/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- find_attr_string
- is_object_class
- cell_lookup_settings
- cell_lookup_forest
- cell_locate_membership
- min_id_value
- cell_dn_to_dns
- get_sid_type
1 /*
2 * idmap_adex: Support for AD Forests
3 *
4 * Copyright (C) Gerald (Jerry) Carter 2006-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "idmap_adex.h"
23
24 #undef DBGC_CLASS
25 #define DBGC_CLASS DBGC_IDMAP
26
27 /**********************************************************************
28 **********************************************************************/
29
30 char *find_attr_string(char **list, size_t num_lines, const char *substr)
/* [<][>][^][v][top][bottom][index][help] */
31 {
32 int i;
33 int cmplen = strlen(substr);
34
35 for (i = 0; i < num_lines; i++) {
36 /* make sure to avoid substring matches like uid
37 and uidNumber */
38 if ((StrnCaseCmp(list[i], substr, cmplen) == 0) &&
39 (list[i][cmplen] == '=')) {
40 /* Don't return an empty string */
41 if (list[i][cmplen + 1] != '\0')
42 return &(list[i][cmplen + 1]);
43
44 return NULL;
45 }
46 }
47
48 return NULL;
49 }
50
51 /**********************************************************************
52 **********************************************************************/
53
54 bool is_object_class(char **list, size_t num_lines, const char *substr)
/* [<][>][^][v][top][bottom][index][help] */
55 {
56 int i;
57
58 for (i = 0; i < num_lines; i++) {
59 if (strequal(list[i], substr)) {
60 return true;
61 }
62 }
63
64 return false;
65 }
66
67 /**********************************************************************
68 Find out about the cell (e.g. use2307Attrs, etc...)
69 **********************************************************************/
70
71 NTSTATUS cell_lookup_settings(struct likewise_cell * cell)
/* [<][>][^][v][top][bottom][index][help] */
72 {
73 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
74
75 /* Parameter check */
76
77 if (!cell) {
78 nt_status = NT_STATUS_INVALID_PARAMETER;
79 BAIL_ON_NTSTATUS_ERROR(nt_status);
80 }
81
82 /* Only supporting Forest-wide, schema based searches */
83
84 cell_set_flags(cell, LWCELL_FLAG_USE_RFC2307_ATTRS);
85 cell_set_flags(cell, LWCELL_FLAG_SEARCH_FOREST);
86
87 cell->provider = &ccp_unified;
88
89 nt_status = NT_STATUS_OK;
90
91 done:
92 if (!NT_STATUS_IS_OK(nt_status)) {
93 DEBUG(1,("LWI: Failed to obtain cell settings (%s)\n",
94 nt_errstr(nt_status)));
95 }
96
97 return nt_status;
98 }
99
100
101 static NTSTATUS cell_lookup_forest(struct likewise_cell *c)
/* [<][>][^][v][top][bottom][index][help] */
102 {
103 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
104 struct gc_info *gc = NULL;
105
106 if (!c) {
107 return NT_STATUS_INVALID_PARAMETER;
108 }
109
110 if ((gc = TALLOC_ZERO_P(NULL, struct gc_info)) == NULL) {
111 nt_status = NT_STATUS_NO_MEMORY;
112 BAIL_ON_NTSTATUS_ERROR(nt_status);
113 }
114
115 /* Query the rootDSE for the forest root naming conect first.
116 Check that the a GC server for the forest has not already
117 been added */
118
119 nt_status = gc_find_forest_root(gc, cell_dns_domain(c));
120 BAIL_ON_NTSTATUS_ERROR(nt_status);
121
122 c->forest_name = talloc_strdup(c, gc->forest_name);
123 BAIL_ON_PTR_ERROR(c->forest_name, nt_status);
124
125 done:
126 if (gc) {
127 talloc_free(gc);
128 }
129
130 return nt_status;
131 }
132
133 /**********************************************************************
134 **********************************************************************/
135
136 NTSTATUS cell_locate_membership(ADS_STRUCT * ads)
/* [<][>][^][v][top][bottom][index][help] */
137 {
138 ADS_STATUS status;
139 char *domain_dn = ads_build_dn(lp_realm());
140 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
141 DOM_SID sid;
142 struct likewise_cell *cell = NULL;
143
144 /* In the Likewise plugin, I had to support the concept of cells
145 based on the machine's membership in an OU. However, now I'll
146 just assume our membership in the forest cell */
147
148 DEBUG(2, ("locate_cell_membership: Located membership "
149 "in cell \"%s\"\n", domain_dn));
150
151 if ((cell = cell_new()) == NULL) {
152 nt_status = NT_STATUS_NO_MEMORY;
153 BAIL_ON_NTSTATUS_ERROR(nt_status);
154 }
155
156 status = ads_domain_sid(ads, &sid);
157 if (!ADS_ERR_OK(status)) {
158 DEBUG(3,("locate_cell_membership: Failed to find "
159 "domain SID for %s\n", domain_dn));
160 }
161
162 /* save the SID and search base for our domain */
163
164 cell_set_dns_domain(cell, lp_realm());
165 cell_set_connection(cell, ads);
166 cell_set_dn(cell, domain_dn);
167 cell_set_domain_sid(cell, &sid);
168
169 /* Now save our forest root */
170
171 cell_lookup_forest(cell);
172
173 /* Add the cell to the list */
174
175 if (!cell_list_add(cell)) {
176 nt_status = NT_STATUS_INSUFFICIENT_RESOURCES;
177 BAIL_ON_NTSTATUS_ERROR(nt_status);
178 }
179
180 /* Done! */
181 nt_status = NT_STATUS_OK;
182
183 done:
184 if (!NT_STATUS_IS_OK(nt_status)) {
185 DEBUG(0,("LWI: Failed to locate cell membership (%s)\n",
186 nt_errstr(nt_status)));
187 }
188
189 SAFE_FREE(domain_dn);
190
191 return nt_status;
192 }
193
194 /*********************************************************************
195 ********************************************************************/
196
197 int min_id_value(void)
/* [<][>][^][v][top][bottom][index][help] */
198 {
199 int id_val;
200
201 id_val = lp_parm_int(-1, "lwidentity", "min_id_value", MIN_ID_VALUE);
202
203 /* Still don't let it go below 50 */
204
205 return MAX(50, id_val);
206 }
207
208 /********************************************************************
209 *******************************************************************/
210
211 char *cell_dn_to_dns(const char *dn)
/* [<][>][^][v][top][bottom][index][help] */
212 {
213 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
214 char *domain = NULL;
215 char *dns_name = NULL;
216 const char *tmp_dn;
217 char *buffer = NULL;
218 TALLOC_CTX *frame = talloc_stackframe();
219
220 if (!dn || !*dn) {
221 goto done;
222 }
223
224 tmp_dn = talloc_strdup(frame, dn);
225 BAIL_ON_PTR_ERROR(tmp_dn, nt_status);
226
227 while (next_token_talloc(frame, &tmp_dn, &buffer, ",")) {
228
229 /* skip everything up the where DC=... begins */
230 if (StrnCaseCmp(buffer, "DC=", 3) != 0)
231 continue;
232
233 if (!domain) {
234 domain = talloc_strdup(frame, &buffer[3]);
235 } else {
236 domain = talloc_asprintf_append(domain, ".%s",
237 &buffer[3]);
238 }
239 BAIL_ON_PTR_ERROR(domain, nt_status);
240 }
241
242 dns_name = SMB_STRDUP(domain);
243 BAIL_ON_PTR_ERROR(dns_name, nt_status);
244
245 nt_status = NT_STATUS_OK;
246
247 done:
248 PRINT_NTSTATUS_ERROR(nt_status, "cell_dn_to_dns", 1);
249
250 talloc_destroy(frame);
251
252 return dns_name;
253 }
254
255 /*********************************************************************
256 ********************************************************************/
257
258 NTSTATUS get_sid_type(ADS_STRUCT *ads,
/* [<][>][^][v][top][bottom][index][help] */
259 LDAPMessage *msg,
260 enum lsa_SidType *type)
261 {
262 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
263 uint32_t atype;
264
265 if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) {
266 nt_status = NT_STATUS_INVALID_USER_BUFFER;
267 BAIL_ON_NTSTATUS_ERROR(nt_status);
268 }
269
270 switch (atype &0xF0000000) {
271 case ATYPE_SECURITY_GLOBAL_GROUP:
272 *type = SID_NAME_DOM_GRP;
273 break;
274 case ATYPE_SECURITY_LOCAL_GROUP:
275 *type = SID_NAME_ALIAS;
276 break;
277 case ATYPE_NORMAL_ACCOUNT:
278 case ATYPE_WORKSTATION_TRUST:
279 case ATYPE_INTERDOMAIN_TRUST:
280 *type = SID_NAME_USER;
281 break;
282 default:
283 *type = SID_NAME_USE_NONE;
284 nt_status = NT_STATUS_INVALID_ACCOUNT_NAME;
285 BAIL_ON_NTSTATUS_ERROR(nt_status);
286 }
287
288 nt_status = NT_STATUS_OK;
289
290 done:
291 return nt_status;
292 }