[Freeipa-devel] [PATCH] 0172 Support Samba PASSDB 0.2.0 aka interface version 24

Alexander Bokovoy abokovoy at redhat.com
Mon Jan 12 14:55:33 UTC 2015 

Hi,

Samba project renamed libpdb library we use in ipa-sam module to
libsamba-passdb due to naming clash with some other library popular in
academic circles (details are in https://bugzilla.samba.org/show_bug.cgi?id=10355)

The change will become visible with Samba 4.2.0 release and is actually
already visible in Rawhide as it packages Samba 4.2 pre-releases.

Attached fix is introducing support for both Samba <4.2 and 4.2+.

I've tested that it builds properly against Samba 4.2 in Rawhide and
against Samba 4.1 in Fedora 21, and proper symbols exposed (disassembled
the code in pdb_init_ipasam to see if address of ipasam_id_to_sid is assigned
to the struct member) but I haven't deployed Rawhide to actually test
FreeIPA with trusts yet.

https://fedorahosted.org/freeipa/ticket/4778

-- 
/ Alexander Bokovoy
-------------- next part --------------
From 8f9a26e11b8a7f023de85cf4069f7ab72b2c92f7 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon, 12 Jan 2015 13:36:36 +0200
Subject: [PATCH] Support Samba PASSDB 0.2.0 aka interface version 24

1. Samba project renamed libpdb to libsamba-passdb
   https://bugzilla.samba.org/show_bug.cgi?id=10355

2. With interface version 24, Samba removed uid_to_sid()/gid_to_sid()
   from the PASSDB interface and united them as id_to_sid().

Make sure FreeIPA ipa_sam code supports new and old versions of
the PASSDB API.

https://fedorahosted.org/freeipa/ticket/4778
---
 daemons/configure.ac        | 20 ++++++++++++++++----
 daemons/ipa-sam/Makefile.am |  3 ++-
 daemons/ipa-sam/ipa_sam.c   | 21 +++++++++++++++++++++
 3 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index e81aa60..a62897e 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -170,12 +170,24 @@ PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])
 SAMBA40EXTRA_LIBPATH="-L`$PKG_CONFIG --variable=libdir samba-util`/samba -Wl,-rpath=`$PKG_CONFIG --variable=libdir samba-util`/samba"
 AC_SUBST(SAMBA40EXTRA_LIBPATH)
 
-AC_CHECK_LIB([pdb],
+LIBPDB_NAME=""
+AC_CHECK_LIB([samba-passdb],
              [make_pdb_method],
-             [HAVE_LIBPDB=1],
-             [AC_MSG_ERROR([libpdb does not have make_pdb_method])],
+             [LIBPDB_NAME="samba-passdb"; HAVE_LIBPDB=1],
+             [LIBPDB_NAME="pdb"],
              [$SAMBA40EXTRA_LIBPATH])
-AC_CHECK_LIB([pdb],[pdb_enum_upn_suffixes],
+
+if test "x$LIB_PDB_NAME" = "xpdb" ; then
+  AC_CHECK_LIB([$LIBPDB_NAME],
+               [make_pdb_method],
+               [HAVE_LIBPDB=1],
+               [AC_MSG_ERROR([Neither libpdb nor libsamba-passdb does have make_pdb_method])],
+               [$SAMBA40EXTRA_LIBPATH])
+fi
+
+AC_SUBST(LIBPDB_NAME)
+
+AC_CHECK_LIB([$LIBPDB_NAME],[pdb_enum_upn_suffixes],
              [AC_DEFINE([HAVE_PDB_ENUM_UPN_SUFFIXES], [1], [Ability to enumerate UPN suffixes])],
              [AC_MSG_WARN([libpdb does not have pdb_enum_upn_suffixes, no support for realm domains in ipasam])],
              [$SAMBA40EXTRA_LIBPATH])
diff --git a/daemons/ipa-sam/Makefile.am b/daemons/ipa-sam/Makefile.am
index d55a187..46c813a 100644
--- a/daemons/ipa-sam/Makefile.am
+++ b/daemons/ipa-sam/Makefile.am
@@ -1,7 +1,8 @@
 NULL =
+LIBPDB_NAME = @LIBPDB_NAME@
 SAMBA40EXTRA_LIBS = $(SAMBA40EXTRA_LIBPATH)	\
 			-lsmbldap		\
-			-lpdb			\
+			-l$(LIBPDB_NAME)			\
 			-lsmbconf		\
 			$(NULL)
 
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index e711299..07249fd 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -1007,6 +1007,22 @@ done:
 	return ret;
 }
 
+#if PASSDB_INTERFACE_VERSION >= 24
+/* Since version 24, uid_to_sid() and gid_to_sid() were removed in favor of id_to_sid() */
+static bool ipasam_id_to_sid(struct pdb_methods *methods, struct unixid *id, struct dom_sid *sid)
+{
+	bool result = false;
+
+	if (id->type != ID_TYPE_GID) {
+		result = ldapsam_uid_to_sid(methods, id->id, sid);
+	}
+	if (!result && id->type != ID_TYPE_UID) {
+		result = ldapsam_gid_to_sid(methods, id->id, sid);
+	}
+
+	return result;
+}
+#endif
 
 static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
 {
@@ -4579,8 +4595,13 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method,
 	(*pdb_method)->search_aliases = ldapsam_search_aliases;
 	(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
 	(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
+#if PASSDB_INTERFACE_VERSION >= 24
+/* Since version 24, uid_to_sid() and gid_to_sid() were removed in favor of id_to_sid() */
+	(*pdb_method)->id_to_sid = ipasam_id_to_sid;
+#else
 	(*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
 	(*pdb_method)->gid_to_sid = ldapsam_gid_to_sid;
+#endif
 
 	(*pdb_method)->capabilities = pdb_ipasam_capabilities;
 	(*pdb_method)->get_domain_info = pdb_ipasam_get_domain_info;
-- 
2.1.0

More information about the Freeipa-devel mailing list