2 * idmap_ad: map between Active Directory and RFC 2307 or "Services for Unix" (SFU) Accounts
4 * Unix SMB/CIFS implementation.
6 * Winbind ADS backend functions
8 * Copyright (C) Andrew Tridgell 2001
9 * Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
10 * Copyright (C) Gerald (Jerry) Carter 2004-2007
11 * Copyright (C) Luke Howard 2001-2004
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
31 #define DBGC_CLASS DBGC_IDMAP
33 #define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
35 #define IDMAP_AD_MAX_IDS 30
36 #define CHECK_ALLOC_DONE(mem) do { \
38 DEBUG(0, ("Out of memory!\n")); \
39 ret = NT_STATUS_NO_MEMORY; \
44 struct idmap_ad_context {
45 uint32_t filter_low_id;
46 uint32_t filter_high_id;
49 NTSTATUS init_module(void);
51 static ADS_STRUCT *ad_idmap_ads = NULL;
52 static struct posix_schema *ad_schema = NULL;
53 static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN;
55 /************************************************************************
56 ***********************************************************************/
58 static ADS_STRUCT *ad_idmap_cached_connection_internal(void)
66 if (ad_idmap_ads != NULL) {
69 time_t now = time(NULL);
73 expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
75 /* check for a valid structure */
76 DEBUG(7, ("Current tickets expire in %d seconds (at %d, time is now %d)\n",
77 (uint32)expire-(uint32)now, (uint32) expire, (uint32) now));
79 if ( ads->config.realm && (expire > time(NULL))) {
82 /* we own this ADS_STRUCT so make sure it goes away */
83 DEBUG(7,("Deleting expired krb5 credential cache\n"));
86 ads_kdestroy(WINBIND_CCACHE_NAME);
88 TALLOC_FREE( ad_schema );
93 /* we don't want this to affect the users ccache */
94 setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
97 if ( (ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL ) {
98 DEBUG(1,("ads_init failed\n"));
102 /* the machine acct password might have change - fetch it every time */
103 SAFE_FREE(ads->auth.password);
104 ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
106 SAFE_FREE(ads->auth.realm);
107 ads->auth.realm = SMB_STRDUP(lp_realm());
109 /* setup server affinity */
111 get_dc_name( NULL, ads->auth.realm, dc_name, &dc_ip );
113 status = ads_connect(ads);
114 if (!ADS_ERR_OK(status)) {
115 DEBUG(1, ("ad_idmap_init: failed to connect to AD\n"));
120 ads->is_mine = False;
127 /************************************************************************
128 ***********************************************************************/
130 static ADS_STRUCT *ad_idmap_cached_connection(void)
132 ADS_STRUCT *ads = ad_idmap_cached_connection_internal();
137 /* if we have a valid ADS_STRUCT and the schema model is
138 defined, then we can return here. */
143 /* Otherwise, set the schema model */
145 if ( (ad_map_type == WB_POSIX_MAP_SFU) ||
146 (ad_map_type == WB_POSIX_MAP_SFU20) ||
147 (ad_map_type == WB_POSIX_MAP_RFC2307) )
149 ADS_STATUS schema_status;
151 schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema);
152 if ( !ADS_ERR_OK(schema_status) ) {
153 DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n"));
161 /************************************************************************
162 ***********************************************************************/
164 static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
166 struct idmap_ad_context *ctx;
168 const char *range = NULL;
169 const char *schema_mode = NULL;
171 if ( (ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context)) == NULL ) {
172 DEBUG(0, ("Out of memory!\n"));
173 return NT_STATUS_NO_MEMORY;
176 if ( (config_option = talloc_asprintf(ctx, "idmap config %s", dom->name)) == NULL ) {
177 DEBUG(0, ("Out of memory!\n"));
179 return NT_STATUS_NO_MEMORY;
183 range = lp_parm_const_string(-1, config_option, "range", NULL);
184 if (range && range[0]) {
185 if ((sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) ||
186 (ctx->filter_low_id > ctx->filter_high_id)) {
187 DEBUG(1, ("ERROR: invalid filter range [%s]", range));
188 ctx->filter_low_id = 0;
189 ctx->filter_high_id = 0;
194 if ( ad_map_type == WB_POSIX_MAP_UNKNOWN )
195 ad_map_type = WB_POSIX_MAP_RFC2307;
196 schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL);
197 if ( schema_mode && schema_mode[0] ) {
198 if ( strequal(schema_mode, "sfu") )
199 ad_map_type = WB_POSIX_MAP_SFU;
200 else if ( strequal(schema_mode, "sfu20" ) )
201 ad_map_type = WB_POSIX_MAP_SFU20;
202 else if ( strequal(schema_mode, "rfc2307" ) )
203 ad_map_type = WB_POSIX_MAP_RFC2307;
205 DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n",
209 dom->private_data = ctx;
210 dom->initialized = True;
212 talloc_free(config_option);
217 /************************************************************************
218 Search up to IDMAP_AD_MAX_IDS entries in maps for a match.
219 ***********************************************************************/
221 static struct id_map *find_map_by_id(struct id_map **maps, enum id_type type, uint32_t id)
225 for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
226 if ((maps[i]->xid.type == type) && (maps[i]->xid.id == id)) {
234 /************************************************************************
235 Search up to IDMAP_AD_MAX_IDS entries in maps for a match
236 ***********************************************************************/
238 static struct id_map *find_map_by_sid(struct id_map **maps, DOM_SID *sid)
242 for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) {
243 if (sid_equal(maps[i]->sid, sid)) {
251 /************************************************************************
252 ***********************************************************************/
254 static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
258 struct idmap_ad_context *ctx;
261 const char *attrs[] = { "sAMAccountType",
263 NULL, /* uidnumber */
264 NULL, /* gidnumber */
266 LDAPMessage *res = NULL;
267 LDAPMessage *entry = NULL;
273 char *u_filter = NULL;
274 char *g_filter = NULL;
276 /* Only do query if we are online */
277 if (idmap_is_offline()) {
278 return NT_STATUS_FILE_IS_OFFLINE;
281 /* Initilization my have been deferred because we were offline */
282 if ( ! dom->initialized) {
283 ret = idmap_ad_initialize(dom);
284 if ( ! NT_STATUS_IS_OK(ret)) {
289 ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
291 if ( (memctx = talloc_new(ctx)) == NULL ) {
292 DEBUG(0, ("Out of memory!\n"));
293 return NT_STATUS_NO_MEMORY;
296 if ( (ads = ad_idmap_cached_connection()) == NULL ) {
297 DEBUG(1, ("ADS uninitialized\n"));
298 ret = NT_STATUS_UNSUCCESSFUL;
302 attrs[2] = ad_schema->posix_uidnumber_attr;
303 attrs[3] = ad_schema->posix_gidnumber_attr;
307 for (i = 0; (i < IDMAP_AD_MAX_IDS) && ids[idx]; i++, idx++) {
308 switch (ids[idx]->xid.type) {
311 u_filter = talloc_asprintf(memctx, "(&(|"
312 "(sAMAccountType=%d)"
313 "(sAMAccountType=%d)"
314 "(sAMAccountType=%d))(|",
315 ATYPE_NORMAL_ACCOUNT,
316 ATYPE_WORKSTATION_TRUST,
317 ATYPE_INTERDOMAIN_TRUST);
319 u_filter = talloc_asprintf_append(u_filter, "(%s=%lu)",
320 ad_schema->posix_uidnumber_attr,
321 (unsigned long)ids[idx]->xid.id);
322 CHECK_ALLOC_DONE(u_filter);
327 g_filter = talloc_asprintf(memctx, "(&(|"
328 "(sAMAccountType=%d)"
329 "(sAMAccountType=%d))(|",
330 ATYPE_SECURITY_GLOBAL_GROUP,
331 ATYPE_SECURITY_LOCAL_GROUP);
333 g_filter = talloc_asprintf_append(g_filter, "(%s=%lu)",
334 ad_schema->posix_gidnumber_attr,
335 (unsigned long)ids[idx]->xid.id);
336 CHECK_ALLOC_DONE(g_filter);
340 DEBUG(3, ("Error: mapping requested but Unknown ID type\n"));
341 ids[idx]->status = ID_UNKNOWN;
345 filter = talloc_asprintf(memctx, "(|");
346 CHECK_ALLOC_DONE(filter);
348 filter = talloc_asprintf_append(filter, "%s))", u_filter);
349 CHECK_ALLOC_DONE(filter);
350 TALLOC_FREE(u_filter);
353 filter = talloc_asprintf_append(filter, "%s))", g_filter);
354 CHECK_ALLOC_DONE(filter);
355 TALLOC_FREE(g_filter);
357 filter = talloc_asprintf_append(filter, ")");
358 CHECK_ALLOC_DONE(filter);
360 rc = ads_search_retry(ads, &res, filter, attrs);
361 if (!ADS_ERR_OK(rc)) {
362 DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
363 ret = NT_STATUS_UNSUCCESSFUL;
367 if ( (count = ads_count_replies(ads, res)) == 0 ) {
368 DEBUG(10, ("No IDs found\n"));
372 for (i = 0; (i < count) && entry; i++) {
379 if (i == 0) { /* first entry */
380 entry = ads_first_entry(ads, entry);
381 } else { /* following ones */
382 entry = ads_next_entry(ads, entry);
386 DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
390 /* first check if the SID is present */
391 if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
392 DEBUG(2, ("Could not retrieve SID from entry\n"));
397 if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
398 DEBUG(1, ("could not get SAM account type\n"));
402 switch (atype & 0xF0000000) {
403 case ATYPE_SECURITY_GLOBAL_GROUP:
404 case ATYPE_SECURITY_LOCAL_GROUP:
407 case ATYPE_NORMAL_ACCOUNT:
408 case ATYPE_WORKSTATION_TRUST:
409 case ATYPE_INTERDOMAIN_TRUST:
413 DEBUG(1, ("unrecognized SAM account type %08x\n", atype));
417 if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
418 ad_schema->posix_uidnumber_attr :
419 ad_schema->posix_gidnumber_attr,
422 DEBUG(1, ("Could not get unix ID\n"));
427 (ctx->filter_low_id && (id < ctx->filter_low_id)) ||
428 (ctx->filter_high_id && (id > ctx->filter_high_id))) {
429 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
430 id, ctx->filter_low_id, ctx->filter_high_id));
434 map = find_map_by_id(&ids[bidx], type, id);
436 DEBUG(2, ("WARNING: couldn't match result with requested ID\n"));
440 sid_copy(map->sid, &sid);
443 map->status = ID_MAPPED;
445 DEBUG(10, ("Mapped %s -> %lu (%d)\n",
446 sid_string_static(map->sid),
447 (unsigned long)map->xid.id,
452 ads_msgfree(ads, res);
455 if (ids[idx]) { /* still some values to map */
461 /* mark all unknown/expired ones as unmapped */
462 for (i = 0; ids[i]; i++) {
463 if (ids[i]->status != ID_MAPPED)
464 ids[i]->status = ID_UNMAPPED;
472 /************************************************************************
473 ***********************************************************************/
475 static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
479 struct idmap_ad_context *ctx;
482 const char *attrs[] = { "sAMAccountType",
484 NULL, /* attr_uidnumber */
485 NULL, /* attr_gidnumber */
487 LDAPMessage *res = NULL;
488 LDAPMessage *entry = NULL;
496 /* Only do query if we are online */
497 if (idmap_is_offline()) {
498 return NT_STATUS_FILE_IS_OFFLINE;
501 /* Initilization my have been deferred because we were offline */
502 if ( ! dom->initialized) {
503 ret = idmap_ad_initialize(dom);
504 if ( ! NT_STATUS_IS_OK(ret)) {
509 ctx = talloc_get_type(dom->private_data, struct idmap_ad_context);
511 if ( (memctx = talloc_new(ctx)) == NULL ) {
512 DEBUG(0, ("Out of memory!\n"));
513 return NT_STATUS_NO_MEMORY;
516 if ( (ads = ad_idmap_cached_connection()) == NULL ) {
517 DEBUG(1, ("ADS uninitialized\n"));
518 ret = NT_STATUS_UNSUCCESSFUL;
522 attrs[2] = ad_schema->posix_uidnumber_attr;
523 attrs[3] = ad_schema->posix_gidnumber_attr;
526 filter = talloc_asprintf(memctx, "(&(|"
527 "(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d)" /* user account types */
528 "(sAMAccountType=%d)(sAMAccountType=%d)" /* group account types */
530 ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
531 ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
533 CHECK_ALLOC_DONE(filter);
536 for (i = 0; (i < IDMAP_AD_MAX_IDS) && ids[idx]; i++, idx++) {
538 sidstr = sid_binstring(ids[idx]->sid);
539 filter = talloc_asprintf_append(filter, "(objectSid=%s)", sidstr);
542 CHECK_ALLOC_DONE(filter);
544 filter = talloc_asprintf_append(filter, "))");
545 CHECK_ALLOC_DONE(filter);
546 DEBUG(10, ("Filter: [%s]\n", filter));
548 rc = ads_search_retry(ads, &res, filter, attrs);
549 if (!ADS_ERR_OK(rc)) {
550 DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
551 ret = NT_STATUS_UNSUCCESSFUL;
555 if ( (count = ads_count_replies(ads, res)) == 0 ) {
556 DEBUG(10, ("No IDs found\n"));
560 for (i = 0; (i < count) && entry; i++) {
567 if (i == 0) { /* first entry */
568 entry = ads_first_entry(ads, entry);
569 } else { /* following ones */
570 entry = ads_next_entry(ads, entry);
574 DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
578 /* first check if the SID is present */
579 if (!ads_pull_sid(ads, entry, "objectSid", &sid)) {
580 DEBUG(2, ("Could not retrieve SID from entry\n"));
584 map = find_map_by_sid(&ids[bidx], &sid);
586 DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
591 if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) {
592 DEBUG(1, ("could not get SAM account type\n"));
596 switch (atype & 0xF0000000) {
597 case ATYPE_SECURITY_GLOBAL_GROUP:
598 case ATYPE_SECURITY_LOCAL_GROUP:
601 case ATYPE_NORMAL_ACCOUNT:
602 case ATYPE_WORKSTATION_TRUST:
603 case ATYPE_INTERDOMAIN_TRUST:
607 DEBUG(1, ("unrecognized SAM account type %08x\n", atype));
611 if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ?
612 ad_schema->posix_uidnumber_attr :
613 ad_schema->posix_gidnumber_attr,
616 DEBUG(1, ("Could not get unix ID\n"));
620 (ctx->filter_low_id && (id < ctx->filter_low_id)) ||
621 (ctx->filter_high_id && (id > ctx->filter_high_id))) {
622 DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
623 id, ctx->filter_low_id, ctx->filter_high_id));
628 map->xid.type = type;
630 map->status = ID_MAPPED;
632 DEBUG(10, ("Mapped %s -> %lu (%d)\n",
633 sid_string_static(map->sid),
634 (unsigned long)map->xid.id,
639 ads_msgfree(ads, res);
642 if (ids[idx]) { /* still some values to map */
648 /* mark all unknwoni/expired ones as unmapped */
649 for (i = 0; ids[i]; i++) {
650 if (ids[i]->status != ID_MAPPED)
651 ids[i]->status = ID_UNMAPPED;
659 /************************************************************************
660 ***********************************************************************/
662 static NTSTATUS idmap_ad_close(struct idmap_domain *dom)
664 ADS_STRUCT *ads = ad_idmap_ads;
667 /* we own this ADS_STRUCT so make sure it goes away */
673 TALLOC_FREE( ad_schema );
679 * nss_info_{sfu,sfu20,rfc2307}
682 /************************************************************************
683 Initialize the {sfu,sfu20,rfc2307} state
684 ***********************************************************************/
686 static NTSTATUS nss_sfu_init( struct nss_domain_entry *e )
688 /* Sanity check if we have previously been called with a
689 different schema model */
691 if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
692 (ad_map_type != WB_POSIX_MAP_SFU) )
694 DEBUG(0,("nss_sfu_init: Posix Map type has already been set. "
695 "Mixed schema models not supported!\n"));
696 return NT_STATUS_NOT_SUPPORTED;
699 ad_map_type = WB_POSIX_MAP_SFU;
704 static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e )
706 /* Sanity check if we have previously been called with a
707 different schema model */
709 if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
710 (ad_map_type != WB_POSIX_MAP_SFU20) )
712 DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. "
713 "Mixed schema models not supported!\n"));
714 return NT_STATUS_NOT_SUPPORTED;
717 ad_map_type = WB_POSIX_MAP_SFU20;
722 static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e )
724 /* Sanity check if we have previously been called with a
725 different schema model */
727 if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) &&
728 (ad_map_type != WB_POSIX_MAP_RFC2307) )
730 DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. "
731 "Mixed schema models not supported!\n"));
732 return NT_STATUS_NOT_SUPPORTED;
735 ad_map_type = WB_POSIX_MAP_RFC2307;
741 /************************************************************************
742 ***********************************************************************/
743 static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
753 ADS_STRUCT *ads_internal = NULL;
755 /* Only do query if we are online */
756 if (idmap_is_offline()) {
757 return NT_STATUS_FILE_IS_OFFLINE;
760 /* We are assuming that the internal ADS_STRUCT is for the
761 same forest as the incoming *ads pointer */
763 ads_internal = ad_idmap_cached_connection();
765 if ( !ads_internal || !ad_schema )
766 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
768 if ( !homedir || !shell || !gecos )
769 return NT_STATUS_INVALID_PARAMETER;
771 *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr );
772 *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr );
773 *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr );
776 if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) )
783 /************************************************************************
784 ***********************************************************************/
786 static NTSTATUS nss_ad_close( void )
788 /* nothing to do. All memory is free()'d by the idmap close_fn() */
793 /************************************************************************
794 Function dispatch tables for the idmap and nss plugins
795 ***********************************************************************/
797 static struct idmap_methods ad_methods = {
798 .init = idmap_ad_initialize,
799 .unixids_to_sids = idmap_ad_unixids_to_sids,
800 .sids_to_unixids = idmap_ad_sids_to_unixids,
801 .close_fn = idmap_ad_close
804 /* The SFU and RFC2307 NSS plugins share everything but the init
805 function which sets the intended schema model to use */
807 static struct nss_info_methods nss_rfc2307_methods = {
808 .init = nss_rfc2307_init,
809 .get_nss_info = nss_ad_get_info,
810 .close_fn = nss_ad_close
813 static struct nss_info_methods nss_sfu_methods = {
814 .init = nss_sfu_init,
815 .get_nss_info = nss_ad_get_info,
816 .close_fn = nss_ad_close
819 static struct nss_info_methods nss_sfu20_methods = {
820 .init = nss_sfu20_init,
821 .get_nss_info = nss_ad_get_info,
822 .close_fn = nss_ad_close
827 /************************************************************************
828 Initialize the plugins
829 ***********************************************************************/
831 NTSTATUS idmap_ad_init(void)
833 static NTSTATUS status_idmap_ad = NT_STATUS_UNSUCCESSFUL;
834 static NTSTATUS status_nss_rfc2307 = NT_STATUS_UNSUCCESSFUL;
835 static NTSTATUS status_nss_sfu = NT_STATUS_UNSUCCESSFUL;
836 static NTSTATUS status_nss_sfu20 = NT_STATUS_UNSUCCESSFUL;
838 /* Always register the AD method first in order to get the
839 idmap_domain interface called */
841 if ( !NT_STATUS_IS_OK(status_idmap_ad) ) {
842 status_idmap_ad = smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION,
844 if ( !NT_STATUS_IS_OK(status_idmap_ad) )
845 return status_idmap_ad;
848 if ( !NT_STATUS_IS_OK( status_nss_rfc2307 ) ) {
849 status_nss_rfc2307 = smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION,
850 "rfc2307", &nss_rfc2307_methods );
851 if ( !NT_STATUS_IS_OK(status_nss_rfc2307) )
852 return status_nss_rfc2307;
855 if ( !NT_STATUS_IS_OK( status_nss_sfu ) ) {
856 status_nss_sfu = smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION,
857 "sfu", &nss_sfu_methods );
858 if ( !NT_STATUS_IS_OK(status_nss_sfu) )
859 return status_nss_sfu;
862 if ( !NT_STATUS_IS_OK( status_nss_sfu20 ) ) {
863 status_nss_sfu20 = smb_register_idmap_nss(SMB_NSS_INFO_INTERFACE_VERSION,
864 "sfu20", &nss_sfu20_methods );
865 if ( !NT_STATUS_IS_OK(status_nss_sfu20) )
866 return status_nss_sfu20;
git.samba.org / ira / wip.git / blob