move-machine-sid-into-directory-services [plain text]
Index: samba/source/Makefile.in
===================================================================
--- samba/source/Makefile.in.orig
+++ samba/source/Makefile.in
@@ -46,6 +46,7 @@ LDAP_LIBS=@LDAP_LIBS@
NSCD_LIBS=@NSCD_LIBS@
UUID_LIBS=@UUID_LIBS@
MACOSX_LIBS=@MACOSX_LIBS@
+LIBS += $(MACOSX_LIBS)
INSTALLCMD=@INSTALL@
INSTALLLIBCMD_SH=@INSTALLLIBCMD_SH@
@@ -293,7 +294,7 @@ LIBADS_OBJ = libads/ldap.o libads/ldap_p
LIBADS_SERVER_OBJ = libads/kerberos_verify.o \
libads/ldap_schema.o
-SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o
+SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o lib/opendirectory.o
LIBNMB_OBJ = libsmb/unexpected.o libsmb/namecache.o libsmb/nmblib.o \
libsmb/namequery.o libsmb/conncache.o libads/dns.o
@@ -483,7 +484,7 @@ SMBD_OBJ_SRV = smbd/files.o smbd/chgpass
$(AFS_SETTOKEN_OBJ) smbd/aio.o smbd/statvfs.o \
smbd/darwin_clone_local_volumes.o \
smbd/darwin_check_share_access.o \
- smbd/dmapi.o lib/opendirectory.o \
+ smbd/dmapi.o \
lib/launchd.o smbd/sockinit.o \
$(MANGLE_OBJ) @VFS_STATIC@
Index: samba/source/utils/net.c
===================================================================
--- samba/source/utils/net.c.orig
+++ samba/source/utils/net.c
@@ -11,6 +11,8 @@
Reworked again by abartlet in December 2001
+ Copyright (C) 2008 Apple Inc. All rights reserved.
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
@@ -39,6 +41,7 @@
#include "includes.h"
#include "utils/net.h"
+#include "opendirectory.h"
/***********************************************************************/
/* Beginning of internationalization section. Translatable constants */
@@ -602,6 +605,26 @@ static int net_getlocalsid(int argc, con
name = global_myname();
}
+ if (lp_opendirectory()) {
+ tDirStatus status;
+ char * errmsg;
+
+ if (strequal(name, global_myname())) {
+ status = opendirectory_query_machine_sid(NULL,
+ &sid);
+ } else {
+ status = opendirectory_query_domain_sid(NULL,
+ opt_workgroup, &sid);
+ }
+
+ if (status != eDSNoErr) {
+ errmsg = dsCopyDirStatusName(status);
+ d_printf("Can't fetch domain SID for %s: %s\n", name, errmsg);
+ return 1;
+ }
+
+ } else {
+
if(!initialize_password_db(False)) {
DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
"backend knowlege (such as the sid stored in LDAP)\n"));
@@ -622,8 +645,12 @@ static int net_getlocalsid(int argc, con
DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
return 1;
}
+
+ }
+
sid_to_string(sid_str, &sid);
d_printf("SID for domain %s is: %s\n", name, sid_str);
+
return 0;
}
@@ -639,6 +666,21 @@ static int net_setlocalsid(int argc, con
return 1;
}
+ if (lp_opendirectory()) {
+ tDirStatus status;
+ char * errmsg;
+
+ status = opendirectory_store_machine_sid(NULL, &sid);
+ if (status != eDSNoErr) {
+ errmsg = dsCopyDirStatusName(status);
+ d_printf("Can't store domain SID for %s: %s\n",
+ global_myname(), errmsg);
+ return 1;
+ }
+
+ return 0;
+ }
+
if (!secrets_store_domain_sid(global_myname(), &sid)) {
DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
return 1;
@@ -651,6 +693,12 @@ static int net_setdomainsid(int argc, co
{
DOM_SID sid;
+ if (lp_opendirectory()) {
+ d_printf("Use Workgroup Manager to set the domain SID "
+ "while in Open Directory mode.\n");
+ return 1;
+ }
+
if ( (argc != 1)
|| (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
|| (!string_to_sid(&sid, argv[0]))
@@ -672,6 +720,36 @@ static int net_getdomainsid(int argc, co
DOM_SID domain_sid;
fstring sid_str;
+ if (lp_opendirectory()) {
+ tDirStatus status;
+ char * errmsg;
+
+ status = opendirectory_query_machine_sid(NULL, &domain_sid);
+
+ sid_to_string(sid_str, &domain_sid);
+ d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
+ if (status != eDSNoErr) {
+ errmsg = dsCopyDirStatusName(status);
+ d_fprintf(stderr, "Could not fetch local SID (%s)\n", errmsg);
+ return 1;
+ }
+
+ status = opendirectory_query_domain_sid(NULL, opt_workgroup,
+ &domain_sid);
+ if (status != eDSNoErr) {
+ errmsg = dsCopyDirStatusName(status);
+ d_fprintf(stderr, "Could not fetch %s domain SID (%s)\n",
+ opt_workgroup, errmsg);
+ return 1;
+ }
+
+ sid_to_string(sid_str, &domain_sid);
+ d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
+
+ return 0;
+ } else {
+
+
if(!initialize_password_db(False)) {
DEBUG(0, ("WARNING: Could not open passdb - domain sid may not reflect passdb\n"
"backend knowlege (such as the sid stored in LDAP)\n"));
@@ -704,6 +782,7 @@ static int net_getdomainsid(int argc, co
sid_to_string(sid_str, &domain_sid);
d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
+ }
return 0;
}
Index: samba/source/passdb/machine_sid.c
===================================================================
--- samba/source/passdb/machine_sid.c.orig
+++ samba/source/passdb/machine_sid.c
@@ -5,6 +5,8 @@
Copyright (C) Andrew Tridgell 2002
Copyright (C) Gerald (Jerry) Carter 2000
Copyright (C) Stefan (metze) Metzmacher 2002
+
+ Copyright (C) 2008 Apple Inc. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,6 +24,7 @@
*/
#include "includes.h"
+#include "opendirectory.h"
/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
equal to the domain SID when we are a DC, otherwise its our
@@ -176,6 +179,35 @@ static DOM_SID *pdb_generate_sam_sid(voi
return sam_sid;
}
+static DOM_SID * opendirectory_sam_sid(void)
+{
+ DOM_SID * sam_sid;
+ tDirStatus status;
+
+ if(!(sam_sid = SMB_MALLOC_P(DOM_SID))) {
+ return NULL;
+ }
+
+ if (!IS_DC) {
+ status = opendirectory_query_machine_sid(NULL, sam_sid);
+ LOG_DS_ERROR(DS_TRACE_ERRORS, status,
+ "opendirectory_query_machine_sid");
+
+ } else {
+ status = opendirectory_query_domain_sid(NULL,
+ lp_workgroup(), sam_sid);
+ LOG_DS_ERROR(DS_TRACE_ERRORS, status,
+ "opendirectory_query_domain_sid");
+ }
+
+ if (status != eDSNoErr) {
+ SAFE_FREE(sam_sid);
+ return NULL;
+ }
+
+ return sam_sid;
+}
+
/* return our global_sam_sid */
DOM_SID *get_global_sam_sid(void)
{
@@ -185,6 +217,14 @@ DOM_SID *get_global_sam_sid(void)
/* memory for global_sam_sid is allocated in
pdb_generate_sam_sid() as needed */
+ if (lp_opendirectory()) {
+ if (!(global_sam_sid = opendirectory_sam_sid())) {
+ smb_panic("Could not generate a machine SID\n");
+ }
+
+ return global_sam_sid;
+ }
+
if (!(global_sam_sid = pdb_generate_sam_sid())) {
smb_panic("Could not generate a machine SID\n");
}