source/dsdb/samdb/ldb_modules/samba3sam.c

   1 /*
   2    ldb database library - Samba3 SAM compatibility backend
   3
   4    Copyright (C) Jelmer Vernooij 2005
   5 */
   6
   7 #include "includes.h"
   8 #include "ldb/modules/ldb_map.h"
   9 #include "ldb/include/ldb.h"
  10 #include "ldb/include/ldb_private.h"
  11 #include "librpc/gen_ndr/ndr_security.h"
  12
  13 /* FIXME:
  14  * sambaSID -> member  (dn!)
  15  * sambaSIDList -> member (dn!)
  16  * sambaDomainName -> name
  17  * sambaTrustPassword
  18  * sambaUnixIdPool
  19  * sambaIdmapEntry
  20  * sambaAccountPolicy
  21  * sambaSidEntry
  22  * sambaAcctFlags -> systemFlags ?
  23  * sambaPasswordHistory  -> ntPwdHistory*/
  24
  25 /* Not necessary:
  26  * sambaConfig
  27  * sambaShare
  28  * sambaConfigOption
  29  * sambaNextGroupRid
  30  * sambaNextUserRid
  31  * sambaAlgorithmicRidBase
  32  */
  33
  34 /* Not in Samba4:
  35  * sambaKickoffTime
  36  * sambaPwdCanChange
  37  * sambaPwdMustChange
  38  * sambaHomePath
  39  * sambaHomeDrive
  40  * sambaLogonScript
  41  * sambaProfilePath
  42  * sambaUserWorkstations
  43  * sambaMungedDial
  44  * sambaLogonHours */
  45
  46 /* In Samba4 but not in Samba3:
  47 */
  48
  49 static struct ldb_val convert_sid_rid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
  50 {
  51         printf("Converting SID TO RID *\n");
  52
  53         /* FIXME */
  54
  55         return ldb_val_dup(ctx, val);
  56 }
  57
  58 static struct ldb_val convert_rid_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
  59 {
  60         printf("Converting RID TO SID *\n");
  61
  62         /* FIXME */
  63
  64         return ldb_val_dup(ctx, val);
  65 }
  66
  67 static struct ldb_val convert_unix_id2name(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
  68 {
  69         printf("Converting UNIX ID to name\n");
  70
  71         /* FIXME */
  72
  73         return ldb_val_dup(ctx, val);
  74 }
  75
  76 static struct ldb_val convert_unix_name2id(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
  77 {
  78         printf("Converting UNIX name to ID\n");
  79
  80         /* FIXME */
  81
  82         return ldb_val_dup(ctx, val);
  83 }
  84
  85 static struct ldb_val encode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
  86 {
  87         struct dom_sid *sid = dom_sid_parse_talloc(ctx, (char *)val->data);
  88         struct ldb_val *out = talloc_zero(ctx, struct ldb_val);
  89         NTSTATUS status;
  90
  91         if (sid == NULL) {
  92                 return *out;
  93         }
  94         status = ndr_push_struct_blob(out, ctx, sid,
  95                                       (ndr_push_flags_fn_t)ndr_push_dom_sid);
  96         talloc_free(sid);
  97         if (!NT_STATUS_IS_OK(status)) {
  98                 return *out;
  99         }
 100
 101         return *out;
 102 }
 103
 104 static struct ldb_val decode_sid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val)
 105 {
 106         struct dom_sid *sid;
 107         NTSTATUS status;
 108         struct ldb_val *out = talloc_zero(ctx, struct ldb_val);
 109
 110         sid = talloc(ctx, struct dom_sid);
 111         if (sid == NULL) {
 112                 return *out;
 113         }
 114         status = ndr_pull_struct_blob(val, sid, sid,
 115                                       (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
 116         if (!NT_STATUS_IS_OK(status)) {
 117                 talloc_free(sid);
 118                 return *out;
 119         }
 120         out->data = (uint8_t *)dom_sid_string(ctx, sid);
 121         talloc_free(sid);
 122         if (out->data == NULL) {
 123                 return *out;
 124         }
 125         out->length = strlen((const char *)out->data);
 126
 127         return *out;
 128 }
 129
 130 const struct ldb_map_objectclass samba3_objectclasses[] = {
 131         {
 132                 .local_name = "group",
 133                 .remote_name = "sambaGroupMapping",
 134                 .musts = { "gidNumber", "sambaSID", "sambaGroupType", NULL },
 135                 .mays = { "displayName", "description", "sambaSIDList", NULL },
 136         },
 137         {
 138                 .local_name = "user",
 139                 .remote_name = "sambaSAMAccount",
 140                 .base_classes = { "top", NULL },
 141                 .musts = { "uid", "sambaSID", NULL },
 142                 .mays = { "cn", "sambaLMPassword", "sambaNTPassword",
 143                         "sambaPwdLastSet", "sambaLogonTime", "sambaLogoffTime",
 144                         "sambaKickoffTime", "sambaPwdCanChange", "sambaPwdMustChange",
 145                         "sambaAcctFlags", "displayName", "sambaHomePath", "sambaHomeDrive",
 146                         "sambaLogonScript", "sambaProfilePath", "description", "sambaUserWorkstations",
 147                         "sambaPrimaryGroupSID", "sambaDomainName", "sambaMungedDial",
 148                         "sambaBadPasswordCount", "sambaBadPasswordTime",
 149                 "sambaPasswordHistory", "sambaLogonHours", NULL }
 150
 151         },
 152         {
 153                 .local_name = "domain",
 154                 .remote_name = "sambaDomain",
 155                 .base_classes = { "top", NULL },
 156                 .musts = { "sambaDomainName", "sambaSID", NULL },
 157                 .mays = { "sambaNextRid", "sambaNextGroupRid", "sambaNextUserRid", "sambaAlgorithmicRidBase", NULL },
 158         },
 159         { NULL, NULL }
 160 };
 161
 162 const struct ldb_map_attribute samba3_attributes[] =
 163 {
 164         /* sambaNextRid -> nextRid */
 165         {
 166                 .local_name = "nextRid",
 167                 .type = MAP_RENAME,
 168                 .u = {
 169                         .rename = {
 170                                 .remote_name = "sambaNextRid",
 171                         },
 172                 },
 173         },
 174
 175         /* sambaBadPasswordTime -> badPasswordtime*/
 176         {
 177                 .local_name = "badPasswordTime",
 178                 .type = MAP_RENAME,
 179                 .u = {
 180                         .rename = {
 181                                 .remote_name = "sambaBadPasswordTime",
 182                         },
 183                 },
 184         },
 185
 186         /* sambaLMPassword -> lmPwdHash*/
 187         {
 188                 .local_name = "lmPwdHash",
 189                 .type = MAP_RENAME,
 190                 .u = {
 191                         .rename = {
 192                                 .remote_name = "sambaLMPassword",
 193                         },
 194                 },
 195         },
 196
 197         /* sambaGroupType -> groupType */
 198         {
 199                 .local_name = "groupType",
 200                 .type = MAP_RENAME,
 201                 .u = {
 202                         .rename = {
 203                                 .remote_name = "sambaGroupType",
 204                         },
 205                 },
 206         },
 207
 208         /* sambaNTPassword -> ntPwdHash*/
 209         {
 210                 .local_name = "ntPwdHash",
 211                 .type = MAP_RENAME,
 212                 .u = {
 213                         .rename = {
 214                                 .remote_name = "sambaNTPassword",
 215                         },
 216                 },
 217         },
 218
 219         /* sambaPrimaryGroupSID -> primaryGroupID */
 220         {
 221                 .local_name = "primaryGroupID",
 222                 .type = MAP_CONVERT,
 223                 .u = {
 224                         .convert = {
 225                                 .remote_name = "sambaPrimaryGroupSID",
 226                                 .convert_local = convert_rid_sid,
 227                                 .convert_remote = convert_sid_rid,
 228                         },
 229                 },
 230         },
 231
 232         /* sambaBadPasswordCount -> badPwdCount */
 233         {
 234                 .local_name = "badPwdCount",
 235                 .type = MAP_RENAME,
 236                 .u = {
 237                         .rename = {
 238                                 .remote_name = "sambaBadPasswordCount",
 239                         },
 240                 },
 241         },
 242
 243         /* sambaLogonTime -> lastLogon*/
 244         {
 245                 .local_name = "lastLogon",
 246                 .type = MAP_RENAME,
 247                 .u = {
 248                         .rename = {
 249                                 .remote_name = "sambaLogonTime",
 250                         },
 251                 },
 252         },
 253
 254         /* sambaLogoffTime -> lastLogoff*/
 255         {
 256                 .local_name = "lastLogoff",
 257                 .type = MAP_RENAME,
 258                 .u = {
 259                         .rename = {
 260                                 .remote_name = "sambaLogoffTime",
 261                         },
 262                 },
 263         },
 264
 265         /* uid -> unixName */
 266         {
 267                 .local_name = "unixName",
 268                 .type = MAP_RENAME,
 269                 .u = {
 270                         .convert = {
 271                                 .remote_name = "uid",
 272                         },
 273                 },
 274         },
 275
 276         /* displayName -> name */
 277         {
 278                 .local_name = "name",
 279                 .type = MAP_RENAME,
 280                 .u = {
 281                         .rename = {
 282                                 .remote_name = "displayName",
 283                         },
 284                 },
 285         },
 286
 287         /* cn */
 288         {
 289                 .local_name = "cn",
 290                 .type = MAP_KEEP,
 291         },
 292
 293         /* sAMAccountName -> cn */
 294         {
 295                 .local_name = "sAMAccountName",
 296                 .type = MAP_RENAME,
 297                 .u = {
 298                         .rename = {
 299                                 .remote_name = "uid",
 300                         },
 301                 },
 302         },
 303
 304         /* objectCategory */
 305         {
 306                 .local_name = "objectCategory",
 307                 .type = MAP_IGNORE,
 308         },
 309
 310         /* objectGUID */
 311         {
 312                 .local_name = "objectGUID",
 313                 .type = MAP_IGNORE,
 314         },
 315
 316         /* objectVersion */
 317         {
 318                 .local_name = "objectVersion",
 319                 .type = MAP_IGNORE,
 320         },
 321
 322         /* codePage */
 323         {
 324                 .local_name = "codePage",
 325                 .type = MAP_IGNORE,
 326         },
 327
 328         /* dNSHostName */
 329         {
 330                 .local_name = "dNSHostName",
 331                 .type = MAP_IGNORE,
 332         },
 333
 334
 335         /* dnsDomain */
 336         {
 337                 .local_name = "dnsDomain",
 338                 .type = MAP_IGNORE,
 339         },
 340
 341         /* dnsRoot */
 342         {
 343                 .local_name = "dnsRoot",
 344                 .type = MAP_IGNORE,
 345         },
 346
 347         /* countryCode */
 348         {
 349                 .local_name = "countryCode",
 350                 .type = MAP_IGNORE,
 351         },
 352
 353         /* nTMixedDomain */
 354         {
 355                 .local_name = "nTMixedDomain",
 356                 .type = MAP_IGNORE,
 357         },
 358
 359         /* operatingSystem */
 360         {
 361                 .local_name = "operatingSystem",
 362                 .type = MAP_IGNORE,
 363         },
 364
 365         /* operatingSystemVersion */
 366         {
 367                 .local_name = "operatingSystemVersion",
 368                 .type = MAP_IGNORE,
 369         },
 370
 371
 372         /* servicePrincipalName */
 373         {
 374                 .local_name = "servicePrincipalName",
 375                 .type = MAP_IGNORE,
 376         },
 377
 378         /* msDS-Behavior-Version */
 379         {
 380                 .local_name = "msDS-Behavior-Version",
 381                 .type = MAP_IGNORE,
 382         },
 383
 384         /* msDS-KeyVersionNumber */
 385         {
 386                 .local_name = "msDS-KeyVersionNumber",
 387                 .type = MAP_IGNORE,
 388         },
 389
 390         /* msDs-masteredBy */
 391         {
 392                 .local_name = "msDs-masteredBy",
 393                 .type = MAP_IGNORE,
 394         },
 395
 396         /* ou */
 397         {
 398                 .local_name = "ou",
 399                 .type = MAP_KEEP,
 400         },
 401
 402         /* dc */
 403         {
 404                 .local_name = "dc",
 405                 .type = MAP_KEEP,
 406         },
 407
 408         /* description */
 409         {
 410                 .local_name = "description",
 411                 .type = MAP_KEEP,
 412         },
 413
 414         /* sambaSID -> objectSid*/
 415         {
 416                 .local_name = "objectSid",
 417                 .type = MAP_CONVERT,
 418                 .u = {
 419                         .convert = {
 420                                 .remote_name = "sambaSID",
 421                                 .convert_local = decode_sid,
 422                                 .convert_remote = encode_sid,
 423                         },
 424                 },
 425         },
 426
 427         /* sambaPwdLastSet -> pwdLastSet */
 428         {
 429                 .local_name = "pwdLastSet",
 430                 .type = MAP_RENAME,
 431                 .u = {
 432                         .rename = {
 433                                 .remote_name = "sambaPwdLastSet",
 434                         },
 435                 },
 436         },
 437
 438         /* accountExpires */
 439         {
 440                 .local_name = "accountExpires",
 441                 .type = MAP_IGNORE,
 442         },
 443
 444         /* adminCount */
 445         {
 446                 .local_name = "adminCount",
 447                 .type = MAP_IGNORE,
 448         },
 449
 450         /* canonicalName */
 451         {
 452                 .local_name = "canonicalName",
 453                 .type = MAP_IGNORE,
 454         },
 455
 456         /* createTimestamp */
 457         {
 458                 .local_name = "createTimestamp",
 459                 .type = MAP_IGNORE,
 460         },
 461
 462         /* creationTime */
 463         {
 464                 .local_name = "creationTime",
 465                 .type = MAP_IGNORE,
 466         },
 467
 468         /* dMDLocation */
 469         {
 470                 .local_name = "dMDLocation",
 471                 .type = MAP_IGNORE,
 472         },
 473
 474         /* fSMORoleOwner */
 475         {
 476                 .local_name = "fSMORoleOwner",
 477                 .type = MAP_IGNORE,
 478         },
 479
 480         /* forceLogoff */
 481         {
 482                 .local_name = "forceLogoff",
 483                 .type = MAP_IGNORE,
 484         },
 485
 486         /* instanceType */
 487         {
 488                 .local_name = "instanceType",
 489                 .type = MAP_IGNORE,
 490         },
 491
 492         /* invocationId */
 493         {
 494                 .local_name = "invocationId",
 495                 .type = MAP_IGNORE,
 496         },
 497
 498         /* isCriticalSystemObject */
 499         {
 500                 .local_name = "isCriticalSystemObject",
 501                 .type = MAP_IGNORE,
 502         },
 503
 504         /* localPolicyFlags */
 505         {
 506                 .local_name = "localPolicyFlags",
 507                 .type = MAP_IGNORE,
 508         },
 509
 510         /* lockOutObservationWindow */
 511         {
 512                 .local_name = "lockOutObservationWindow",
 513                 .type = MAP_IGNORE,
 514         },
 515
 516         /* lockoutDuration */
 517         {
 518                 .local_name = "lockoutDuration",
 519                 .type = MAP_IGNORE,
 520         },
 521
 522         /* lockoutThreshold */
 523         {
 524                 .local_name = "lockoutThreshold",
 525                 .type = MAP_IGNORE,
 526         },
 527
 528         /* logonCount */
 529         {
 530                 .local_name = "logonCount",
 531                 .type = MAP_IGNORE,
 532         },
 533
 534         /* masteredBy */
 535         {
 536                 .local_name = "masteredBy",
 537                 .type = MAP_IGNORE,
 538         },
 539
 540         /* maxPwdAge */
 541         {
 542                 .local_name = "maxPwdAge",
 543                 .type = MAP_IGNORE,
 544         },
 545
 546         /* member */
 547         {
 548                 .local_name = "member",
 549                 .type = MAP_IGNORE,
 550         },
 551
 552         /* memberOf */
 553         {
 554                 .local_name = "memberOf",
 555                 .type = MAP_IGNORE,
 556         },
 557
 558         /* minPwdAge */
 559         {
 560                 .local_name = "minPwdAge",
 561                 .type = MAP_IGNORE,
 562         },
 563
 564         /* minPwdLength */
 565         {
 566                 .local_name = "minPwdLength",
 567                 .type = MAP_IGNORE,
 568         },
 569
 570         /* modifiedCount */
 571         {
 572                 .local_name = "modifiedCount",
 573                 .type = MAP_IGNORE,
 574         },
 575
 576         /* modifiedCountAtLastProm */
 577         {
 578                 .local_name = "modifiedCountAtLastProm",
 579                 .type = MAP_IGNORE,
 580         },
 581
 582         /* modifyTimestamp */
 583         {
 584                 .local_name = "modifyTimestamp",
 585                 .type = MAP_IGNORE,
 586         },
 587
 588         /* nCName */
 589         {
 590                 .local_name = "nCName",
 591                 .type = MAP_IGNORE,
 592         },
 593
 594         /* nETBIOSName */
 595         {
 596                 .local_name = "nETBIOSName",
 597                 .type = MAP_IGNORE,
 598         },
 599
 600         /* oEMInformation */
 601         {
 602                 .local_name = "oEMInformation",
 603                 .type = MAP_IGNORE,
 604         },
 605
 606         /* privilege */
 607         {
 608                 .local_name = "privilege",
 609                 .type = MAP_IGNORE,
 610         },
 611
 612         /* pwdHistoryLength */
 613         {
 614                 .local_name = "pwdHistoryLength",
 615                 .type = MAP_IGNORE,
 616         },
 617
 618         /* pwdProperties */
 619         {
 620                 .local_name = "pwdProperties",
 621                 .type = MAP_IGNORE,
 622         },
 623
 624         /* rIDAvailablePool */
 625         {
 626                 .local_name = "rIDAvailablePool",
 627                 .type = MAP_IGNORE,
 628         },
 629
 630         /* revision */
 631         {
 632                 .local_name = "revision",
 633                 .type = MAP_IGNORE,
 634         },
 635
 636         /* ridManagerReference */
 637         {
 638                 .local_name = "ridManagerReference",
 639                 .type = MAP_IGNORE,
 640         },
 641
 642         /* sAMAccountType */
 643         {
 644                 .local_name = "sAMAccountType",
 645                 .type = MAP_IGNORE,
 646         },
 647
 648         /* sPNMappings */
 649         {
 650                 .local_name = "sPNMappings",
 651                 .type = MAP_IGNORE,
 652         },
 653
 654         /* serverReference */
 655         {
 656                 .local_name = "serverReference",
 657                 .type = MAP_IGNORE,
 658         },
 659
 660         /* serverState */
 661         {
 662                 .local_name = "serverState",
 663                 .type = MAP_IGNORE,
 664         },
 665
 666         /* showInAdvancedViewOnly */
 667         {
 668                 .local_name = "showInAdvancedViewOnly",
 669                 .type = MAP_IGNORE,
 670         },
 671
 672         /* subRefs */
 673         {
 674                 .local_name = "subRefs",
 675                 .type = MAP_IGNORE,
 676         },
 677
 678         /* systemFlags */
 679         {
 680                 .local_name = "systemFlags",
 681                 .type = MAP_IGNORE,
 682         },
 683
 684         /* uASCompat */
 685         {
 686                 .local_name = "uASCompat",
 687                 .type = MAP_IGNORE,
 688         },
 689
 690         /* uSNChanged */
 691         {
 692                 .local_name = "uSNChanged",
 693                 .type = MAP_IGNORE,
 694         },
 695
 696         /* uSNCreated */
 697         {
 698                 .local_name = "uSNCreated",
 699                 .type = MAP_IGNORE,
 700         },
 701
 702         /* unicodePwd */
 703         {
 704                 .local_name = "unicodePwd",
 705                 .type = MAP_IGNORE,
 706         },
 707
 708         /* userAccountControl */
 709         {
 710                 .local_name = "userAccountControl",
 711                 .type = MAP_IGNORE,
 712         },
 713
 714         /* whenChanged */
 715         {
 716                 .local_name = "whenChanged",
 717                 .type = MAP_IGNORE,
 718         },
 719
 720         /* whenCreated */
 721         {
 722                 .local_name = "whenCreated",
 723                 .type = MAP_IGNORE,
 724         },
 725
 726         {
 727                 .local_name = NULL,
 728         }
 729 };
 730
 731         /* the init function */
 732 #ifdef HAVE_DLOPEN_DISABLED
 733 struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
 734 #else
 735 struct ldb_module *ldb_samba3sam_module_init(struct ldb_context *ldb, const char *options[])
 736 #endif
 737 {
 738         return ldb_map_init(ldb, samba3_attributes, samba3_objectclasses, "samba3sam");
 739 }