DLIST_ADD(ldb->modules, current);
continue;
}
+
+ if (strcmp(modules[i], "samba3sam") == 0) {
+ current = ldb_samba3sam_module_init(ldb, options);
+ if (!current) {
+ ldb_debug(ldb, LDB_DEBUG_FATAL, "function 'init_module' in %s fails\n", modules[i]);
+ return -1;
+ }
+ DLIST_ADD(ldb->modules, current);
+ continue;
+ }
+
#endif
ldb_debug(ldb, LDB_DEBUG_WARNING, "WARNING: Module [%s] not found\n", modules[i]);
# Start SUBSYSTEM LDBSAMBA
[SUBSYSTEM::LDBSAMBA]
OBJ_FILES = \
- lib/ldb/samba/ldif_handlers.o
+ lib/ldb/samba/ldif_handlers.o \
+ lib/ldb/samba/samba3sam.o
# End SUBSYSTEM LDBSAMBA
################################################
struct ldb_dn *newdn;
int i;
+ if (dn == NULL)
+ return NULL;
+
newdn = talloc_memdup(module, dn, sizeof(*dn));
if (!newdn)
return NULL;
int i;
struct ldb_parse_tree eqtree, *new_eqtree;
+ if (dn == NULL)
+ return NULL;
+
newdn = talloc_memdup(module, dn, sizeof(*dn));
if (!newdn)
return NULL;
return newdn;
}
-
-
/* Loop over ldb_map_attribute array and add remote_names */
static const char **ldb_map_attrs(struct ldb_module *module, const char *const attrs[])
{
const char **ret;
int ar_size = 0, last_element = 0;
+ if (attrs == NULL)
+ return NULL;
+
/* Start with good guess of number of elements */
for (i = 0; attrs[i]; i++);
/*
- ldb database library - Samba3 compatibility backend
+ ldb database library - Samba3 SAM compatibility backend
Copyright (C) Jelmer Vernooij 2005
/* the init function */
#ifdef HAVE_DLOPEN_DISABLED
- struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
+struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
#else
- struct ldb_module *ldb_samba3_module_init(struct ldb_context *ldb, const char *options[])
+struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[])
#endif
{
return ldb_map_init(ldb, &samba3_attributes, &samba3_objectclasses, options);
--- /dev/null
+dn: dc=idealx,dc=org
+objectClass: dcObject
+objectclass: organization
+o: idealx
+dc: idealx
+
+dn: ou=Users,dc=idealx,dc=org
+objectClass: organizationalUnit
+ou: Users
+
+dn: ou=Groups,dc=idealx,dc=org
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Computers,dc=idealx,dc=org
+objectClass: organizationalUnit
+ou: Computers
+dn: uid=Administrator,ou=Users,dc=idealx,dc=org
+cn: Administrator
+sn: Administrator
+objectClass: inetOrgPerson
+objectClass: sambaSAMAccount
+objectClass: posixAccount
+objectClass: shadowAccount
+gidNumber: 512
+uid: Administrator
+uidNumber: 0
+homeDirectory: /home/%U
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaHomePath: \\PDC-SMB3\home\%U
+sambaHomeDrive: H:
+sambaProfilePath: \\PDC-SMB3\profiles\%U\Administrator
+sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-512
+sambaLMPassword: XXX
+sambaNTPassword: XXX
+sambaAcctFlags: [U ]
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-2996
+loginShell: /bin/false
+gecos: Netbios Domain Administrator
+
+dn: uid=nobody,ou=Users,dc=idealx,dc=org
+cn: nobody
+sn: nobody
+objectClass: inetOrgPerson
+objectClass: sambaSAMAccount
+objectClass: posixAccount
+objectClass: shadowAccount
+gidNumber: 514
+uid: nobody
+uidNumber: 999
+homeDirectory: /dev/null
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaHomePath: \\PDC-SMB3\home\%U
+sambaHomeDrive: H:
+sambaProfilePath: \\PDC-SMB3\profiles\%U\nobody
+sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-514
+sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaAcctFlags: [NU ]
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-2998
+loginShell: /bin/false
+
+dn: cn=Domain Admins,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 512
+cn: Domain Admins
+memberUid: Administrator
+description: Netbios Domain Administrators
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-512
+sambaGroupType: 2
+displayName: Domain Admins
+
+dn: cn=Domain Users,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 513
+cn: Domain Users
+description: Netbios Domain Users
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-513
+sambaGroupType: 2
+displayName: Domain Users
+
+dn: cn=Domain Guests,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 514
+cn: Domain Guests
+description: Netbios Domain Guests Users
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-514
+sambaGroupType: 2
+displayName: Domain Guests
+
+dn: cn=Print Operators,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 550
+cn: Print Operators
+description: Netbios Domain Print Operators
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-550
+sambaGroupType: 2
+displayName: Print Operators
+
+dn: cn=Backup Operators,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 551
+cn: Backup Operators
+description: Netbios Domain Members can bypass file security to back up files
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-551
+sambaGroupType: 2
+displayName: Backup Operators
+
+dn: cn=Replicator,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 552
+cn: Replicator
+description: Netbios Domain Supports file replication in a sambaDomainName
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-552
+sambaGroupType: 2
+displayName: Replicator
+
+dn: cn=Domain Computers,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 553
+cn: Domain Computers
+description: Netbios Domain Computers accounts
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-553
+sambaGroupType: 2
+displayName: Domain Computers
+
+dn: cn=Administrators,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 544
+cn: Administrators
+description: Netbios Domain Members can fully administer the computer/sambaDomainName
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-544
+sambaGroupType: 2
+displayName: Administrators
+
+dn: cn=Users,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 545
+cn: Users
+description: Netbios Domain Ordinary users
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-545
+sambaGroupType: 2
+displayName: users
+
+dn: cn=Guests,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 546
+cn: Guests
+memberUid: nobody
+description: Netbios Domain Users granted guest access to the computer/sambaDomainName
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-546
+sambaGroupType: 2
+displayName: Guests
+
+dn: cn=Power Users,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 547
+cn: Power Users
+description: Netbios Domain Members can share directories and printers
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-547
+sambaGroupType: 2
+displayName: Power Users
+
+dn: cn=Account Operators,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 548
+cn: Account Operators
+description: Netbios Domain Users to manipulate users accounts
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-548
+sambaGroupType: 2
+displayName: Account Operators
+
+dn: cn=Server Operators,ou=Groups,dc=idealx,dc=org
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 549
+cn: Server Operators
+description: Netbios Domain Server Operators
+sambaSID: S-1-5-21-4231626423-2410014848-2360679739-549
+sambaGroupType: 2
+displayName: Server Operators
--- /dev/null
+#!/bin/sh
+
+rm -f samba3.ldb
+
+$VALGRIND ldbadd -H tdb://samba3.ldb < samba3.ldif
+
+OPT="-o modules:samba3sam -H tdb://samba3.ldb "
+$VALGRIND ldbsearch $OPT "(cn=Administrator)"
case 'o':
options.options = talloc_realloc(ret, options.options,
- const char *, num_options+2);
+ const char *, num_options+3);
if (options.options == NULL) {
ldb_oom(ldb);
goto failed;
}
- options.options[num_options++] = poptGetOptArg(pc);
+ options.options[num_options] = poptGetOptArg(pc);
options.options[num_options+1] = NULL;
+ num_options++;
break;
default:
lib/samba3/group.o \
lib/samba3/registry.o \
lib/samba3/secrets.o \
- lib/samba3/ldb_samba3.o \
lib/samba3/share_info.o \
lib/samba3/upgrade.o
# End SUBSYSTEM LIBSAMBA3
char **dcerpc_ep_servers;
char **server_services;
char *ntptr_providor;
- char *szWinbindUID;
- char *szWinbindGID;
- char *szNonUnixAccountRange;
char *szWinbindSeparator;
char *swat_directory;
BOOL tls_enabled;
/* prototypes for the special type handlers */
static BOOL handle_include(const char *pszParmValue, char **ptr);
static BOOL handle_copy(const char *pszParmValue, char **ptr);
-static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr);
-static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr);
-static BOOL handle_non_unix_account_range(const char *pszParmValue, char **ptr);
static void set_server_role(void);
static void set_default_server_announce_type(void);
{"spoolss database", P_STRING, P_GLOBAL, &Globals.szSPOOLSS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins database", P_STRING, P_GLOBAL, &Globals.szWINS_URL, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
-
- {"Winbind options", P_SEP, P_SEPARATOR},
-
- {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
do_parameter("DomainLogons", "False", NULL);
do_parameter("WINSsupport", "False", NULL);
- do_parameter("WinbindSeparator", "\\", NULL);
+ do_parameter("winbind separator", "\\", NULL);
do_parameter("client signing", "Yes", NULL);
do_parameter("server signing", "auto", NULL);
FN_GLOBAL_STRING(lp_sam_url, &Globals.szSAM_URL)
FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL)
FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)
+FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
FN_GLOBAL_STRING(lp_lockdir, &Globals.szLockDir)
FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
-
-FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
-
FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios)
FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport)
FN_GLOBAL_BOOL(lp_local_master, &Globals.bLocalMaster)
return (bRetval);
}
-/***************************************************************************
- Handle winbind/non unix account uid and gid allocation parameters. The format of these
- parameters is:
-
- [global]
-
- winbind uid = 1000-1999
- winbind gid = 700-899
-
- We only do simple parsing checks here. The strings are parsed into useful
- structures in the winbind daemon code.
-
-***************************************************************************/
-
-/* Some lp_ routines to return winbind [ug]id information */
-
-static uid_t winbind_uid_low, winbind_uid_high;
-static gid_t winbind_gid_low, winbind_gid_high;
-static uint32_t non_unix_account_low, non_unix_account_high;
-
-BOOL lp_winbind_uid(uid_t *low, uid_t *high)
-{
- if (winbind_uid_low == 0 || winbind_uid_high == 0)
- return False;
-
- if (low)
- *low = winbind_uid_low;
-
- if (high)
- *high = winbind_uid_high;
-
- return True;
-}
-
-BOOL lp_winbind_gid(gid_t *low, gid_t *high)
-{
- if (winbind_gid_low == 0 || winbind_gid_high == 0)
- return False;
-
- if (low)
- *low = winbind_gid_low;
-
- if (high)
- *high = winbind_gid_high;
-
- return True;
-}
-
-BOOL lp_non_unix_account_range(uint32_t *low, uint32_t *high)
-{
- if (non_unix_account_low == 0 || non_unix_account_high == 0)
- return False;
-
- if (low)
- *low = non_unix_account_low;
-
- if (high)
- *high = non_unix_account_high;
-
- return True;
-}
-
-/* Do some simple checks on "winbind [ug]id" parameter values */
-
-static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr)
-{
- uint32_t low, high;
-
- if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- winbind_uid_low = low;
- winbind_uid_high = high;
-
- return True;
-}
-
-static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr)
-{
- uint32_t low, high;
-
- if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- winbind_gid_low = low;
- winbind_gid_high = high;
-
- return True;
-}
-
-/***************************************************************************
- Do some simple checks on "non unix account range" parameter values.
-***************************************************************************/
-
-static BOOL handle_non_unix_account_range(const char *pszParmValue, char **ptr)
-{
- uint32_t low, high;
-
- if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
- return False;
-
- /* Parse OK */
-
- string_set(ptr, pszParmValue);
-
- non_unix_account_low = low;
- non_unix_account_high = high;
-
- return True;
-}
-
-
/***************************************************************************
Initialise a copymap.
***************************************************************************/