HAS_IPAOBJECT (1<<2)
-#define HAS_IPAHOST (1<<3)
-#define HAS_POSIXACCOUNT (1<<4)
-#define HAS_GROUPOFNAMES (1<<5)
-#define HAS_NESTEDGROUP (1<<6)
-#define HAS_IPAUSERGROUP (1<<7)
-#define HAS_POSIXGROUP (1<<8)
-
-struct ipasam_privates {
- bool server_is_ipa;
- NTSTATUS (*ldapsam_add_sam_account)(struct pdb_methods *,
- struct samu *sampass);
- NTSTATUS (*ldapsam_update_sam_account)(struct pdb_methods *,
- struct samu *sampass);
- NTSTATUS (*ldapsam_create_user)(struct pdb_methods *my_methods,
- TALLOC_CTX *tmp_ctx, const char *name,
- uint32_t acb_info, uint32_t *rid);
- NTSTATUS (*ldapsam_create_dom_group)(struct pdb_methods *my_methods,
- TALLOC_CTX *tmp_ctx,
- const char *name,
- uint32_t *rid);
-};
-
-static bool ipasam_get_trusteddom_pw(struct pdb_methods *methods,
- const char *domain,
- char** pwd,
- struct dom_sid *sid,
- time_t *pass_last_set_time)
-{
- return false;
-}
-
-static bool ipasam_set_trusteddom_pw(struct pdb_methods *methods,
- const char* domain,
- const char* pwd,
- const struct dom_sid *sid)
-{
- return false;
-}
-
-static bool ipasam_del_trusteddom_pw(struct pdb_methods *methods,
- const char *domain)
-{
- return false;
-}
-
-static char *get_account_dn(const char *name)
-{
- char *escape_name;
- char *dn;
-
- escape_name = escape_rdn_val_string_alloc(name);
- if (!escape_name) {
- return NULL;
- }
-
- if (name[strlen(name)-1] == '$') {
- dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
- lp_ldap_machine_suffix(talloc_tos()));
- } else {
- dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name,
- lp_ldap_user_suffix(talloc_tos()));
- }
-
- SAFE_FREE(escape_name);
-
- return dn;
-}
-
-static char *trusted_domain_dn(struct ldapsam_privates *ldap_state,
- const char *domain)
-{
- return talloc_asprintf(talloc_tos(), "%s=%s,%s,%s",
- LDAP_ATTRIBUTE_CN, domain,
- LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
-}
-
-static char *trusted_domain_base_dn(struct ldapsam_privates *ldap_state)
-{
- return talloc_asprintf(talloc_tos(), "%s,%s",
- LDAP_TRUST_CONTAINER, ldap_state->domain_dn);
-}
-
-static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *filter, LDAPMessage **entry)
-{
- int rc;
- char *base_dn = NULL;
- LDAPMessage *result = NULL;
- uint32_t num_result;
-
- base_dn = trusted_domain_base_dn(ldap_state);
- if (base_dn == NULL) {
- return false;
- }
-
- rc = smbldap_search(ldap_state->smbldap_state, base_dn,
- LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result);
- TALLOC_FREE(base_dn);
-
- if (result != NULL) {
- smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- }
-
- if (rc == LDAP_NO_SUCH_OBJECT) {
- *entry = NULL;
- return true;
- }
-
- if (rc != LDAP_SUCCESS) {
- return false;
- }
-
- num_result = ldap_count_entries(priv2ld(ldap_state), result);
-
- if (num_result > 1) {
- DEBUG(1, ("get_trusted_domain_int: more than one "
- "%s object with filter '%s'?!\n",
- LDAP_OBJ_TRUSTED_DOMAIN, filter));
- return false;
- }
-
- if (num_result == 0) {
- DEBUG(1, ("get_trusted_domain_int: no "
- "%s object with filter '%s'.\n",
- LDAP_OBJ_TRUSTED_DOMAIN, filter));
- *entry = NULL;
- } else {
- *entry = ldap_first_entry(priv2ld(ldap_state), result);
- }
-
- return true;
-}
-
-static bool get_trusted_domain_by_name_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *domain,
- LDAPMessage **entry)
-{
- char *filter = NULL;
-
- filter = talloc_asprintf(talloc_tos(),
- "(&(objectClass=%s)(|(%s=%s)(%s=%s)(cn=%s)))",
- LDAP_OBJ_TRUSTED_DOMAIN,
- LDAP_ATTRIBUTE_FLAT_NAME, domain,
- LDAP_ATTRIBUTE_TRUST_PARTNER, domain, domain);
- if (filter == NULL) {
- return false;
- }
-
- return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
-}
-
-static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state,
- TALLOC_CTX *mem_ctx,
- const char *sid, LDAPMessage **entry)
-{
- char *filter = NULL;
-
- filter = talloc_asprintf(talloc_tos(), "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_TRUSTED_DOMAIN,
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid);
- if (filter == NULL) {
- return false;
- }
-
- return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry);
-}
-
-static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
- LDAPMessage *entry,
- const char *attr,
- uint32_t *val)
-{
- char *dummy;
- long int l;
- char *endptr;
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
- attr, talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n", attr));
- *val = 0;
- return true;
- }
-
- l = strtoul(dummy, &endptr, 10);
- TALLOC_FREE(dummy);
-
- if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
- return false;
- }
-
- *val = l;
-
- return true;
-}
-
-static void get_data_blob_from_ldap_msg(TALLOC_CTX *mem_ctx,
- struct ldapsam_privates *ldap_state,
- LDAPMessage *entry, const char *attr,
- DATA_BLOB *_blob)
-{
- char *dummy;
- DATA_BLOB blob;
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, attr,
- talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n", attr));
- ZERO_STRUCTP(_blob);
- } else {
- blob = base64_decode_data_blob(dummy);
- if (blob.length == 0) {
- ZERO_STRUCTP(_blob);
- } else {
- _blob->length = blob.length;
- _blob->data = talloc_steal(mem_ctx, blob.data);
- }
- }
- TALLOC_FREE(dummy);
-}
-
-static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
- struct ldapsam_privates *ldap_state,
- LDAPMessage *entry,
- struct pdb_trusted_domain **_td)
-{
- char *dummy;
- bool res;
- struct pdb_trusted_domain *td;
-
- if (entry == NULL) {
- return false;
- }
-
- td = talloc_zero(mem_ctx, struct pdb_trusted_domain);
- if (td == NULL) {
- return false;
- }
-
- /* All attributes are MAY */
-
- dummy = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry,
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
- talloc_tos());
- if (dummy == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER));
- ZERO_STRUCT(td->security_identifier);
- } else {
- res = string_to_sid(&td->security_identifier, dummy);
- TALLOC_FREE(dummy);
- if (!res) {
- return false;
- }
- }
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
- &td->trust_auth_incoming);
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
- &td->trust_auth_outgoing);
-
- td->netbios_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
- entry,
- LDAP_ATTRIBUTE_FLAT_NAME,
- td);
- if (td->netbios_name == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_FLAT_NAME));
- }
-
- td->domain_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
- entry,
- LDAP_ATTRIBUTE_TRUST_PARTNER,
- td);
- if (td->domain_name == NULL) {
- DEBUG(9, ("Attribute %s not present.\n",
- LDAP_ATTRIBUTE_TRUST_PARTNER));
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_DIRECTION,
- &td->trust_direction);
- if (!res) {
- return false;
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
- &td->trust_attributes);
- if (!res) {
- return false;
- }
-
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_TYPE,
- &td->trust_type);
- if (!res) {
- return false;
- }
-
- td->trust_posix_offset = talloc(td, uint32_t);
- if (td->trust_posix_offset == NULL) {
- return false;
- }
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET,
- td->trust_posix_offset);
- if (!res) {
- return false;
- }
-
- td->supported_enc_type = talloc(td, uint32_t);
- if (td->supported_enc_type == NULL) {
- return false;
- }
- res = get_uint32_t_from_ldap_msg(ldap_state, entry,
- LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE,
- td->supported_enc_type);
- if (!res) {
- return false;
- }
-
-
- get_data_blob_from_ldap_msg(td, ldap_state, entry,
- LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
- &td->trust_forest_trust_info);
-
- *_td = td;
-
- return true;
-}
-
-static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- const char *domain,
- struct pdb_trusted_domain **td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
-
- DEBUG(10, ("ipasam_get_trusted_domain called for domain %s\n", domain));
-
- if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
- &entry)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (entry == NULL) {
- DEBUG(5, ("ipasam_get_trusted_domain: no such trusted domain: "
- "%s\n", domain));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_get_trusted_domain_by_sid(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- struct dom_sid *sid,
- struct pdb_trusted_domain **td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
- char *sid_str;
-
- sid_str = sid_string_tos(sid);
-
- DEBUG(10, ("ipasam_get_trusted_domain_by_sid called for sid %s\n",
- sid_str));
-
- if (!get_trusted_domain_by_sid_int(ldap_state, talloc_tos(), sid_str,
- &entry)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (entry == NULL) {
- DEBUG(5, ("ipasam_get_trusted_domain_by_sid: no trusted domain "
- "with sid: %s\n", sid_str));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry,
- LDAPMod ***mods, const char *attribute,
- const uint32_t val)
-{
- char *dummy;
-
- dummy = talloc_asprintf(talloc_tos(), "%lu", (unsigned long) val);
- if (dummy == NULL) {
- return false;
- }
- smbldap_make_mod(ldap_struct, entry, mods, attribute, dummy);
- TALLOC_FREE(dummy);
-
- return true;
-}
-
-static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods,
- const char* domain,
- const struct pdb_trusted_domain *td)
-{
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
- LDAPMod **mods;
- bool res;
- char *trusted_dn = NULL;
- int ret;
-
- DEBUG(10, ("ipasam_set_trusted_domain called for domain %s\n", domain));
-
- res = get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
- &entry);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- mods = NULL;
- smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- LDAP_OBJ_TRUSTED_DOMAIN);
-
- if (td->netbios_name != NULL) {
- smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_FLAT_NAME,
- td->netbios_name);
- }
-
- if (td->domain_name != NULL) {
- smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_TRUST_PARTNER,
- td->domain_name);
- }
-
- if (!is_null_sid(&td->security_identifier)) {
- smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_SECURITY_IDENTIFIER,
- sid_string_tos(&td->security_identifier));
- }
-
- if (td->trust_type != 0) {
- res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
- &mods, LDAP_ATTRIBUTE_TRUST_TYPE,
- td->trust_type);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- if (td->trust_attributes != 0) {
- res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_TRUST_ATTRIBUTES,
- td->trust_attributes);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- if (td->trust_direction != 0) {
- res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_TRUST_DIRECTION,
- td->trust_direction);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- if (td->trust_posix_offset != NULL) {
- res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET,
- *td->trust_posix_offset);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- if (td->supported_enc_type != NULL) {
- res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry,
- &mods,
- LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE,
- *td->supported_enc_type);
- if (!res) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- if (td->trust_auth_outgoing.data != NULL) {
- smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING,
- &td->trust_auth_outgoing);
- }
-
- if (td->trust_auth_incoming.data != NULL) {
- smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING,
- &td->trust_auth_incoming);
- }
-
- if (td->trust_forest_trust_info.data != NULL) {
- smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods,
- LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO,
- &td->trust_forest_trust_info);
- }
-
- smbldap_talloc_autofree_ldapmod(talloc_tos(), mods);
-
- trusted_dn = trusted_domain_dn(ldap_state, domain);
- if (trusted_dn == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- if (entry == NULL) {
- ret = smbldap_add(ldap_state->smbldap_state, trusted_dn, mods);
- } else {
- ret = smbldap_modify(ldap_state->smbldap_state, trusted_dn, mods);
- }
-
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("error writing trusted domain data!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods,
- const char *domain)
-{
- int ret;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- LDAPMessage *entry = NULL;
- const char *dn;
-
- if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain,
- &entry)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (entry == NULL) {
- DEBUG(5, ("ipasam_del_trusted_domain: no such trusted domain: "
- "%s\n", domain));
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
- dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state), entry);
- if (dn == NULL) {
- DEBUG(0,("ipasam_del_trusted_domain: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = smbldap_delete(ldap_state->smbldap_state, dn);
- if (ret != LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_enum_trusted_domains(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- uint32_t *num_domains,
- struct pdb_trusted_domain ***domains)
-{
- int rc;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)methods->private_data;
- char *base_dn = NULL;
- char *filter = NULL;
- int scope = LDAP_SCOPE_SUBTREE;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
-
- filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
- LDAP_OBJ_TRUSTED_DOMAIN);
- if (filter == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- base_dn = trusted_domain_base_dn(ldap_state);
- if (base_dn == NULL) {
- TALLOC_FREE(filter);
- return NT_STATUS_NO_MEMORY;
- }
-
- rc = smbldap_search(ldap_state->smbldap_state, base_dn, scope, filter,
- NULL, 0, &result);
- TALLOC_FREE(filter);
- TALLOC_FREE(base_dn);
-
- if (result != NULL) {
- smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- }
-
- if (rc == LDAP_NO_SUCH_OBJECT) {
- *num_domains = 0;
- *domains = NULL;
- return NT_STATUS_OK;
- }
-
- if (rc != LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *num_domains = 0;
- if (!(*domains = talloc_array(mem_ctx, struct pdb_trusted_domain *, 1))) {
- DEBUG(1, ("talloc failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (entry = ldap_first_entry(priv2ld(ldap_state), result);
- entry != NULL;
- entry = ldap_next_entry(priv2ld(ldap_state), entry))
- {
- struct pdb_trusted_domain *dom_info;
-
- if (!fill_pdb_trusted_domain(*domains, ldap_state, entry,
- &dom_info)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- ADD_TO_ARRAY(*domains, struct pdb_trusted_domain *, dom_info,
- domains, num_domains);
-
- if (*domains == NULL) {
- DEBUG(1, ("talloc failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- DEBUG(5, ("ipasam_enum_trusted_domains: got %d domains\n", *num_domains));
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_enum_trusteddoms(struct pdb_methods *methods,
- TALLOC_CTX *mem_ctx,
- uint32_t *num_domains,
- struct trustdom_info ***domains)
-{
- NTSTATUS status;
- struct pdb_trusted_domain **td;
- int i;
-
- status = ipasam_enum_trusted_domains(methods, talloc_tos(),
- num_domains, &td);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (*num_domains == 0) {
- return NT_STATUS_OK;
- }
-
- if (!(*domains = talloc_array(mem_ctx, struct trustdom_info *,
- *num_domains))) {
- DEBUG(1, ("talloc failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i = 0; i < *num_domains; i++) {
- struct trustdom_info *dom_info;
-
- dom_info = talloc(*domains, struct trustdom_info);
- if (dom_info == NULL) {
- DEBUG(1, ("talloc failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- dom_info->name = talloc_steal(mem_ctx, td[i]->netbios_name);
- sid_copy(&dom_info->sid, &td[i]->security_identifier);
-
- (*domains)[i] = dom_info;
- }
-
- return NT_STATUS_OK;
-}
-
-static uint32_t pdb_ipasam_capabilities(struct pdb_methods *methods)
-{
- return PDB_CAP_STORE_RIDS | PDB_CAP_ADS | PDB_CAP_TRUSTED_DOMAINS_EX;
-}
-
-static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pdb_methods,
- TALLOC_CTX *mem_ctx)
-{
- struct pdb_domain_info *info;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)pdb_methods->private_data;
- uint8_t sid_buf[24];
- DATA_BLOB sid_blob;
- NTSTATUS status;
-
- info = talloc(mem_ctx, struct pdb_domain_info);
- if (info == NULL) {
- return NULL;
- }
-
- info->name = talloc_strdup(info, ldap_state->domain_name);
- if (info->name == NULL) {
- goto fail;
- }
-
- /* TODO: read dns_domain, dns_forest and guid from LDAP */
- info->dns_domain = talloc_strdup(info, lp_realm());
- if (info->dns_domain == NULL) {
- goto fail;
- }
- if (!strlower_m(info->dns_domain)) {
- goto fail;
- }
- info->dns_forest = talloc_strdup(info, info->dns_domain);
-
- /* we expect a domain SID to have 4 sub IDs */
- if (ldap_state->domain_sid.num_auths != 4) {
- goto fail;
- }
-
- sid_copy(&info->sid, &ldap_state->domain_sid);
-
- if (!sid_linearize(sid_buf, sizeof(sid_buf), &info->sid)) {
- goto fail;
- }
-
- /* the first 8 bytes of the linearized SID are not random,
- * so we skip them */
- sid_blob.data = (uint8_t *) sid_buf + 8 ;
- sid_blob.length = 16;
-
- status = GUID_from_ndr_blob(&sid_blob, &info->guid);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
- return info;
-
-fail:
- TALLOC_FREE(info);
- return NULL;
-}
-
-static NTSTATUS modify_ipa_password_exop(struct ldapsam_privates *ldap_state,
- struct samu *sampass)
-{
- int ret;
- BerElement *ber = NULL;
- struct berval *bv = NULL;
- char *retoid = NULL;
- struct berval *retdata = NULL;
- const char *password;
- char *dn;
-
- password = pdb_get_plaintext_passwd(sampass);
- if (password == NULL || *password == '\0') {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- dn = get_account_dn(pdb_get_username(sampass));
- if (dn == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- ber = ber_alloc_t( LBER_USE_DER );
- if (ber == NULL) {
- DEBUG(7, ("ber_alloc_t failed.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = ber_printf(ber, "{tsts}", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, dn,
- LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, password);
- if (ret == -1) {
- DEBUG(7, ("ber_printf failed.\n"));
- ber_free(ber, 1);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- ret = ber_flatten(ber, &bv);
- ber_free(ber, 1);
- if (ret == -1) {
- DEBUG(1, ("ber_flatten failed.\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- ret = smbldap_extended_operation(ldap_state->smbldap_state,
- LDAP_EXOP_MODIFY_PASSWD, bv, NULL,
- NULL, &retoid, &retdata);
- ber_bvfree(bv);
- if (retdata) {
- ber_bvfree(retdata);
- }
- if (retoid) {
- ldap_memfree(retoid);
- }
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("smbldap_extended_operation LDAP_EXOP_MODIFY_PASSWD failed.\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_get_objectclasses(struct ldapsam_privates *ldap_state,
- const char *dn, LDAPMessage *entry,
- uint32_t *has_objectclass)
-{
- char **objectclasses;
- size_t c;
-
- objectclasses = ldap_get_values(priv2ld(ldap_state), entry,
- LDAP_ATTRIBUTE_OBJECTCLASS);
- if (objectclasses == NULL) {
- DEBUG(0, ("Entry [%s] does not have any objectclasses.\n", dn));
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- *has_objectclass = 0;
- for (c = 0; objectclasses[c] != NULL; c++) {
- if (strequal(objectclasses[c], LDAP_OBJ_KRB_PRINCIPAL)) {
- *has_objectclass |= HAS_KRB_PRINCIPAL;
- } else if (strequal(objectclasses[c],
- LDAP_OBJ_KRB_PRINCIPAL_AUX)) {
- *has_objectclass |= HAS_KRB_PRINCIPAL_AUX;
- } else if (strequal(objectclasses[c], LDAP_OBJ_IPAOBJECT)) {
- *has_objectclass |= HAS_IPAOBJECT;
- } else if (strequal(objectclasses[c], LDAP_OBJ_IPAHOST)) {
- *has_objectclass |= HAS_IPAHOST;
- } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXACCOUNT)) {
- *has_objectclass |= HAS_POSIXACCOUNT;
- } else if (strequal(objectclasses[c], LDAP_OBJ_GROUPOFNAMES)) {
- *has_objectclass |= HAS_GROUPOFNAMES;
- } else if (strequal(objectclasses[c], LDAP_OBJ_NESTEDGROUP)) {
- *has_objectclass |= HAS_NESTEDGROUP;
- } else if (strequal(objectclasses[c], LDAP_OBJ_IPAUSERGROUP)) {
- *has_objectclass |= HAS_IPAUSERGROUP;
- } else if (strequal(objectclasses[c], LDAP_OBJ_POSIXGROUP)) {
- *has_objectclass |= HAS_POSIXGROUP;
- }
- }
- ldap_value_free(objectclasses);
-
- return NT_STATUS_OK;
-}
-
-enum obj_type {
- IPA_NO_OBJ = 0,
- IPA_USER_OBJ,
- IPA_GROUP_OBJ
-};
-
-static NTSTATUS find_obj(struct ldapsam_privates *ldap_state, const char *name,
- enum obj_type type, char **_dn,
- uint32_t *_has_objectclass)
-{
- int ret;
- char *username;
- char *filter;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
- int num_result;
- char *dn;
- uint32_t has_objectclass;
- NTSTATUS status;
- const char *obj_class = NULL;
-
- switch (type) {
- case IPA_USER_OBJ:
- obj_class = LDAP_OBJ_POSIXACCOUNT;
- break;
- case IPA_GROUP_OBJ:
- obj_class = LDAP_OBJ_POSIXGROUP;
- break;
- default:
- DEBUG(0, ("Unsupported IPA object.\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- username = escape_ldap_string(talloc_tos(), name);
- if (username == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- filter = talloc_asprintf(talloc_tos(), "(&(uid=%s)(objectClass=%s))",
- username, obj_class);
- if (filter == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- TALLOC_FREE(username);
-
- ret = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL,
- &result);
- if (ret != LDAP_SUCCESS) {
- DEBUG(0, ("smbldap_search_suffix failed.\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- num_result = ldap_count_entries(priv2ld(ldap_state), result);
-
- if (num_result != 1) {
- if (num_result == 0) {
- switch (type) {
- case IPA_USER_OBJ:
- status = NT_STATUS_NO_SUCH_USER;
- break;
- case IPA_GROUP_OBJ:
- status = NT_STATUS_NO_SUCH_GROUP;
- break;
- default:
- status = NT_STATUS_INVALID_PARAMETER;
- }
- } else {
- DEBUG (0, ("find_user: More than one object with name [%s] ?!\n",
- name));
- status = NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- goto done;
- }
-
- entry = ldap_first_entry(priv2ld(ldap_state), result);
- if (!entry) {
- DEBUG(0,("find_user: Out of memory!\n"));
- status = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state), entry);
- if (!dn) {
- DEBUG(0,("find_user: Out of memory!\n"));
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- status = ipasam_get_objectclasses(ldap_state, dn, entry, &has_objectclass);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- *_dn = dn;
- *_has_objectclass = has_objectclass;
-
- status = NT_STATUS_OK;
-
-done:
- ldap_msgfree(result);
-
- return status;
-}
-
-static NTSTATUS find_user(struct ldapsam_privates *ldap_state, const char *name,
- char **_dn, uint32_t *_has_objectclass)
-{
- return find_obj(ldap_state, name, IPA_USER_OBJ, _dn, _has_objectclass);
-}
-
-static NTSTATUS find_group(struct ldapsam_privates *ldap_state, const char *name,
- char **_dn, uint32_t *_has_objectclass)
-{
- return find_obj(ldap_state, name, IPA_GROUP_OBJ, _dn, _has_objectclass);
-}
-
-static NTSTATUS ipasam_add_posix_account_objectclass(struct ldapsam_privates *ldap_state,
- int ldap_op,
- const char *dn,
- const char *username)
-{
- int ret;
- LDAPMod **mods = NULL;
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass", "posixAccount");
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "cn", username);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "uidNumber", IPA_MAGIC_ID_STR);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "gidNumber", "12345");
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "homeDirectory", "/dev/null");
-
- if (ldap_op == LDAP_MOD_ADD) {
- ret = smbldap_add(ldap_state->smbldap_state, dn, mods);
- } else {
- ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- }
- ldap_mods_free(mods, 1);
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("failed to modify/add user with uid = %s (dn = %s)\n",
- username, dn));
- return NT_STATUS_LDAP(ret);
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_add_ipa_group_objectclasses(struct ldapsam_privates *ldap_state,
- const char *dn,
- const char *name,
- uint32_t has_objectclass)
-{
- LDAPMod **mods = NULL;
- int ret;
-
- if (!(has_objectclass & HAS_GROUPOFNAMES)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_GROUPOFNAMES);
- }
-
- if (!(has_objectclass & HAS_NESTEDGROUP)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_NESTEDGROUP);
- }
-
- if (!(has_objectclass & HAS_IPAUSERGROUP)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_IPAUSERGROUP);
- }
-
- if (!(has_objectclass & HAS_IPAOBJECT)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_IPAOBJECT);
- }
-
- if (!(has_objectclass & HAS_POSIXGROUP)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_POSIXGROUP);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_CN,
- name);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_GIDNUMBER,
- IPA_MAGIC_ID_STR);
- }
-
- ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- ldap_mods_free(mods, 1);
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("failed to modify/add group %s (dn = %s)\n",
- name, dn));
- return NT_STATUS_LDAP(ret);
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_add_ipa_objectclasses(struct ldapsam_privates *ldap_state,
- const char *dn, const char *name,
- const char *domain,
- uint32_t acct_flags,
- uint32_t has_objectclass)
-{
- LDAPMod **mods = NULL;
- int ret;
- char *princ;
-
- if (!(has_objectclass & HAS_KRB_PRINCIPAL)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_KRB_PRINCIPAL);
-
- princ = talloc_asprintf(talloc_tos(), "%s@%s", name, lp_realm());
- if (princ == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD, LDAP_ATTRIBUTE_KRB_PRINCIPAL, princ);
- }
-
- if (!(has_objectclass & HAS_KRB_PRINCIPAL_AUX)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_KRB_PRINCIPAL_AUX);
- }
-
- if (!(has_objectclass & HAS_IPAOBJECT)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS, LDAP_OBJ_IPAOBJECT);
- }
-
- if ((acct_flags != 0) &&
- (((acct_flags & ACB_NORMAL) && name[strlen(name)-1] == '$') ||
- ((acct_flags & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) != 0))) {
-
- if (!(has_objectclass & HAS_IPAHOST)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- LDAP_ATTRIBUTE_OBJECTCLASS,
- LDAP_OBJ_IPAHOST);
-
- if (domain == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "fqdn", domain);
- }
- }
-
- if (!(has_objectclass & HAS_POSIXACCOUNT)) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass", "posixAccount");
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "uidNumber", IPA_MAGIC_ID_STR);
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "gidNumber", "12345");
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "homeDirectory", "/dev/null");
- }
-
- if (mods != NULL) {
- ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- ldap_mods_free(mods, 1);
- if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("failed to modify/add user with uid = %s (dn = %s)\n",
- name, dn));
- return NT_STATUS_LDAP(ret);
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_ipasam_add_sam_account(struct pdb_methods *pdb_methods,
- struct samu *sampass)
-{
- NTSTATUS status;
- struct ldapsam_privates *ldap_state;
- const char *name;
- char *dn;
- uint32_t has_objectclass;
- uint32_t rid;
- struct dom_sid user_sid;
-
- ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
-
- if (IS_SAM_SET(sampass, PDB_USERSID) ||
- IS_SAM_CHANGED(sampass, PDB_USERSID)) {
- if (!pdb_new_rid(&rid)) {
- return NT_STATUS_DS_NO_MORE_RIDS;
- }
- sid_compose(&user_sid, get_global_sam_sid(), rid);
- if (!pdb_set_user_sid(sampass, &user_sid, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- status = ldap_state->ipasam_privates->ldapsam_add_sam_account(pdb_methods,
- sampass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (ldap_state->ipasam_privates->server_is_ipa) {
- name = pdb_get_username(sampass);
- if (name == NULL || *name == '\0') {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = find_user(ldap_state, name, &dn, &has_objectclass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = ipasam_add_ipa_objectclasses(ldap_state, dn, name,
- pdb_get_domain(sampass),
- pdb_get_acct_ctrl(sampass),
- has_objectclass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (!(has_objectclass & HAS_POSIXACCOUNT)) {
- status = ipasam_add_posix_account_objectclass(ldap_state,
- LDAP_MOD_REPLACE,
- dn, name);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
- if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
- status = modify_ipa_password_exop(ldap_state, sampass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_ipasam_update_sam_account(struct pdb_methods *pdb_methods,
- struct samu *sampass)
-{
- NTSTATUS status;
- struct ldapsam_privates *ldap_state;
- ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
-
- status = ldap_state->ipasam_privates->ldapsam_update_sam_account(pdb_methods,
- sampass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (ldap_state->ipasam_privates->server_is_ipa) {
- if (pdb_get_init_flags(sampass, PDB_PLAINTEXT_PW) == PDB_CHANGED) {
- status = modify_ipa_password_exop(ldap_state, sampass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS ipasam_create_dom_group(struct pdb_methods *pdb_methods,
- TALLOC_CTX *tmp_ctx, const char *name,
- uint32_t *rid)
-{
- NTSTATUS status;
- struct ldapsam_privates *ldap_state;
- char *dn = NULL;
- uint32_t has_objectclass = 0;
-
- ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
-
- if (name == NULL || *name == '\0') {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = find_group(ldap_state, name, &dn, &has_objectclass);
- if (!NT_STATUS_IS_OK(status) &&
- !NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
- return status;
- }
-
- if (!(has_objectclass & HAS_POSIXGROUP)) {
- status = ipasam_add_ipa_group_objectclasses(ldap_state, dn,
- name,
- has_objectclass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- }
-
- status = ldap_state->ipasam_privates->ldapsam_create_dom_group(pdb_methods,
- tmp_ctx,
- name,
- rid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-static NTSTATUS ipasam_create_user(struct pdb_methods *pdb_methods,
- TALLOC_CTX *tmp_ctx, const char *name,
- uint32_t acb_info, uint32_t *rid)
-{
- NTSTATUS status;
- struct ldapsam_privates *ldap_state;
- int ldap_op = LDAP_MOD_REPLACE;
- char *dn;
- uint32_t has_objectclass = 0;
-
- ldap_state = (struct ldapsam_privates *)(pdb_methods->private_data);
-
- if (name == NULL || *name == '\0') {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = find_user(ldap_state, name, &dn, &has_objectclass);
- if (NT_STATUS_IS_OK(status)) {
- ldap_op = LDAP_MOD_REPLACE;
- } else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
- char *escape_username;
- ldap_op = LDAP_MOD_ADD;
- escape_username = escape_rdn_val_string_alloc(name);
- if (!escape_username) {
- return NT_STATUS_NO_MEMORY;
- }
- if (name[strlen(name)-1] == '$') {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s",
- escape_username,
- lp_ldap_machine_suffix(talloc_tos()));
- } else {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s",
- escape_username,
- lp_ldap_user_suffix(talloc_tos()));
- }
- SAFE_FREE(escape_username);
- if (!dn) {
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- return status;
- }
-
- if (!(has_objectclass & HAS_POSIXACCOUNT)) {
- status = ipasam_add_posix_account_objectclass(ldap_state, ldap_op,
- dn, name);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- has_objectclass |= HAS_POSIXACCOUNT;
- }
-
- status = ldap_state->ipasam_privates->ldapsam_create_user(pdb_methods,
- tmp_ctx, name,
- acb_info, rid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = ipasam_add_ipa_objectclasses(ldap_state, dn, name, lp_realm(),
- acb_info, has_objectclass);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_ipa_init_secrets(struct pdb_methods *m)
-{
- struct pdb_domain_info *dom_info;
- bool ret;
-
- dom_info = pdb_ipasam_get_domain_info(m, m);
- if (!dom_info) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- PDB_secrets_clear_domain_protection(dom_info->name);
- ret = PDB_secrets_store_domain_sid(dom_info->name,
- &dom_info->sid);
- if (!ret) {
- goto done;
- }
- ret = PDB_secrets_store_domain_guid(dom_info->name,
- &dom_info->guid);
- if (!ret) {
- goto done;
- }
- ret = PDB_secrets_mark_domain_protected(dom_info->name);
- if (!ret) {
- goto done;
- }
-
-done:
- TALLOC_FREE(dom_info);
- if (!ret) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location)
-{
- struct ldapsam_privates *ldap_state;
- NTSTATUS status;
-
- status = pdb_ldapsam_init_common(pdb_method, location);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- (*pdb_method)->name = "IPA_ldapsam";
-
- ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
- ldap_state->ipasam_privates = talloc_zero(ldap_state,
- struct ipasam_privates);
- if (ldap_state->ipasam_privates == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- ldap_state->is_ipa_ldap = True;
-
- ldap_state->ipasam_privates->server_is_ipa = smbldap_has_extension(
- priv2ld(ldap_state), IPA_KEYTAB_SET_OID);
- ldap_state->ipasam_privates->ldapsam_add_sam_account = (*pdb_method)->add_sam_account;
- ldap_state->ipasam_privates->ldapsam_update_sam_account = (*pdb_method)->update_sam_account;
- ldap_state->ipasam_privates->ldapsam_create_user = (*pdb_method)->create_user;
- ldap_state->ipasam_privates->ldapsam_create_dom_group = (*pdb_method)->create_dom_group;
-
- (*pdb_method)->add_sam_account = pdb_ipasam_add_sam_account;
- (*pdb_method)->update_sam_account = pdb_ipasam_update_sam_account;
-
- if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
- if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
- (*pdb_method)->create_user = ipasam_create_user;
- (*pdb_method)->create_dom_group = ipasam_create_dom_group;
- }
- }
-
- (*pdb_method)->capabilities = pdb_ipasam_capabilities;
- (*pdb_method)->get_domain_info = pdb_ipasam_get_domain_info;
-
- (*pdb_method)->get_trusteddom_pw = ipasam_get_trusteddom_pw;
- (*pdb_method)->set_trusteddom_pw = ipasam_set_trusteddom_pw;
- (*pdb_method)->del_trusteddom_pw = ipasam_del_trusteddom_pw;
- (*pdb_method)->enum_trusteddoms = ipasam_enum_trusteddoms;
-
- (*pdb_method)->get_trusted_domain = ipasam_get_trusted_domain;
- (*pdb_method)->get_trusted_domain_by_sid = ipasam_get_trusted_domain_by_sid;
- (*pdb_method)->set_trusted_domain = ipasam_set_trusted_domain;
- (*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain;
- (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains;
-
- status = pdb_ipa_init_secrets(*pdb_method);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("pdb_ipa_init_secrets failed!\n"));
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_ipa_init(void)
-{
- NTSTATUS nt_status;
-
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "IPA_ldapsam", pdb_init_IPA_ldapsam)))
- return nt_status;
-
- return NT_STATUS_OK;
-}
diff --git a/source3/passdb/pdb_ipa.h b/source3/passdb/pdb_ipa.h
deleted file mode 100644
index 46e6ffe..0000000
--- a/source3/passdb/pdb_ipa.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- IPA helper functions for SAMBA
- Copyright (C) Sumit Bose <sbose at redhat.com> 2010
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#ifndef _PASSDB_PDB_IPA_H_
-#define _PASSDB_PDB_IPA_H_
-
-/* The following definitions come from passdb/pdb_ipa.c */
-
-NTSTATUS pdb_ipa_init(void);
-
-#endif /* _PASSDB_PDB_IPA_H_ */
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e3dd790..b5c6cbf 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -65,7 +65,6 @@
#include "smbldap.h"
#include "passdb/pdb_ldap.h"
#include "passdb/pdb_nds.h"
-#include "passdb/pdb_ipa.h"
#include "passdb/pdb_ldap_util.h"
#include "passdb/pdb_ldap_schema.h"
@@ -6635,7 +6634,5 @@ NTSTATUS pdb_ldapsam_init(void)
/* Let pdb_nds register backends */
pdb_nds_init();
- pdb_ipa_init();
-
return NT_STATUS_OK;
}
diff --git a/source3/passdb/wscript_build b/source3/passdb/wscript_build
index f943597..a1a7da3 100644
--- a/source3/passdb/wscript_build
+++ b/source3/passdb/wscript_build
@@ -11,7 +11,7 @@ bld.SAMBA3_MODULE('pdb_tdbsam',
bld.SAMBA3_MODULE('pdb_ldapsam',
subsystem='pdb',
deps='smbldap smbldaphelper',
- source='pdb_ldap.c pdb_nds.c pdb_ipa.c',
+ source='pdb_ldap.c pdb_nds.c',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ldapsam'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ldapsam') and bld.CONFIG_SET('HAVE_LDAP'))
--
2.1.4
More information about the samba-technical
mailing list