2001-11-20 11:54:15 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-11-20 11:54:15 +03:00
ads ( active directory ) utility library
Copyright ( C ) Andrew Tridgell 2001
2001-12-20 06:54:52 +03:00
Copyright ( C ) Remus Koos 2001
2003-08-01 19:21:20 +04:00
Copyright ( C ) Jim McDonough < jmcd @ us . ibm . com > 2002
2006-02-04 01:19:41 +03:00
Copyright ( C ) Guenther Deschner 2005
2006-07-11 22:45:22 +04:00
Copyright ( C ) Gerald Carter 2006
2001-11-20 11:54:15 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2001-11-20 11:54:15 +03:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2001-11-20 11:54:15 +03:00
*/
# include "includes.h"
2008-03-28 18:33:54 +03:00
# include "lib/ldb/include/includes.h"
2001-11-20 11:54:15 +03:00
2002-10-01 22:26:00 +04:00
# ifdef HAVE_LDAP
2001-11-20 11:54:15 +03:00
2002-04-10 17:28:03 +04:00
/**
* @ file ldap . c
* @ brief basic ldap client - side routines for ads server communications
*
* The routines contained here should do the necessary ldap calls for
* ads setups .
2002-07-15 14:35:28 +04:00
*
* Important note : attribute names passed into ads_ routines must
* already be in UTF - 8 format . We do not convert them because in almost
* all cases , they are just ascii ( which is represented with the same
* codepoints in UTF - 8 ) . This may have to change at some point
2002-04-10 17:28:03 +04:00
* */
2005-12-12 21:55:54 +03:00
# define LDAP_SERVER_TREE_DELETE_OID "1.2.840.113556.1.4.805"
2004-07-01 20:35:43 +04:00
static SIG_ATOMIC_T gotalarm ;
2007-12-06 15:51:25 +03:00
2004-07-01 20:35:43 +04:00
/***************************************************************
Signal function to tell us we timed out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-08-14 16:42:46 +04:00
2004-07-01 20:35:43 +04:00
static void gotalarm_sig ( void )
{
gotalarm = 1 ;
}
2006-08-14 16:42:46 +04:00
2008-01-05 00:56:10 +03:00
LDAP * ldap_open_with_timeout ( const char * server , int port , unsigned int to )
2004-07-01 20:35:43 +04:00
{
LDAP * ldp = NULL ;
2006-08-14 16:42:46 +04:00
2008-01-04 23:54:02 +03:00
DEBUG ( 10 , ( " Opening connection to LDAP server '%s:%d', timeout "
" %u seconds \n " , server , port , to ) ) ;
2004-07-01 20:35:43 +04:00
/* Setup timeout */
gotalarm = 0 ;
CatchSignal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
alarm ( to ) ;
/* End setup timeout. */
2006-08-14 16:42:46 +04:00
2004-07-01 20:35:43 +04:00
ldp = ldap_open ( server , port ) ;
2006-08-14 16:42:46 +04:00
2006-08-14 16:54:37 +04:00
if ( ldp = = NULL ) {
2008-01-04 23:54:02 +03:00
DEBUG ( 2 , ( " Could not open connection to LDAP server %s:%d: %s \n " ,
2006-08-14 16:54:37 +04:00
server , port , strerror ( errno ) ) ) ;
2008-01-04 23:54:02 +03:00
} else {
DEBUG ( 10 , ( " Connected to LDAP server '%s:%d' \n " , server , port ) ) ;
2006-08-14 16:54:37 +04:00
}
2004-07-01 20:35:43 +04:00
/* Teardown timeout. */
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_IGN ) ;
alarm ( 0 ) ;
2006-08-14 16:42:46 +04:00
2004-07-01 20:35:43 +04:00
return ldp ;
}
2002-08-17 21:00:51 +04:00
2004-11-18 14:43:14 +03:00
static int ldap_search_with_timeout ( LDAP * ld ,
LDAP_CONST char * base ,
int scope ,
LDAP_CONST char * filter ,
char * * attrs ,
int attrsonly ,
LDAPControl * * sctrls ,
LDAPControl * * cctrls ,
int sizelimit ,
LDAPMessage * * res )
{
2005-01-11 05:13:03 +03:00
struct timeval timeout ;
2004-11-18 14:43:14 +03:00
int result ;
2005-01-11 05:13:03 +03:00
/* Setup timeout for the ldap_search_ext_s call - local and remote. */
timeout . tv_sec = lp_ldap_timeout ( ) ;
timeout . tv_usec = 0 ;
/* Setup alarm timeout.... Do we need both of these ? JRA. */
2004-11-18 14:43:14 +03:00
gotalarm = 0 ;
CatchSignal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
alarm ( lp_ldap_timeout ( ) ) ;
/* End setup timeout. */
result = ldap_search_ext_s ( ld , base , scope , filter , attrs ,
2005-01-11 05:13:03 +03:00
attrsonly , sctrls , cctrls , & timeout ,
2004-11-18 14:43:14 +03:00
sizelimit , res ) ;
/* Teardown timeout. */
CatchSignal ( SIGALRM , SIGNAL_CAST SIG_IGN ) ;
alarm ( 0 ) ;
if ( gotalarm ! = 0 )
return LDAP_TIMELIMIT_EXCEEDED ;
return result ;
}
2006-08-31 08:14:08 +04:00
/**********************************************
Do client and server sitename match ?
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool ads_sitename_match ( ADS_STRUCT * ads )
2006-08-31 08:14:08 +04:00
{
if ( ads - > config . server_site_name = = NULL & &
ads - > config . client_site_name = = NULL ) {
2006-09-02 05:23:08 +04:00
DEBUG ( 10 , ( " ads_sitename_match: both null \n " ) ) ;
2006-08-31 08:14:08 +04:00
return True ;
}
if ( ads - > config . server_site_name & &
ads - > config . client_site_name & &
strequal ( ads - > config . server_site_name ,
ads - > config . client_site_name ) ) {
2006-09-02 05:23:08 +04:00
DEBUG ( 10 , ( " ads_sitename_match: name %s match \n " , ads - > config . server_site_name ) ) ;
2006-08-31 08:14:08 +04:00
return True ;
}
2006-10-13 13:44:54 +04:00
DEBUG ( 10 , ( " ads_sitename_match: no match between server: %s and client: %s \n " ,
2006-09-02 05:23:08 +04:00
ads - > config . server_site_name ? ads - > config . server_site_name : " NULL " ,
ads - > config . client_site_name ? ads - > config . client_site_name : " NULL " ) ) ;
2006-08-31 08:14:08 +04:00
return False ;
}
2006-11-10 15:42:50 +03:00
/**********************************************
Is this the closest DC ?
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool ads_closest_dc ( ADS_STRUCT * ads )
2006-11-10 15:42:50 +03:00
{
2008-04-21 21:59:27 +04:00
if ( ads - > config . flags & NBT_SERVER_CLOSEST ) {
DEBUG ( 10 , ( " ads_closest_dc: NBT_SERVER_CLOSEST flag set \n " ) ) ;
2006-11-10 15:42:50 +03:00
return True ;
}
/* not sure if this can ever happen */
if ( ads_sitename_match ( ads ) ) {
2008-04-21 21:59:27 +04:00
DEBUG ( 10 , ( " ads_closest_dc: NBT_SERVER_CLOSEST flag not set but sites match \n " ) ) ;
2006-11-10 15:42:50 +03:00
return True ;
}
2008-10-27 21:38:15 +03:00
if ( ads - > config . client_site_name = = NULL ) {
DEBUG ( 10 , ( " ads_closest_dc: client belongs to no site \n " ) ) ;
return True ;
}
2006-11-10 15:42:50 +03:00
DEBUG ( 10 , ( " ads_closest_dc: %s is not the closest DC \n " ,
ads - > config . ldap_server_name ) ) ;
return False ;
}
2002-08-17 21:00:51 +04:00
/*
try a connection to a given ldap server , returning True and setting the servers IP
in the ads struct if successful
*/
2008-06-27 18:22:39 +04:00
static bool ads_try_connect ( ADS_STRUCT * ads , const char * server , bool gc )
2002-08-17 21:00:51 +04:00
{
char * srv ;
2008-09-24 00:21:52 +04:00
struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply ;
2008-04-21 21:47:13 +04:00
TALLOC_CTX * mem_ctx = NULL ;
bool ret = false ;
2002-08-17 21:00:51 +04:00
if ( ! server | | ! * server ) {
return False ;
}
2006-05-12 19:17:35 +04:00
2006-07-07 15:43:47 +04:00
DEBUG ( 5 , ( " ads_try_connect: sending CLDAP request to %s (realm: %s) \n " ,
2006-07-07 15:59:19 +04:00
server , ads - > server . realm ) ) ;
2002-08-17 21:00:51 +04:00
2008-04-21 21:47:13 +04:00
mem_ctx = talloc_init ( " ads_try_connect " ) ;
if ( ! mem_ctx ) {
DEBUG ( 0 , ( " out of memory \n " ) ) ;
return false ;
}
2002-08-17 21:00:51 +04:00
/* this copes with inet_ntoa brokenness */
2006-05-12 19:17:35 +04:00
2004-12-07 21:25:53 +03:00
srv = SMB_STRDUP ( server ) ;
2002-08-17 21:00:51 +04:00
2006-05-12 19:17:35 +04:00
ZERO_STRUCT ( cldap_reply ) ;
2006-07-07 15:43:47 +04:00
2008-05-07 17:49:09 +04:00
if ( ! ads_cldap_netlogon_5 ( mem_ctx , srv , ads - > server . realm , & cldap_reply ) ) {
2006-05-12 19:17:35 +04:00
DEBUG ( 3 , ( " ads_try_connect: CLDAP request %s failed. \n " , srv ) ) ;
2008-04-21 21:47:13 +04:00
ret = false ;
goto out ;
2002-08-17 21:00:51 +04:00
}
2006-05-12 19:17:35 +04:00
/* Check the CLDAP reply flags */
2008-04-21 21:59:27 +04:00
if ( ! ( cldap_reply . server_type & NBT_SERVER_LDAP ) ) {
2006-05-12 19:17:35 +04:00
DEBUG ( 1 , ( " ads_try_connect: %s's CLDAP reply says it is not an LDAP server! \n " ,
srv ) ) ;
2008-04-21 21:47:13 +04:00
ret = false ;
goto out ;
2006-05-12 19:17:35 +04:00
}
/* Fill in the ads->config values */
SAFE_FREE ( ads - > config . realm ) ;
SAFE_FREE ( ads - > config . bind_path ) ;
SAFE_FREE ( ads - > config . ldap_server_name ) ;
2006-08-31 08:16:13 +04:00
SAFE_FREE ( ads - > config . server_site_name ) ;
SAFE_FREE ( ads - > config . client_site_name ) ;
2006-07-06 17:38:41 +04:00
SAFE_FREE ( ads - > server . workgroup ) ;
2006-05-12 19:17:35 +04:00
2008-04-21 21:26:32 +04:00
ads - > config . flags = cldap_reply . server_type ;
ads - > config . ldap_server_name = SMB_STRDUP ( cldap_reply . pdc_dns_name ) ;
ads - > config . realm = SMB_STRDUP ( cldap_reply . dns_domain ) ;
strupper_m ( ads - > config . realm ) ;
2006-05-12 19:17:35 +04:00
ads - > config . bind_path = ads_build_dn ( ads - > config . realm ) ;
2008-04-21 21:26:32 +04:00
if ( * cldap_reply . server_site ) {
2006-08-31 08:14:08 +04:00
ads - > config . server_site_name =
2008-04-21 21:26:32 +04:00
SMB_STRDUP ( cldap_reply . server_site ) ;
2006-08-31 08:14:08 +04:00
}
2008-04-21 21:26:32 +04:00
if ( * cldap_reply . client_site ) {
2006-09-02 05:23:08 +04:00
ads - > config . client_site_name =
2008-04-21 21:26:32 +04:00
SMB_STRDUP ( cldap_reply . client_site ) ;
2006-08-31 08:14:08 +04:00
}
2008-04-21 21:26:32 +04:00
ads - > server . workgroup = SMB_STRDUP ( cldap_reply . domain ) ;
2006-05-12 19:17:35 +04:00
2008-06-27 18:22:39 +04:00
ads - > ldap . port = gc ? LDAP_GC_PORT : LDAP_PORT ;
2007-10-25 01:16:54 +04:00
if ( ! interpret_string_addr ( & ads - > ldap . ss , srv , 0 ) ) {
DEBUG ( 1 , ( " ads_try_connect: unable to convert %s "
" to an address \n " ,
srv ) ) ;
2008-04-21 21:47:13 +04:00
ret = false ;
goto out ;
2007-10-25 01:16:54 +04:00
}
2006-08-30 08:40:03 +04:00
/* Store our site name. */
2008-04-21 21:26:32 +04:00
sitename_store ( cldap_reply . domain , cldap_reply . client_site ) ;
2008-05-15 18:38:32 +04:00
sitename_store ( cldap_reply . dns_domain , cldap_reply . client_site ) ;
2006-08-30 08:40:03 +04:00
2008-04-21 21:47:13 +04:00
ret = true ;
out :
SAFE_FREE ( srv ) ;
TALLOC_FREE ( mem_ctx ) ;
return ret ;
2002-08-17 21:00:51 +04:00
}
2003-06-25 21:41:05 +04:00
/**********************************************************************
Try to find an AD dc using our internal name resolution routines
Try the realm first and then then workgroup name if netbios is not
disabled
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-08-17 21:00:51 +04:00
2006-08-28 13:19:30 +04:00
static NTSTATUS ads_find_dc ( ADS_STRUCT * ads )
2002-08-17 21:00:51 +04:00
{
2008-10-27 21:36:25 +03:00
const char * c_domain ;
2002-11-13 02:20:50 +03:00
const char * c_realm ;
2002-08-17 21:00:51 +04:00
int count , i = 0 ;
2003-06-25 21:41:05 +04:00
struct ip_service * ip_list ;
2007-11-21 05:55:36 +03:00
const char * realm ;
2008-10-27 21:36:25 +03:00
const char * domain ;
2007-10-19 04:40:25 +04:00
bool got_realm = False ;
bool use_own_domain = False ;
2007-01-18 12:58:57 +03:00
char * sitename ;
2006-08-28 13:19:30 +04:00
NTSTATUS status = NT_STATUS_UNSUCCESSFUL ;
2003-07-25 20:42:34 +04:00
/* if the realm and workgroup are both empty, assume they are ours */
2002-08-17 21:00:51 +04:00
2003-06-25 21:41:05 +04:00
/* realm */
2002-11-13 02:20:50 +03:00
c_realm = ads - > server . realm ;
2007-11-21 05:55:36 +03:00
2003-07-25 20:42:34 +04:00
if ( ! c_realm | | ! * c_realm ) {
/* special case where no realm and no workgroup means our own */
if ( ! ads - > server . workgroup | | ! * ads - > server . workgroup ) {
use_own_domain = True ;
c_realm = lp_realm ( ) ;
}
}
2007-11-21 05:55:36 +03:00
if ( c_realm & & * c_realm )
2003-06-25 21:41:05 +04:00
got_realm = True ;
2007-11-21 05:55:36 +03:00
/* we need to try once with the realm name and fallback to the
2003-06-25 21:41:05 +04:00
netbios domain name if we fail ( if netbios has not been disabled */
2007-11-21 05:55:36 +03:00
2003-06-25 21:41:05 +04:00
if ( ! got_realm & & ! lp_disable_netbios ( ) ) {
c_realm = ads - > server . workgroup ;
2003-07-23 23:58:01 +04:00
if ( ! c_realm | | ! * c_realm ) {
2003-07-25 20:42:34 +04:00
if ( use_own_domain )
c_realm = lp_workgroup ( ) ;
}
2008-11-24 17:04:12 +03:00
}
2007-11-21 05:55:36 +03:00
2008-11-24 17:04:12 +03:00
if ( ! c_realm | | ! * c_realm ) {
DEBUG ( 0 , ( " ads_find_dc: no realm or workgroup! Don't know what to do \n " ) ) ;
return NT_STATUS_INVALID_PARAMETER ; /* rather need MISSING_PARAMETER ... */
2002-08-17 21:00:51 +04:00
}
2007-11-21 05:55:36 +03:00
2008-10-27 21:36:25 +03:00
if ( use_own_domain ) {
c_domain = lp_workgroup ( ) ;
} else {
c_domain = ads - > server . workgroup ;
}
2007-11-21 05:55:36 +03:00
realm = c_realm ;
2008-10-27 21:36:25 +03:00
domain = c_domain ;
2002-08-17 21:00:51 +04:00
2008-10-22 13:14:10 +04:00
/*
* In case of LDAP we use get_dc_name ( ) as that
* creates the custom krb5 . conf file
*/
if ( ! ( ads - > auth . flags & ADS_AUTH_NO_BIND ) ) {
fstring srv_name ;
struct sockaddr_storage ip_out ;
DEBUG ( 6 , ( " ads_find_dc: (ldap) looking for %s '%s' \n " ,
( got_realm ? " realm " : " domain " ) , realm ) ) ;
2008-10-27 21:36:25 +03:00
if ( get_dc_name ( domain , realm , srv_name , & ip_out ) ) {
2008-10-22 13:14:10 +04:00
/*
* we call ads_try_connect ( ) to fill in the
* ads - > config details
*/
if ( ads_try_connect ( ads , srv_name , false ) ) {
return NT_STATUS_OK ;
}
}
return NT_STATUS_NO_LOGON_SERVERS ;
}
2007-01-18 12:58:57 +03:00
sitename = sitename_fetch ( realm ) ;
again :
2008-10-22 13:14:10 +04:00
DEBUG ( 6 , ( " ads_find_dc: (cldap) looking for %s '%s' \n " ,
2003-06-25 21:41:05 +04:00
( got_realm ? " realm " : " domain " ) , realm ) ) ;
2002-08-17 21:00:51 +04:00
2007-01-17 21:25:35 +03:00
status = get_sorted_dc_list ( realm , sitename , & ip_list , & count , got_realm ) ;
2006-08-28 13:19:30 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-06-25 21:41:05 +04:00
/* fall back to netbios if we can */
if ( got_realm & & ! lp_disable_netbios ( ) ) {
got_realm = False ;
goto again ;
2002-08-17 21:00:51 +04:00
}
2007-11-21 05:55:36 +03:00
2007-01-25 19:54:53 +03:00
SAFE_FREE ( sitename ) ;
2006-08-28 13:19:30 +04:00
return status ;
2002-08-17 21:00:51 +04:00
}
2006-08-30 22:48:49 +04:00
2003-06-25 21:41:05 +04:00
/* if we fail this loop, then giveup since all the IP addresses returned were dead */
for ( i = 0 ; i < count ; i + + ) {
2007-10-25 01:16:54 +04:00
char server [ INET6_ADDRSTRLEN ] ;
print_sockaddr ( server , sizeof ( server ) , & ip_list [ i ] . ss ) ;
2003-06-25 23:00:15 +04:00
if ( ! NT_STATUS_IS_OK ( check_negative_conn_cache ( realm , server ) ) )
continue ;
2006-09-03 07:46:07 +04:00
if ( ! got_realm ) {
/* realm in this case is a workgroup name. We need
to ignore any IP addresses in the negative connection
cache that match ip addresses returned in the ad realm
case . It sucks that I have to reproduce the logic above . . . */
c_realm = ads - > server . realm ;
if ( ! c_realm | | ! * c_realm ) {
if ( ! ads - > server . workgroup | | ! * ads - > server . workgroup ) {
c_realm = lp_realm ( ) ;
}
}
if ( c_realm & & * c_realm & &
! NT_STATUS_IS_OK ( check_negative_conn_cache ( c_realm , server ) ) ) {
/* Ensure we add the workgroup name for this
IP address as negative too . */
add_failed_connection_entry ( realm , server , NT_STATUS_UNSUCCESSFUL ) ;
continue ;
}
}
2007-11-21 05:55:36 +03:00
2008-06-27 18:22:39 +04:00
if ( ads_try_connect ( ads , server , false ) ) {
2003-06-25 21:41:05 +04:00
SAFE_FREE ( ip_list ) ;
2007-01-17 21:25:35 +03:00
SAFE_FREE ( sitename ) ;
2006-08-28 13:19:30 +04:00
return NT_STATUS_OK ;
2002-08-17 21:00:51 +04:00
}
2003-06-25 21:41:05 +04:00
/* keep track of failures */
2003-06-25 23:00:15 +04:00
add_failed_connection_entry ( realm , server , NT_STATUS_UNSUCCESSFUL ) ;
2002-08-17 21:00:51 +04:00
}
SAFE_FREE ( ip_list ) ;
2007-01-17 21:25:35 +03:00
/* In case we failed to contact one of our closest DC on our site we
* need to try to find another DC , retry with a site - less SRV DNS query
* - Guenther */
if ( sitename ) {
DEBUG ( 1 , ( " ads_find_dc: failed to find a valid DC on our site (%s), "
" trying to find another DC \n " , sitename ) ) ;
SAFE_FREE ( sitename ) ;
namecache_delete ( realm , 0x1C ) ;
goto again ;
}
2006-08-28 13:19:30 +04:00
return NT_STATUS_NO_LOGON_SERVERS ;
2002-08-17 21:00:51 +04:00
}
2008-06-27 18:22:39 +04:00
/*********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS ads_lookup_site ( void )
{
ADS_STRUCT * ads = NULL ;
ADS_STATUS ads_status ;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
ads = ads_init ( lp_realm ( ) , NULL , NULL ) ;
if ( ! ads ) {
return NT_STATUS_NO_MEMORY ;
}
/* The NO_BIND here will find a DC and set the client site
but not establish the TCP connection */
ads - > auth . flags = ADS_AUTH_NO_BIND ;
ads_status = ads_connect ( ads ) ;
if ( ! ADS_ERR_OK ( ads_status ) ) {
DEBUG ( 4 , ( " ads_lookup_site: ads_connect to our realm failed! (%s) \n " ,
ads_errstr ( ads_status ) ) ) ;
}
nt_status = ads_ntstatus ( ads_status ) ;
if ( ads ) {
ads_destroy ( & ads ) ;
}
return nt_status ;
}
/*********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static const char * host_dns_domain ( const char * fqdn )
{
const char * p = fqdn ;
/* go to next char following '.' */
if ( ( p = strchr_m ( fqdn , ' . ' ) ) ! = NULL ) {
p + + ;
}
return p ;
}
/**
* Connect to the Global Catalog server
* @ param ads Pointer to an existing ADS_STRUCT
* @ return status of connection
*
* Simple wrapper around ads_connect ( ) that fills in the
* GC ldap server information
* */
ADS_STATUS ads_connect_gc ( ADS_STRUCT * ads )
{
TALLOC_CTX * frame = talloc_stackframe ( ) ;
struct dns_rr_srv * gcs_list ;
int num_gcs ;
char * realm = ads - > server . realm ;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL ;
ADS_STATUS ads_status = ADS_ERROR_NT ( NT_STATUS_UNSUCCESSFUL ) ;
int i ;
bool done = false ;
char * sitename = NULL ;
if ( ! realm )
realm = lp_realm ( ) ;
if ( ( sitename = sitename_fetch ( realm ) ) = = NULL ) {
ads_lookup_site ( ) ;
sitename = sitename_fetch ( realm ) ;
}
do {
/* We try once with a sitename and once without
( unless we don ' t have a sitename and then we ' re
done */
if ( sitename = = NULL )
done = true ;
nt_status = ads_dns_query_gcs ( frame , realm , sitename ,
& gcs_list , & num_gcs ) ;
SAFE_FREE ( sitename ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
ads_status = ADS_ERROR_NT ( nt_status ) ;
goto done ;
}
/* Loop until we get a successful connection or have gone
through them all . When connecting a GC server , make sure that
the realm is the server ' s DNS name and not the forest root */
for ( i = 0 ; i < num_gcs ; i + + ) {
ads - > server . gc = true ;
ads - > server . ldap_server = SMB_STRDUP ( gcs_list [ i ] . hostname ) ;
ads - > server . realm = SMB_STRDUP ( host_dns_domain ( ads - > server . ldap_server ) ) ;
ads_status = ads_connect ( ads ) ;
if ( ADS_ERR_OK ( ads_status ) ) {
/* Reset the bind_dn to "". A Global Catalog server
may host multiple domain trees in a forest .
Windows 2003 GC server will accept " " as the search
path to imply search all domain trees in the forest */
SAFE_FREE ( ads - > config . bind_path ) ;
ads - > config . bind_path = SMB_STRDUP ( " " ) ;
goto done ;
}
SAFE_FREE ( ads - > server . ldap_server ) ;
SAFE_FREE ( ads - > server . realm ) ;
}
TALLOC_FREE ( gcs_list ) ;
num_gcs = 0 ;
} while ( ! done ) ;
done :
SAFE_FREE ( sitename ) ;
talloc_destroy ( frame ) ;
return ads_status ;
}
2002-08-17 21:00:51 +04:00
2002-04-10 17:28:03 +04:00
/**
* Connect to the LDAP server
* @ param ads Pointer to an existing ADS_STRUCT
* @ return status of connection
* */
2001-12-19 15:21:12 +03:00
ADS_STATUS ads_connect ( ADS_STRUCT * ads )
2001-11-20 11:54:15 +03:00
{
int version = LDAP_VERSION3 ;
2001-12-19 15:21:12 +03:00
ADS_STATUS status ;
2006-08-28 13:19:30 +04:00
NTSTATUS ntstatus ;
2007-10-25 01:16:54 +04:00
char addr [ INET6_ADDRSTRLEN ] ;
2001-11-20 11:54:15 +03:00
2007-07-18 11:45:16 +04:00
ZERO_STRUCT ( ads - > ldap ) ;
ads - > ldap . last_attempt = time ( NULL ) ;
ads - > ldap . wrap_type = ADS_SASLWRAP_TYPE_PLAIN ;
2002-07-15 14:35:28 +04:00
2002-08-17 21:00:51 +04:00
/* try with a user specified server */
2006-05-12 19:17:35 +04:00
2008-01-31 03:50:49 +03:00
if ( DEBUGLEVEL > = 11 ) {
char * s = NDR_PRINT_STRUCT_STRING ( talloc_tos ( ) , ads_struct , ads ) ;
DEBUG ( 11 , ( " ads_connect: entering \n " ) ) ;
DEBUGADD ( 11 , ( " %s \n " , s ) ) ;
TALLOC_FREE ( s ) ;
}
2007-10-25 01:16:54 +04:00
if ( ads - > server . ldap_server & &
2008-06-27 18:22:39 +04:00
ads_try_connect ( ads , ads - > server . ldap_server , ads - > server . gc ) ) {
2002-08-17 21:00:51 +04:00
goto got_connection ;
2002-07-15 14:35:28 +04:00
}
2006-08-28 13:19:30 +04:00
ntstatus = ads_find_dc ( ads ) ;
if ( NT_STATUS_IS_OK ( ntstatus ) ) {
2002-08-17 21:00:51 +04:00
goto got_connection ;
2001-11-20 11:54:15 +03:00
}
2002-07-15 14:35:28 +04:00
2008-01-31 03:50:49 +03:00
status = ADS_ERROR_NT ( ntstatus ) ;
goto out ;
2002-08-17 21:00:51 +04:00
got_connection :
2007-10-25 01:16:54 +04:00
print_sockaddr ( addr , sizeof ( addr ) , & ads - > ldap . ss ) ;
2008-01-04 23:45:28 +03:00
DEBUG ( 3 , ( " Successfully contacted LDAP server %s \n " , addr ) ) ;
2002-07-15 14:35:28 +04:00
2002-08-17 21:00:51 +04:00
if ( ! ads - > auth . user_name ) {
2006-07-11 22:45:22 +04:00
/* Must use the userPrincipalName value here or sAMAccountName
and not servicePrincipalName ; found by Guenther Deschner */
2004-07-07 22:15:24 +04:00
2006-06-09 15:02:52 +04:00
asprintf ( & ads - > auth . user_name , " %s$ " , global_myname ( ) ) ;
2002-08-17 21:00:51 +04:00
}
if ( ! ads - > auth . realm ) {
2004-12-07 21:25:53 +03:00
ads - > auth . realm = SMB_STRDUP ( ads - > config . realm ) ;
2002-08-17 21:00:51 +04:00
}
if ( ! ads - > auth . kdc_server ) {
2007-10-25 01:16:54 +04:00
print_sockaddr ( addr , sizeof ( addr ) , & ads - > ldap . ss ) ;
ads - > auth . kdc_server = SMB_STRDUP ( addr ) ;
2002-08-17 21:00:51 +04:00
}
2002-03-11 07:06:30 +03:00
# if KRB5_DNS_HACK
/* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
to MIT kerberos to work ( tridge ) */
{
char * env ;
2002-08-17 21:00:51 +04:00
asprintf ( & env , " KRB5_KDC_ADDRESS_%s " , ads - > config . realm ) ;
setenv ( env , ads - > auth . kdc_server , 1 ) ;
2002-03-11 07:06:30 +03:00
free ( env ) ;
}
# endif
2006-05-12 19:17:35 +04:00
/* If the caller() requested no LDAP bind, then we are done */
2002-09-25 19:19:00 +04:00
if ( ads - > auth . flags & ADS_AUTH_NO_BIND ) {
2008-01-31 03:50:49 +03:00
status = ADS_SUCCESS ;
goto out ;
2002-08-17 21:00:51 +04:00
}
2007-07-18 11:45:16 +04:00
2007-07-18 15:21:21 +04:00
ads - > ldap . mem_ctx = talloc_init ( " ads LDAP connection memory " ) ;
2007-07-18 11:45:16 +04:00
if ( ! ads - > ldap . mem_ctx ) {
2008-01-31 03:50:49 +03:00
status = ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
goto out ;
2007-07-18 11:45:16 +04:00
}
2006-05-12 19:17:35 +04:00
/* Otherwise setup the TCP LDAP session */
2008-01-04 23:56:57 +03:00
ads - > ldap . ld = ldap_open_with_timeout ( ads - > config . ldap_server_name ,
2008-06-27 18:22:39 +04:00
ads - > ldap . port , lp_ldap_timeout ( ) ) ;
2008-01-04 23:56:57 +03:00
if ( ads - > ldap . ld = = NULL ) {
2008-01-31 03:50:49 +03:00
status = ADS_ERROR ( LDAP_OPERATIONS_ERROR ) ;
goto out ;
2006-05-12 19:17:35 +04:00
}
2008-01-05 00:06:15 +03:00
DEBUG ( 3 , ( " Connected to LDAP server %s \n " , ads - > config . ldap_server_name ) ) ;
2006-08-30 22:48:49 +04:00
2006-09-05 10:32:46 +04:00
/* cache the successful connection for workgroup and realm */
2006-11-10 15:42:50 +03:00
if ( ads_closest_dc ( ads ) ) {
2007-10-25 01:16:54 +04:00
print_sockaddr ( addr , sizeof ( addr ) , & ads - > ldap . ss ) ;
saf_store ( ads - > server . workgroup , addr ) ;
saf_store ( ads - > server . realm , addr ) ;
2006-09-15 18:18:52 +04:00
}
2006-08-30 22:48:49 +04:00
2007-07-16 15:08:00 +04:00
ldap_set_option ( ads - > ldap . ld , LDAP_OPT_PROTOCOL_VERSION , & version ) ;
2006-05-12 19:17:35 +04:00
2007-07-16 15:08:00 +04:00
status = ADS_ERROR ( smb_ldap_start_tls ( ads - > ldap . ld , version ) ) ;
2006-05-12 19:17:35 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2008-01-31 03:50:49 +03:00
goto out ;
2006-05-12 19:17:35 +04:00
}
/* fill in the current time and offsets */
status = ads_current_time ( ads ) ;
if ( ! ADS_ERR_OK ( status ) ) {
2008-01-31 03:50:49 +03:00
goto out ;
2006-05-12 19:17:35 +04:00
}
2002-08-17 21:00:51 +04:00
2006-05-12 19:17:35 +04:00
/* Now do the bind */
2002-10-01 22:26:00 +04:00
if ( ads - > auth . flags & ADS_AUTH_ANON_BIND ) {
2008-01-31 03:50:49 +03:00
status = ADS_ERROR ( ldap_simple_bind_s ( ads - > ldap . ld , NULL , NULL ) ) ;
goto out ;
2002-10-01 22:26:00 +04:00
}
if ( ads - > auth . flags & ADS_AUTH_SIMPLE_BIND ) {
2008-01-31 03:50:49 +03:00
status = ADS_ERROR ( ldap_simple_bind_s ( ads - > ldap . ld , ads - > auth . user_name , ads - > auth . password ) ) ;
goto out ;
}
status = ads_sasl_bind ( ads ) ;
out :
if ( DEBUGLEVEL > = 11 ) {
char * s = NDR_PRINT_STRUCT_STRING ( talloc_tos ( ) , ads_struct , ads ) ;
DEBUG ( 11 , ( " ads_connect: leaving with: %s \n " ,
ads_errstr ( status ) ) ) ;
DEBUGADD ( 11 , ( " %s \n " , s ) ) ;
TALLOC_FREE ( s ) ;
2002-10-01 22:26:00 +04:00
}
2008-01-31 03:50:49 +03:00
return status ;
2001-11-20 11:54:15 +03:00
}
2008-06-24 15:02:03 +04:00
/**
* Connect to the LDAP server using given credentials
* @ param ads Pointer to an existing ADS_STRUCT
* @ return status of connection
* */
ADS_STATUS ads_connect_user_creds ( ADS_STRUCT * ads )
{
ads - > auth . flags | = ADS_AUTH_USER_CREDS ;
return ads_connect ( ads ) ;
}
2007-07-16 13:48:15 +04:00
/**
* Disconnect the LDAP server
* @ param ads Pointer to an existing ADS_STRUCT
* */
void ads_disconnect ( ADS_STRUCT * ads )
{
2007-07-16 15:08:00 +04:00
if ( ads - > ldap . ld ) {
ldap_unbind ( ads - > ldap . ld ) ;
ads - > ldap . ld = NULL ;
2007-07-16 13:48:15 +04:00
}
2007-07-18 11:45:16 +04:00
if ( ads - > ldap . wrap_ops & & ads - > ldap . wrap_ops - > disconnect ) {
ads - > ldap . wrap_ops - > disconnect ( ads ) ;
}
if ( ads - > ldap . mem_ctx ) {
talloc_free ( ads - > ldap . mem_ctx ) ;
}
ZERO_STRUCT ( ads - > ldap ) ;
2007-07-16 13:48:15 +04:00
}
2002-07-15 14:35:28 +04:00
/*
Duplicate a struct berval into talloc ' ed memory
*/
static struct berval * dup_berval ( TALLOC_CTX * ctx , const struct berval * in_val )
{
struct berval * value ;
if ( ! in_val ) return NULL ;
2004-12-07 21:25:53 +03:00
value = TALLOC_ZERO_P ( ctx , struct berval ) ;
2002-12-31 02:55:53 +03:00
if ( value = = NULL )
return NULL ;
2002-07-15 14:35:28 +04:00
if ( in_val - > bv_len = = 0 ) return value ;
value - > bv_len = in_val - > bv_len ;
2006-09-04 01:07:16 +04:00
value - > bv_val = ( char * ) TALLOC_MEMDUP ( ctx , in_val - > bv_val ,
in_val - > bv_len ) ;
2002-07-15 14:35:28 +04:00
return value ;
}
/*
Make a values list out of an array of ( struct berval * )
*/
static struct berval * * ads_dup_values ( TALLOC_CTX * ctx ,
const struct berval * * in_vals )
{
struct berval * * values ;
int i ;
if ( ! in_vals ) return NULL ;
2004-12-07 21:25:53 +03:00
for ( i = 0 ; in_vals [ i ] ; i + + )
; /* count values */
values = TALLOC_ZERO_ARRAY ( ctx , struct berval * , i + 1 ) ;
2002-07-15 14:35:28 +04:00
if ( ! values ) return NULL ;
for ( i = 0 ; in_vals [ i ] ; i + + ) {
values [ i ] = dup_berval ( ctx , in_vals [ i ] ) ;
}
return values ;
}
/*
UTF8 - encode a values list out of an array of ( char * )
*/
static char * * ads_push_strvals ( TALLOC_CTX * ctx , const char * * in_vals )
{
char * * values ;
int i ;
2008-04-30 01:36:24 +04:00
size_t size ;
2002-07-15 14:35:28 +04:00
if ( ! in_vals ) return NULL ;
2004-12-07 21:25:53 +03:00
for ( i = 0 ; in_vals [ i ] ; i + + )
; /* count values */
values = TALLOC_ZERO_ARRAY ( ctx , char * , i + 1 ) ;
2002-07-15 14:35:28 +04:00
if ( ! values ) return NULL ;
for ( i = 0 ; in_vals [ i ] ; i + + ) {
2008-04-30 01:36:24 +04:00
if ( ! push_utf8_talloc ( ctx , & values [ i ] , in_vals [ i ] , & size ) ) {
2008-03-15 01:26:28 +03:00
TALLOC_FREE ( values ) ;
return NULL ;
}
2002-07-15 14:35:28 +04:00
}
return values ;
}
/*
Pull a ( char * ) array out of a UTF8 - encoded values list
*/
static char * * ads_pull_strvals ( TALLOC_CTX * ctx , const char * * in_vals )
{
char * * values ;
int i ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-07-15 14:35:28 +04:00
if ( ! in_vals ) return NULL ;
2004-12-07 21:25:53 +03:00
for ( i = 0 ; in_vals [ i ] ; i + + )
; /* count values */
values = TALLOC_ZERO_ARRAY ( ctx , char * , i + 1 ) ;
2002-07-15 14:35:28 +04:00
if ( ! values ) return NULL ;
for ( i = 0 ; in_vals [ i ] ; i + + ) {
2008-04-30 01:36:24 +04:00
if ( ! pull_utf8_talloc ( ctx , & values [ i ] , in_vals [ i ] ,
& converted_size ) ) {
DEBUG ( 0 , ( " ads_pull_strvals: pull_utf8_talloc failed: "
" %s " , strerror ( errno ) ) ) ;
}
2002-07-15 14:35:28 +04:00
}
return values ;
}
2002-03-19 15:58:38 +03:00
2002-04-10 17:28:03 +04:00
/**
* Do a search with paged results . cookie must be null on the first
* call , and then returned on each subsequent call . It will be null
* again when the entire search is complete
* @ param ads connection to ads server
* @ param bind_path Base dn for the search
2003-07-03 08:12:54 +04:00
* @ param scope Scope of search ( LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE )
2003-04-15 21:06:51 +04:00
* @ param expr Search expression - specified in local charset
2002-07-15 14:35:28 +04:00
* @ param attrs Attributes to retrieve - specified in utf8 or ascii
2002-04-10 17:28:03 +04:00
* @ param res * * which will contain results - free res * with ads_msgfree ( )
* @ param count Number of entries retrieved on this page
* @ param cookie The paged results cookie to be returned on subsequent calls
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
static ADS_STATUS ads_do_paged_search_args ( ADS_STRUCT * ads ,
const char * bind_path ,
int scope , const char * expr ,
const char * * attrs , void * args ,
LDAPMessage * * res ,
int * count , struct berval * * cookie )
2002-03-14 20:48:26 +03:00
{
2002-07-15 14:35:28 +04:00
int rc , i , version ;
2008-10-13 02:40:57 +04:00
char * utf8_expr , * utf8_path , * * search_attrs = NULL ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2007-05-11 16:52:48 +04:00
LDAPControl PagedResults , NoReferrals , ExternalCtrl , * controls [ 4 ] , * * rcontrols ;
2002-04-10 17:28:03 +04:00
BerElement * cookie_be = NULL ;
struct berval * cookie_bv = NULL ;
2007-05-11 16:52:48 +04:00
BerElement * ext_be = NULL ;
struct berval * ext_bv = NULL ;
2006-05-18 23:34:25 +04:00
2002-07-15 14:35:28 +04:00
TALLOC_CTX * ctx ;
2006-05-18 23:34:25 +04:00
ads_control * external_control = ( ads_control * ) args ;
2002-03-14 20:48:26 +03:00
* res = NULL ;
2006-05-18 23:34:25 +04:00
if ( ! ( ctx = talloc_init ( " ads_do_paged_search_args " ) ) )
2002-07-15 14:35:28 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
2002-03-14 20:48:26 +03:00
2002-07-15 14:35:28 +04:00
/* 0 means the conversion worked but the result was empty
2003-02-19 15:31:16 +03:00
so we only fail if it ' s - 1. In any case , it always
2002-07-15 14:35:28 +04:00
at least nulls out the dest */
2008-04-30 01:36:24 +04:00
if ( ! push_utf8_talloc ( ctx , & utf8_expr , expr , & converted_size ) | |
! push_utf8_talloc ( ctx , & utf8_path , bind_path , & converted_size ) )
{
2002-07-15 14:35:28 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
if ( ! attrs | | ! ( * attrs ) )
search_attrs = NULL ;
else {
/* This would be the utf8-encoded version...*/
/* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
2008-10-12 02:56:56 +04:00
if ( ! ( search_attrs = str_list_copy ( talloc_tos ( ) , attrs ) ) ) {
2002-07-15 14:35:28 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
}
/* Paged results only available on ldap v3 or later */
2007-07-16 15:08:00 +04:00
ldap_get_option ( ads - > ldap . ld , LDAP_OPT_PROTOCOL_VERSION , & version ) ;
2002-07-15 14:35:28 +04:00
if ( version < LDAP_VERSION3 ) {
rc = LDAP_NOT_SUPPORTED ;
goto done ;
}
2002-03-14 20:48:26 +03:00
2002-04-05 23:26:52 +04:00
cookie_be = ber_alloc_t ( LBER_USE_DER ) ;
2006-08-29 05:04:25 +04:00
if ( * cookie ) {
2002-04-05 23:26:52 +04:00
ber_printf ( cookie_be , " {iO} " , ( ber_int_t ) 1000 , * cookie ) ;
2002-03-14 20:48:26 +03:00
ber_bvfree ( * cookie ) ; /* don't need it from last time */
2002-03-20 01:14:53 +03:00
* cookie = NULL ;
2002-03-14 20:48:26 +03:00
} else {
2002-04-05 23:26:52 +04:00
ber_printf ( cookie_be , " {io} " , ( ber_int_t ) 1000 , " " , 0 ) ;
2002-03-14 20:48:26 +03:00
}
2002-04-05 23:26:52 +04:00
ber_flatten ( cookie_be , & cookie_bv ) ;
2005-03-31 09:06:04 +04:00
PagedResults . ldctl_oid = CONST_DISCARD ( char * , ADS_PAGE_CTL_OID ) ;
2002-03-27 06:09:50 +03:00
PagedResults . ldctl_iscritical = ( char ) 1 ;
2002-04-05 23:26:52 +04:00
PagedResults . ldctl_value . bv_len = cookie_bv - > bv_len ;
PagedResults . ldctl_value . bv_val = cookie_bv - > bv_val ;
2002-03-27 05:58:58 +03:00
2005-03-31 09:06:04 +04:00
NoReferrals . ldctl_oid = CONST_DISCARD ( char * , ADS_NO_REFERRALS_OID ) ;
2002-03-27 05:58:58 +03:00
NoReferrals . ldctl_iscritical = ( char ) 0 ;
NoReferrals . ldctl_value . bv_len = 0 ;
2005-03-31 09:06:04 +04:00
NoReferrals . ldctl_value . bv_val = CONST_DISCARD ( char * , " " ) ;
2002-03-27 05:58:58 +03:00
2007-05-11 16:52:48 +04:00
if ( external_control & &
( strequal ( external_control - > control , ADS_EXTENDED_DN_OID ) | |
strequal ( external_control - > control , ADS_SD_FLAGS_OID ) ) ) {
2006-05-18 23:34:25 +04:00
2007-05-11 16:52:48 +04:00
ExternalCtrl . ldctl_oid = CONST_DISCARD ( char * , external_control - > control ) ;
ExternalCtrl . ldctl_iscritical = ( char ) external_control - > critical ;
2006-05-18 23:34:25 +04:00
/* win2k does not accept a ldctl_value beeing passed in */
if ( external_control - > val ! = 0 ) {
2007-05-11 16:52:48 +04:00
if ( ( ext_be = ber_alloc_t ( LBER_USE_DER ) ) = = NULL ) {
2006-05-18 23:34:25 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
2007-05-11 16:52:48 +04:00
if ( ( ber_printf ( ext_be , " {i} " , ( ber_int_t ) external_control - > val ) ) = = - 1 ) {
2006-05-18 23:34:25 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
2007-05-11 17:19:49 +04:00
if ( ( ber_flatten ( ext_be , & ext_bv ) ) = = - 1 ) {
2006-05-18 23:34:25 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
2007-05-11 16:52:48 +04:00
ExternalCtrl . ldctl_value . bv_len = ext_bv - > bv_len ;
ExternalCtrl . ldctl_value . bv_val = ext_bv - > bv_val ;
2006-05-18 23:34:25 +04:00
} else {
2007-05-11 16:52:48 +04:00
ExternalCtrl . ldctl_value . bv_len = 0 ;
ExternalCtrl . ldctl_value . bv_val = NULL ;
2006-05-18 23:34:25 +04:00
}
2002-04-05 23:26:52 +04:00
2006-05-18 23:34:25 +04:00
controls [ 0 ] = & NoReferrals ;
controls [ 1 ] = & PagedResults ;
2007-05-11 16:52:48 +04:00
controls [ 2 ] = & ExternalCtrl ;
2006-05-18 23:34:25 +04:00
controls [ 3 ] = NULL ;
} else {
controls [ 0 ] = & NoReferrals ;
controls [ 1 ] = & PagedResults ;
controls [ 2 ] = NULL ;
}
2002-03-14 20:48:26 +03:00
2002-03-19 15:58:38 +03:00
/* we need to disable referrals as the openldap libs don't
2002-07-15 14:35:28 +04:00
handle them and paged results at the same time . Using them
together results in the result record containing the server
page control being removed from the result list ( tridge / jmcd )
2002-03-27 05:58:58 +03:00
leaving this in despite the control that says don ' t generate
referrals , in case the server doesn ' t support it ( jmcd )
*/
2007-07-16 15:08:00 +04:00
ldap_set_option ( ads - > ldap . ld , LDAP_OPT_REFERRALS , LDAP_OPT_OFF ) ;
2002-03-19 15:58:38 +03:00
2007-07-16 15:08:00 +04:00
rc = ldap_search_with_timeout ( ads - > ldap . ld , utf8_path , scope , utf8_expr ,
2004-11-18 14:43:14 +03:00
search_attrs , 0 , controls ,
2005-01-11 05:13:03 +03:00
NULL , LDAP_NO_LIMIT ,
2004-11-18 14:43:14 +03:00
( LDAPMessage * * ) res ) ;
2002-03-19 15:58:38 +03:00
2002-04-05 23:26:52 +04:00
ber_free ( cookie_be , 1 ) ;
ber_bvfree ( cookie_bv ) ;
2002-03-19 15:58:38 +03:00
if ( rc ) {
2006-05-18 23:34:25 +04:00
DEBUG ( 3 , ( " ads_do_paged_search_args: ldap_search_with_timeout(%s) -> %s \n " , expr ,
2004-11-18 14:43:14 +03:00
ldap_err2string ( rc ) ) ) ;
2002-07-15 14:35:28 +04:00
goto done ;
2002-03-19 15:58:38 +03:00
}
2007-07-16 15:08:00 +04:00
rc = ldap_parse_result ( ads - > ldap . ld , * res , NULL , NULL , NULL ,
2002-03-14 20:48:26 +03:00
NULL , & rcontrols , 0 ) ;
2002-03-19 15:58:38 +03:00
if ( ! rcontrols ) {
2002-07-15 14:35:28 +04:00
goto done ;
2002-03-19 15:58:38 +03:00
}
2002-04-05 23:26:52 +04:00
for ( i = 0 ; rcontrols [ i ] ; i + + ) {
if ( strcmp ( ADS_PAGE_CTL_OID , rcontrols [ i ] - > ldctl_oid ) = = 0 ) {
cookie_be = ber_init ( & rcontrols [ i ] - > ldctl_value ) ;
ber_scanf ( cookie_be , " {iO} " , ( ber_int_t * ) count ,
& cookie_bv ) ;
2002-03-14 20:48:26 +03:00
/* the berval is the cookie, but must be freed when
it is all done */
2002-04-05 23:26:52 +04:00
if ( cookie_bv - > bv_len ) /* still more to do */
* cookie = ber_bvdup ( cookie_bv ) ;
2002-03-14 20:48:26 +03:00
else
* cookie = NULL ;
2002-04-05 23:26:52 +04:00
ber_bvfree ( cookie_bv ) ;
ber_free ( cookie_be , 1 ) ;
2002-03-14 20:48:26 +03:00
break ;
}
}
ldap_controls_free ( rcontrols ) ;
2002-07-15 14:35:28 +04:00
done :
talloc_destroy ( ctx ) ;
2006-05-18 23:34:25 +04:00
2007-05-11 16:52:48 +04:00
if ( ext_be ) {
ber_free ( ext_be , 1 ) ;
2006-05-18 23:34:25 +04:00
}
2007-05-11 16:52:48 +04:00
if ( ext_bv ) {
ber_bvfree ( ext_bv ) ;
2006-05-18 23:34:25 +04:00
}
2002-07-15 14:35:28 +04:00
/* if/when we decide to utf8-encode attrs, take out this next line */
2008-02-04 23:05:41 +03:00
TALLOC_FREE ( search_attrs ) ;
2002-07-15 14:35:28 +04:00
2002-03-14 20:48:26 +03:00
return ADS_ERROR ( rc ) ;
}
2006-09-04 01:07:16 +04:00
static ADS_STATUS ads_do_paged_search ( ADS_STRUCT * ads , const char * bind_path ,
int scope , const char * expr ,
const char * * attrs , LDAPMessage * * res ,
int * count , struct berval * * cookie )
2006-05-18 23:34:25 +04:00
{
return ads_do_paged_search_args ( ads , bind_path , scope , expr , attrs , NULL , res , count , cookie ) ;
}
2002-03-20 01:14:53 +03:00
2002-04-10 17:28:03 +04:00
/**
* Get all results for a search . This uses ads_do_paged_search ( ) to return
* all entries in a large search .
* @ param ads connection to ads server
* @ param bind_path Base dn for the search
2003-07-03 08:12:54 +04:00
* @ param scope Scope of search ( LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE )
2003-04-15 21:06:51 +04:00
* @ param expr Search expression
2002-04-10 17:28:03 +04:00
* @ param attrs Attributes to retrieve
* @ param res * * which will contain results - free res * with ads_msgfree ( )
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_do_search_all_args ( ADS_STRUCT * ads , const char * bind_path ,
int scope , const char * expr ,
const char * * attrs , void * args ,
LDAPMessage * * res )
2002-03-20 01:14:53 +03:00
{
2006-09-04 01:07:16 +04:00
struct berval * cookie = NULL ;
2002-03-20 01:14:53 +03:00
int count = 0 ;
ADS_STATUS status ;
2004-11-15 21:57:22 +03:00
* res = NULL ;
2006-05-18 23:34:25 +04:00
status = ads_do_paged_search_args ( ads , bind_path , scope , expr , attrs , args , res ,
2002-04-10 17:28:03 +04:00
& count , & cookie ) ;
2002-03-20 01:14:53 +03:00
2005-11-22 20:15:28 +03:00
if ( ! ADS_ERR_OK ( status ) )
return status ;
2002-03-20 01:14:53 +03:00
2005-11-22 20:15:28 +03:00
# ifdef HAVE_LDAP_ADD_RESULT_ENTRY
2002-03-20 01:14:53 +03:00
while ( cookie ) {
2006-09-04 01:07:16 +04:00
LDAPMessage * res2 = NULL ;
2002-03-20 01:14:53 +03:00
ADS_STATUS status2 ;
LDAPMessage * msg , * next ;
2006-05-18 23:34:25 +04:00
status2 = ads_do_paged_search_args ( ads , bind_path , scope , expr ,
attrs , args , & res2 , & count , & cookie ) ;
2002-03-20 01:14:53 +03:00
if ( ! ADS_ERR_OK ( status2 ) ) break ;
/* this relies on the way that ldap_add_result_entry() works internally. I hope
that this works on all ldap libs , but I have only tested with openldap */
2008-04-26 05:34:46 +04:00
for ( msg = ads_first_message ( ads , res2 ) ; msg ; msg = next ) {
next = ads_next_message ( ads , msg ) ;
2002-03-20 01:14:53 +03:00
ldap_add_result_entry ( ( LDAPMessage * * ) res , msg ) ;
}
/* note that we do not free res2, as the memory is now
part of the main returned list */
}
2005-11-22 20:15:28 +03:00
# else
DEBUG ( 0 , ( " no ldap_add_result_entry() support in LDAP libs! \n " ) ) ;
status = ADS_ERROR_NT ( NT_STATUS_UNSUCCESSFUL ) ;
# endif
2002-03-20 01:14:53 +03:00
return status ;
}
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_do_search_all ( ADS_STRUCT * ads , const char * bind_path ,
int scope , const char * expr ,
const char * * attrs , LDAPMessage * * res )
2006-05-18 23:34:25 +04:00
{
return ads_do_search_all_args ( ads , bind_path , scope , expr , attrs , NULL , res ) ;
}
2007-05-11 16:52:48 +04:00
ADS_STATUS ads_do_search_all_sd_flags ( ADS_STRUCT * ads , const char * bind_path ,
int scope , const char * expr ,
const char * * attrs , uint32 sd_flags ,
LDAPMessage * * res )
{
ads_control args ;
args . control = ADS_SD_FLAGS_OID ;
args . val = sd_flags ;
args . critical = True ;
return ads_do_search_all_args ( ads , bind_path , scope , expr , attrs , & args , res ) ;
}
2002-04-10 17:28:03 +04:00
/**
* Run a function on all results for a search . Uses ads_do_paged_search ( ) and
* runs the function as each page is returned , using ads_process_results ( )
* @ param ads connection to ads server
* @ param bind_path Base dn for the search
2003-07-03 08:12:54 +04:00
* @ param scope Scope of search ( LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE )
2003-04-15 21:06:51 +04:00
* @ param expr Search expression - specified in local charset
2002-07-15 14:35:28 +04:00
* @ param attrs Attributes to retrieve - specified in UTF - 8 or ascii
2002-04-10 17:28:03 +04:00
* @ param fn Function which takes attr name , values list , and data_area
* @ param data_area Pointer which is passed to function on each call
* @ return status of search
* */
ADS_STATUS ads_do_search_all_fn ( ADS_STRUCT * ads , const char * bind_path ,
2003-04-15 21:06:51 +04:00
int scope , const char * expr , const char * * attrs ,
2007-10-19 04:40:25 +04:00
bool ( * fn ) ( ADS_STRUCT * , char * , void * * , void * ) ,
2002-04-10 17:28:03 +04:00
void * data_area )
2002-04-05 23:26:52 +04:00
{
2006-09-04 01:07:16 +04:00
struct berval * cookie = NULL ;
2002-04-05 23:26:52 +04:00
int count = 0 ;
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2002-04-05 23:26:52 +04:00
2003-04-15 21:06:51 +04:00
status = ads_do_paged_search ( ads , bind_path , scope , expr , attrs , & res ,
2002-04-10 17:28:03 +04:00
& count , & cookie ) ;
2002-04-05 23:26:52 +04:00
if ( ! ADS_ERR_OK ( status ) ) return status ;
ads_process_results ( ads , res , fn , data_area ) ;
ads_msgfree ( ads , res ) ;
while ( cookie ) {
2003-04-15 21:06:51 +04:00
status = ads_do_paged_search ( ads , bind_path , scope , expr , attrs ,
2002-04-10 17:28:03 +04:00
& res , & count , & cookie ) ;
2002-04-05 23:26:52 +04:00
if ( ! ADS_ERR_OK ( status ) ) break ;
ads_process_results ( ads , res , fn , data_area ) ;
ads_msgfree ( ads , res ) ;
}
return status ;
}
2002-04-10 17:28:03 +04:00
/**
* Do a search with a timeout .
* @ param ads connection to ads server
* @ param bind_path Base dn for the search
2003-07-03 08:12:54 +04:00
* @ param scope Scope of search ( LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE )
2003-04-15 21:06:51 +04:00
* @ param expr Search expression
2002-04-10 17:28:03 +04:00
* @ param attrs Attributes to retrieve
* @ param res * * which will contain results - free res * with ads_msgfree ( )
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_do_search ( ADS_STRUCT * ads , const char * bind_path , int scope ,
const char * expr ,
const char * * attrs , LDAPMessage * * res )
2001-12-05 12:19:25 +03:00
{
2001-12-19 15:21:12 +03:00
int rc ;
2003-04-15 21:06:51 +04:00
char * utf8_expr , * utf8_path , * * search_attrs = NULL ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-07-15 14:35:28 +04:00
TALLOC_CTX * ctx ;
2004-11-15 21:57:22 +03:00
* res = NULL ;
2002-12-20 23:21:31 +03:00
if ( ! ( ctx = talloc_init ( " ads_do_search " ) ) ) {
2002-09-25 19:19:00 +04:00
DEBUG ( 1 , ( " ads_do_search: talloc_init() failed! " ) ) ;
2002-07-15 14:35:28 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
2002-09-25 19:19:00 +04:00
}
2002-07-15 14:35:28 +04:00
/* 0 means the conversion worked but the result was empty
so we only fail if it ' s negative . In any case , it always
at least nulls out the dest */
2008-04-30 01:36:24 +04:00
if ( ! push_utf8_talloc ( ctx , & utf8_expr , expr , & converted_size ) | |
! push_utf8_talloc ( ctx , & utf8_path , bind_path , & converted_size ) )
{
2002-09-25 19:19:00 +04:00
DEBUG ( 1 , ( " ads_do_search: push_utf8_talloc() failed! " ) ) ;
2002-07-15 14:35:28 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
if ( ! attrs | | ! ( * attrs ) )
search_attrs = NULL ;
else {
/* This would be the utf8-encoded version...*/
/* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
2008-10-12 02:56:56 +04:00
if ( ! ( search_attrs = str_list_copy ( talloc_tos ( ) , attrs ) ) )
2002-07-15 14:35:28 +04:00
{
2002-09-25 19:19:00 +04:00
DEBUG ( 1 , ( " ads_do_search: str_list_copy() failed! " ) ) ;
2002-07-15 14:35:28 +04:00
rc = LDAP_NO_MEMORY ;
goto done ;
}
}
2001-12-05 12:19:25 +03:00
2002-07-15 14:35:28 +04:00
/* see the note in ads_do_paged_search - we *must* disable referrals */
2007-07-16 15:08:00 +04:00
ldap_set_option ( ads - > ldap . ld , LDAP_OPT_REFERRALS , LDAP_OPT_OFF ) ;
2002-07-15 14:35:28 +04:00
2007-07-16 15:08:00 +04:00
rc = ldap_search_with_timeout ( ads - > ldap . ld , utf8_path , scope , utf8_expr ,
2004-11-18 14:43:14 +03:00
search_attrs , 0 , NULL , NULL ,
2005-01-11 05:13:03 +03:00
LDAP_NO_LIMIT ,
2004-11-18 14:43:14 +03:00
( LDAPMessage * * ) res ) ;
2002-03-14 20:48:26 +03:00
2002-03-13 09:43:52 +03:00
if ( rc = = LDAP_SIZELIMIT_EXCEEDED ) {
DEBUG ( 3 , ( " Warning! sizelimit exceeded in ldap. Truncating. \n " ) ) ;
rc = 0 ;
}
2002-03-14 20:48:26 +03:00
2002-07-15 14:35:28 +04:00
done :
talloc_destroy ( ctx ) ;
/* if/when we decide to utf8-encode attrs, take out this next line */
2008-02-04 23:05:41 +03:00
TALLOC_FREE ( search_attrs ) ;
2001-12-19 15:21:12 +03:00
return ADS_ERROR ( rc ) ;
2001-12-05 12:19:25 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Do a general ADS search
* @ param ads connection to ads server
* @ param res * * which will contain results - free res * with ads_msgfree ( )
2003-04-15 21:06:51 +04:00
* @ param expr Search expression
2002-04-10 17:28:03 +04:00
* @ param attrs Attributes to retrieve
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_search ( ADS_STRUCT * ads , LDAPMessage * * res ,
const char * expr , const char * * attrs )
2001-11-25 04:31:07 +03:00
{
2002-08-17 21:00:51 +04:00
return ads_do_search ( ads , ads - > config . bind_path , LDAP_SCOPE_SUBTREE ,
2003-04-15 21:06:51 +04:00
expr , attrs , res ) ;
2001-11-25 04:31:07 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Do a search on a specific DistinguishedName
* @ param ads connection to ads server
* @ param res * * which will contain results - free res * with ads_msgfree ( )
* @ param dn DistinguishName to search
* @ param attrs Attributes to retrieve
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_search_dn ( ADS_STRUCT * ads , LDAPMessage * * res ,
const char * dn , const char * * attrs )
2001-12-04 15:08:16 +03:00
{
2006-09-04 01:07:16 +04:00
return ads_do_search ( ads , dn , LDAP_SCOPE_BASE , " (objectclass=*) " ,
attrs , res ) ;
2001-12-04 15:08:16 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Free up memory from a ads_search
* @ param ads connection to ads server
* @ param msg Search results to free
* */
2006-09-04 01:07:16 +04:00
void ads_msgfree ( ADS_STRUCT * ads , LDAPMessage * msg )
2001-12-05 09:26:56 +03:00
{
if ( ! msg ) return ;
ldap_msgfree ( msg ) ;
}
2001-11-25 04:31:07 +03:00
2002-04-10 17:28:03 +04:00
/**
* Free up memory from various ads requests
* @ param ads connection to ads server
* @ param mem Area to free
* */
2002-02-02 05:04:01 +03:00
void ads_memfree ( ADS_STRUCT * ads , void * mem )
{
2002-07-15 14:35:28 +04:00
SAFE_FREE ( mem ) ;
2002-02-02 05:04:01 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Get a dn from search results
* @ param ads connection to ads server
2003-06-16 06:42:00 +04:00
* @ param msg Search result
2002-04-10 17:28:03 +04:00
* @ return dn string
* */
2006-09-04 01:07:16 +04:00
char * ads_get_dn ( ADS_STRUCT * ads , LDAPMessage * msg )
2002-02-02 05:04:01 +03:00
{
2002-07-15 14:35:28 +04:00
char * utf8_dn , * unix_dn ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-07-15 14:35:28 +04:00
2007-07-16 15:08:00 +04:00
utf8_dn = ldap_get_dn ( ads - > ldap . ld , msg ) ;
2003-06-16 06:42:00 +04:00
2003-09-11 02:33:06 +04:00
if ( ! utf8_dn ) {
DEBUG ( 5 , ( " ads_get_dn: ldap_get_dn failed \n " ) ) ;
return NULL ;
}
2008-04-30 01:36:24 +04:00
if ( ! pull_utf8_allocate ( & unix_dn , utf8_dn , & converted_size ) ) {
2003-09-11 02:33:06 +04:00
DEBUG ( 0 , ( " ads_get_dn: string conversion failure utf8 [%s] \n " ,
utf8_dn ) ) ;
return NULL ;
}
2002-07-15 14:35:28 +04:00
ldap_memfree ( utf8_dn ) ;
return unix_dn ;
2002-02-02 05:04:01 +03:00
}
2006-02-04 01:19:41 +03:00
/**
* Get the parent from a dn
* @ param dn the dn to return the parent from
* @ return parent dn string
* */
char * ads_parent_dn ( const char * dn )
{
2006-06-18 13:45:18 +04:00
char * p ;
if ( dn = = NULL ) {
return NULL ;
}
p = strchr ( dn , ' , ' ) ;
2006-02-04 01:19:41 +03:00
if ( p = = NULL ) {
return NULL ;
}
return p + 1 ;
}
2002-04-10 17:28:03 +04:00
/**
* Find a machine account given a hostname
* @ param ads connection to ads server
* @ param res * * which will contain results - free res * with ads_msgfree ( )
* @ param host Hostname to search for
* @ return status of search
* */
2006-09-04 01:07:16 +04:00
ADS_STATUS ads_find_machine_acct ( ADS_STRUCT * ads , LDAPMessage * * res ,
const char * machine )
2001-11-20 11:54:15 +03:00
{
2001-12-19 15:21:12 +03:00
ADS_STATUS status ;
2003-04-15 21:06:51 +04:00
char * expr ;
2002-01-03 14:59:33 +03:00
const char * attrs [ ] = { " * " , " nTSecurityDescriptor " , NULL } ;
2001-11-20 11:54:15 +03:00
2004-11-15 21:57:22 +03:00
* res = NULL ;
2001-11-20 11:54:15 +03:00
/* the easiest way to find a machine account anywhere in the tree
is to look for hostname $ */
2004-06-22 04:48:59 +04:00
if ( asprintf ( & expr , " (samAccountName=%s$) " , machine ) = = - 1 ) {
2002-10-01 22:26:00 +04:00
DEBUG ( 1 , ( " asprintf failed! \n " ) ) ;
return ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
}
2003-04-15 21:06:51 +04:00
status = ads_search ( ads , res , expr , attrs ) ;
2004-06-22 04:48:59 +04:00
SAFE_FREE ( expr ) ;
2001-12-19 15:21:12 +03:00
return status ;
2001-11-20 11:54:15 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Initialize a list of mods to be used in a modify request
* @ param ctx An initialized TALLOC_CTX
* @ return allocated ADS_MODLIST
* */
2002-02-12 21:22:33 +03:00
ADS_MODLIST ads_init_mods ( TALLOC_CTX * ctx )
2002-02-01 19:14:33 +03:00
{
2002-02-11 18:47:02 +03:00
# define ADS_MODLIST_ALLOC_SIZE 10
2002-02-01 19:14:33 +03:00
LDAPMod * * mods ;
2004-12-07 21:25:53 +03:00
if ( ( mods = TALLOC_ZERO_ARRAY ( ctx , LDAPMod * , ADS_MODLIST_ALLOC_SIZE + 1 ) ) )
2002-02-03 01:06:10 +03:00
/* -1 is safety to make sure we don't go over the end.
need to reset it to NULL before doing ldap modify */
2002-02-11 18:47:02 +03:00
mods [ ADS_MODLIST_ALLOC_SIZE ] = ( LDAPMod * ) - 1 ;
2002-02-01 19:14:33 +03:00
2005-03-22 19:39:09 +03:00
return ( ADS_MODLIST ) mods ;
2002-02-01 19:14:33 +03:00
}
2002-07-15 14:35:28 +04:00
2002-02-01 19:14:33 +03:00
/*
add an attribute to the list , with values list already constructed
*/
2002-02-12 21:22:33 +03:00
static ADS_STATUS ads_modlist_add ( TALLOC_CTX * ctx , ADS_MODLIST * mods ,
2002-07-15 14:35:28 +04:00
int mod_op , const char * name ,
2006-07-11 22:01:26 +04:00
const void * _invals )
2002-02-01 19:14:33 +03:00
{
2006-07-11 22:01:26 +04:00
const void * * invals = ( const void * * ) _invals ;
2002-02-01 19:14:33 +03:00
int curmod ;
2002-02-11 18:47:02 +03:00
LDAPMod * * modlist = ( LDAPMod * * ) * mods ;
2003-02-24 06:43:49 +03:00
struct berval * * ber_values = NULL ;
char * * char_values = NULL ;
2002-07-15 14:35:28 +04:00
if ( ! invals ) {
mod_op = LDAP_MOD_DELETE ;
} else {
if ( mod_op & LDAP_MOD_BVALUES )
2003-02-24 05:55:00 +03:00
ber_values = ads_dup_values ( ctx ,
( const struct berval * * ) invals ) ;
2002-07-15 14:35:28 +04:00
else
2003-02-24 05:55:00 +03:00
char_values = ads_push_strvals ( ctx ,
( const char * * ) invals ) ;
2002-07-15 14:35:28 +04:00
}
2002-02-01 19:14:33 +03:00
/* find the first empty slot */
2002-02-06 05:28:46 +03:00
for ( curmod = 0 ; modlist [ curmod ] & & modlist [ curmod ] ! = ( LDAPMod * ) - 1 ;
curmod + + ) ;
2002-02-11 18:47:02 +03:00
if ( modlist [ curmod ] = = ( LDAPMod * ) - 1 ) {
2004-12-07 21:25:53 +03:00
if ( ! ( modlist = TALLOC_REALLOC_ARRAY ( ctx , modlist , LDAPMod * ,
curmod + ADS_MODLIST_ALLOC_SIZE + 1 ) ) )
2002-02-11 18:47:02 +03:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
memset ( & modlist [ curmod ] , 0 ,
ADS_MODLIST_ALLOC_SIZE * sizeof ( LDAPMod * ) ) ;
modlist [ curmod + ADS_MODLIST_ALLOC_SIZE ] = ( LDAPMod * ) - 1 ;
2005-03-22 19:39:09 +03:00
* mods = ( ADS_MODLIST ) modlist ;
2002-02-11 18:47:02 +03:00
}
2002-02-06 05:28:46 +03:00
2004-12-07 21:25:53 +03:00
if ( ! ( modlist [ curmod ] = TALLOC_ZERO_P ( ctx , LDAPMod ) ) )
2002-02-03 01:06:10 +03:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
2002-07-15 14:35:28 +04:00
modlist [ curmod ] - > mod_type = talloc_strdup ( ctx , name ) ;
2003-02-24 05:55:00 +03:00
if ( mod_op & LDAP_MOD_BVALUES ) {
modlist [ curmod ] - > mod_bvalues = ber_values ;
} else if ( mod_op & LDAP_MOD_DELETE ) {
modlist [ curmod ] - > mod_values = NULL ;
} else {
modlist [ curmod ] - > mod_values = char_values ;
}
2002-02-01 20:13:39 +03:00
modlist [ curmod ] - > mod_op = mod_op ;
2002-02-03 01:06:10 +03:00
return ADS_ERROR ( LDAP_SUCCESS ) ;
2002-02-01 19:14:33 +03:00
}
2002-04-10 17:28:03 +04:00
/**
2002-07-15 14:35:28 +04:00
* Add a single string value to a mod list
2002-04-10 17:28:03 +04:00
* @ param ctx An initialized TALLOC_CTX
* @ param mods An initialized ADS_MODLIST
* @ param name The attribute name to add
2002-07-15 14:35:28 +04:00
* @ param val The value to add - NULL means DELETE
2002-04-10 17:28:03 +04:00
* @ return ADS STATUS indicating success of add
* */
2002-07-15 14:35:28 +04:00
ADS_STATUS ads_mod_str ( TALLOC_CTX * ctx , ADS_MODLIST * mods ,
const char * name , const char * val )
2002-02-01 19:14:33 +03:00
{
2002-09-25 19:19:00 +04:00
const char * values [ 2 ] ;
values [ 0 ] = val ;
values [ 1 ] = NULL ;
2002-07-15 14:35:28 +04:00
if ( ! val )
2002-02-12 21:22:33 +03:00
return ads_modlist_add ( ctx , mods , LDAP_MOD_DELETE , name , NULL ) ;
2006-07-11 22:01:26 +04:00
return ads_modlist_add ( ctx , mods , LDAP_MOD_REPLACE , name , values ) ;
2002-02-01 19:14:33 +03:00
}
2002-04-10 17:28:03 +04:00
/**
2002-07-15 14:35:28 +04:00
* Add an array of string values to a mod list
2002-04-10 17:28:03 +04:00
* @ param ctx An initialized TALLOC_CTX
* @ param mods An initialized ADS_MODLIST
* @ param name The attribute name to add
2002-07-15 14:35:28 +04:00
* @ param vals The array of string values to add - NULL means DELETE
2002-04-10 17:28:03 +04:00
* @ return ADS STATUS indicating success of add
* */
2002-07-15 14:35:28 +04:00
ADS_STATUS ads_mod_strlist ( TALLOC_CTX * ctx , ADS_MODLIST * mods ,
const char * name , const char * * vals )
2002-02-03 01:06:10 +03:00
{
2002-07-15 14:35:28 +04:00
if ( ! vals )
return ads_modlist_add ( ctx , mods , LDAP_MOD_DELETE , name , NULL ) ;
return ads_modlist_add ( ctx , mods , LDAP_MOD_REPLACE ,
name , ( const void * * ) vals ) ;
2002-02-01 19:14:33 +03:00
}
2006-05-13 08:39:19 +04:00
#if 0
2002-04-10 17:28:03 +04:00
/**
2002-07-15 14:35:28 +04:00
* Add a single ber - encoded value to a mod list
2002-04-10 17:28:03 +04:00
* @ param ctx An initialized TALLOC_CTX
* @ param mods An initialized ADS_MODLIST
* @ param name The attribute name to add
2002-07-15 14:35:28 +04:00
* @ param val The value to add - NULL means DELETE
2002-04-10 17:28:03 +04:00
* @ return ADS STATUS indicating success of add
* */
2002-07-15 14:35:28 +04:00
static ADS_STATUS ads_mod_ber ( TALLOC_CTX * ctx , ADS_MODLIST * mods ,
const char * name , const struct berval * val )
2002-02-12 21:22:33 +03:00
{
2002-09-25 19:19:00 +04:00
const struct berval * values [ 2 ] ;
values [ 0 ] = val ;
values [ 1 ] = NULL ;
2002-02-12 21:22:33 +03:00
if ( ! val )
2002-07-15 14:35:28 +04:00
return ads_modlist_add ( ctx , mods , LDAP_MOD_DELETE , name , NULL ) ;
return ads_modlist_add ( ctx , mods , LDAP_MOD_REPLACE | LDAP_MOD_BVALUES ,
name , ( const void * * ) values ) ;
2002-02-01 19:14:33 +03:00
}
2006-05-13 08:39:19 +04:00
# endif
2002-02-01 19:14:33 +03:00
2002-04-10 17:28:03 +04:00
/**
* Perform an ldap modify
* @ param ads connection to ads server
* @ param mod_dn DistinguishedName to modify
* @ param mods list of modifications to perform
* @ return status of modify
* */
2002-02-11 18:47:02 +03:00
ADS_STATUS ads_gen_mod ( ADS_STRUCT * ads , const char * mod_dn , ADS_MODLIST mods )
2002-02-01 19:14:33 +03:00
{
int ret , i ;
2002-07-15 14:35:28 +04:00
char * utf8_dn = NULL ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-02-03 01:06:10 +03:00
/*
2002-02-06 05:28:46 +03:00
this control is needed to modify that contains a currently
non - existent attribute ( but allowable for the object ) to run
2002-02-03 01:06:10 +03:00
*/
2002-02-06 05:28:46 +03:00
LDAPControl PermitModify = {
2005-03-31 09:06:04 +04:00
CONST_DISCARD ( char * , ADS_PERMIT_MODIFY_OID ) ,
2002-02-06 05:28:46 +03:00
{ 0 , NULL } ,
( char ) 1 } ;
2002-03-04 04:07:02 +03:00
LDAPControl * controls [ 2 ] ;
controls [ 0 ] = & PermitModify ;
controls [ 1 ] = NULL ;
2002-02-03 01:06:10 +03:00
2008-04-30 01:36:24 +04:00
if ( ! push_utf8_allocate ( & utf8_dn , mod_dn , & converted_size ) ) {
2002-10-01 22:26:00 +04:00
return ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
}
2002-07-15 14:35:28 +04:00
2002-02-01 19:14:33 +03:00
/* find the end of the list, marked by NULL or -1 */
2002-02-11 18:47:02 +03:00
for ( i = 0 ; ( mods [ i ] ! = 0 ) & & ( mods [ i ] ! = ( LDAPMod * ) - 1 ) ; i + + ) ;
2002-02-01 19:14:33 +03:00
/* make sure the end of the list is NULL */
mods [ i ] = NULL ;
2007-07-16 15:08:00 +04:00
ret = ldap_modify_ext_s ( ads - > ldap . ld , utf8_dn ,
2002-07-15 14:35:28 +04:00
( LDAPMod * * ) mods , controls , NULL ) ;
SAFE_FREE ( utf8_dn ) ;
2002-02-01 19:14:33 +03:00
return ADS_ERROR ( ret ) ;
}
2001-11-20 11:54:15 +03:00
2002-04-10 17:28:03 +04:00
/**
* Perform an ldap add
* @ param ads connection to ads server
* @ param new_dn DistinguishedName to add
* @ param mods list of attributes and values for DN
* @ return status of add
* */
2002-02-12 21:22:33 +03:00
ADS_STATUS ads_gen_add ( ADS_STRUCT * ads , const char * new_dn , ADS_MODLIST mods )
2001-11-20 11:54:15 +03:00
{
2002-07-15 14:35:28 +04:00
int ret , i ;
char * utf8_dn = NULL ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2001-11-20 11:54:15 +03:00
2008-04-30 01:36:24 +04:00
if ( ! push_utf8_allocate ( & utf8_dn , new_dn , & converted_size ) ) {
2002-10-01 22:26:00 +04:00
DEBUG ( 1 , ( " ads_gen_add: push_utf8_allocate failed! " ) ) ;
return ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
}
2002-07-15 14:35:28 +04:00
2002-02-12 21:22:33 +03:00
/* find the end of the list, marked by NULL or -1 */
for ( i = 0 ; ( mods [ i ] ! = 0 ) & & ( mods [ i ] ! = ( LDAPMod * ) - 1 ) ; i + + ) ;
/* make sure the end of the list is NULL */
2001-11-20 11:54:15 +03:00
mods [ i ] = NULL ;
2007-07-16 15:08:00 +04:00
ret = ldap_add_s ( ads - > ldap . ld , utf8_dn , ( LDAPMod * * ) mods ) ;
2002-07-15 14:35:28 +04:00
SAFE_FREE ( utf8_dn ) ;
return ADS_ERROR ( ret ) ;
2001-11-20 11:54:15 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Delete a DistinguishedName
* @ param ads connection to ads server
* @ param new_dn DistinguishedName to delete
* @ return status of delete
* */
2002-02-02 05:04:01 +03:00
ADS_STATUS ads_del_dn ( ADS_STRUCT * ads , char * del_dn )
{
2002-07-15 14:35:28 +04:00
int ret ;
char * utf8_dn = NULL ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
if ( ! push_utf8_allocate ( & utf8_dn , del_dn , & converted_size ) ) {
2002-10-01 22:26:00 +04:00
DEBUG ( 1 , ( " ads_del_dn: push_utf8_allocate failed! " ) ) ;
return ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
}
2007-07-16 15:08:00 +04:00
ret = ldap_delete_s ( ads - > ldap . ld , utf8_dn ) ;
2006-11-01 14:04:28 +03:00
SAFE_FREE ( utf8_dn ) ;
2002-07-15 14:35:28 +04:00
return ADS_ERROR ( ret ) ;
2002-02-02 05:04:01 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Build an org unit string
* if org unit is Computers or blank then assume a container , otherwise
2006-04-06 05:46:01 +04:00
* assume a / separated list of organisational units .
* jmcd : ' \ ' is now used for escapes so certain chars can be in the ou ( e . g . # )
2004-10-06 20:21:35 +04:00
* @ param ads connection to ads server
2002-04-10 17:28:03 +04:00
* @ param org_unit Organizational unit
* @ return org unit string - caller must free
* */
2004-10-06 20:21:35 +04:00
char * ads_ou_string ( ADS_STRUCT * ads , const char * org_unit )
{
char * ret = NULL ;
if ( ! org_unit | | ! * org_unit ) {
ret = ads_default_ou_string ( ads , WELL_KNOWN_GUID_COMPUTERS ) ;
/* samba4 might not yet respond to a wellknownobject-query */
2004-12-07 21:25:53 +03:00
return ret ? ret : SMB_STRDUP ( " cn=Computers " ) ;
2004-10-06 20:21:35 +04:00
}
if ( strequal ( org_unit , " Computers " ) ) {
2004-12-07 21:25:53 +03:00
return SMB_STRDUP ( " cn=Computers " ) ;
2002-01-16 05:22:30 +03:00
}
2006-04-06 05:46:01 +04:00
/* jmcd: removed "\\" from the separation chars, because it is
needed as an escape for chars like ' # ' which are valid in an
OU name */
return ads_build_path ( org_unit , " / " , " ou= " , 1 ) ;
2002-01-16 05:22:30 +03:00
}
2004-10-06 20:21:35 +04:00
/**
* Get a org unit string for a well - known GUID
* @ param ads connection to ads server
* @ param wknguid Well known GUID
* @ return org unit string - caller must free
* */
char * ads_default_ou_string ( ADS_STRUCT * ads , const char * wknguid )
{
ADS_STATUS status ;
2006-11-09 13:16:38 +03:00
LDAPMessage * res = NULL ;
2006-11-13 13:34:59 +03:00
char * base , * wkn_dn = NULL , * ret = NULL , * * wkn_dn_exp = NULL ,
* * bind_dn_exp = NULL ;
2004-10-06 20:21:35 +04:00
const char * attrs [ ] = { " distinguishedName " , NULL } ;
int new_ln , wkn_ln , bind_ln , i ;
if ( wknguid = = NULL ) {
return NULL ;
}
if ( asprintf ( & base , " <WKGUID=%s,%s> " , wknguid , ads - > config . bind_path ) = = - 1 ) {
DEBUG ( 1 , ( " asprintf failed! \n " ) ) ;
return NULL ;
}
status = ads_search_dn ( ads , & res , base , attrs ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 1 , ( " Failed while searching for: %s \n " , base ) ) ;
2006-11-09 13:16:38 +03:00
goto out ;
2004-10-06 20:21:35 +04:00
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
2006-11-09 13:16:38 +03:00
goto out ;
2004-10-06 20:21:35 +04:00
}
/* substitute the bind-path from the well-known-guid-search result */
wkn_dn = ads_get_dn ( ads , res ) ;
2006-11-09 13:16:38 +03:00
if ( ! wkn_dn ) {
goto out ;
}
2004-10-06 20:21:35 +04:00
wkn_dn_exp = ldap_explode_dn ( wkn_dn , 0 ) ;
2006-11-09 13:16:38 +03:00
if ( ! wkn_dn_exp ) {
goto out ;
}
2004-10-06 20:21:35 +04:00
bind_dn_exp = ldap_explode_dn ( ads - > config . bind_path , 0 ) ;
2006-11-09 13:16:38 +03:00
if ( ! bind_dn_exp ) {
goto out ;
}
2004-10-06 20:21:35 +04:00
for ( wkn_ln = 0 ; wkn_dn_exp [ wkn_ln ] ; wkn_ln + + )
;
for ( bind_ln = 0 ; bind_dn_exp [ bind_ln ] ; bind_ln + + )
;
new_ln = wkn_ln - bind_ln ;
2006-11-01 14:19:33 +03:00
ret = SMB_STRDUP ( wkn_dn_exp [ 0 ] ) ;
2006-11-09 13:16:38 +03:00
if ( ! ret ) {
goto out ;
}
2004-10-06 20:21:35 +04:00
for ( i = 1 ; i < new_ln ; i + + ) {
2006-11-09 13:16:38 +03:00
char * s = NULL ;
if ( asprintf ( & s , " %s,%s " , ret , wkn_dn_exp [ i ] ) = = - 1 ) {
SAFE_FREE ( ret ) ;
goto out ;
}
SAFE_FREE ( ret ) ;
2004-12-07 21:25:53 +03:00
ret = SMB_STRDUP ( s ) ;
2004-10-06 20:21:35 +04:00
free ( s ) ;
2006-11-09 13:16:38 +03:00
if ( ! ret ) {
goto out ;
}
2004-10-06 20:21:35 +04:00
}
2006-11-09 13:16:38 +03:00
out :
SAFE_FREE ( base ) ;
2006-11-01 14:19:33 +03:00
ads_msgfree ( ads , res ) ;
2006-06-13 17:41:04 +04:00
ads_memfree ( ads , wkn_dn ) ;
2006-11-09 13:16:38 +03:00
if ( wkn_dn_exp ) {
ldap_value_free ( wkn_dn_exp ) ;
}
if ( bind_dn_exp ) {
ldap_value_free ( bind_dn_exp ) ;
}
2006-06-13 17:41:04 +04:00
2004-10-06 20:21:35 +04:00
return ret ;
}
2004-06-22 04:48:59 +04:00
/**
* Adds ( appends ) an item to an attribute array , rather then
* replacing the whole list
* @ param ctx An initialized TALLOC_CTX
* @ param mods An initialized ADS_MODLIST
* @ param name name of the ldap attribute to append to
* @ param vals an array of values to add
* @ return status of addition
* */
2002-01-16 05:22:30 +03:00
2004-06-22 04:48:59 +04:00
ADS_STATUS ads_add_strlist ( TALLOC_CTX * ctx , ADS_MODLIST * mods ,
const char * name , const char * * vals )
{
2006-09-04 01:07:16 +04:00
return ads_modlist_add ( ctx , mods , LDAP_MOD_ADD , name ,
( const void * ) vals ) ;
2004-06-22 04:48:59 +04:00
}
2002-01-16 05:22:30 +03:00
2004-06-22 04:48:59 +04:00
/**
2008-06-17 18:20:29 +04:00
* Determines the an account ' s current KVNO via an LDAP lookup
2004-06-22 04:48:59 +04:00
* @ param ads An initialized ADS_STRUCT
2008-06-17 18:20:29 +04:00
* @ param account_name the NT samaccountname .
* @ return the kvno for the account , or - 1 in case of a failure .
2004-06-22 04:48:59 +04:00
* */
2008-06-17 18:20:29 +04:00
uint32 ads_get_kvno ( ADS_STRUCT * ads , const char * account_name )
2004-06-22 04:48:59 +04:00
{
2004-06-23 04:20:31 +04:00
LDAPMessage * res = NULL ;
2004-06-22 04:48:59 +04:00
uint32 kvno = ( uint32 ) - 1 ; /* -1 indicates a failure */
char * filter ;
const char * attrs [ ] = { " msDS-KeyVersionNumber " , NULL } ;
char * dn_string = NULL ;
ADS_STATUS ret = ADS_ERROR ( LDAP_SUCCESS ) ;
2008-06-17 18:20:29 +04:00
DEBUG ( 5 , ( " ads_get_kvno: Searching for account %s \n " , account_name ) ) ;
if ( asprintf ( & filter , " (samAccountName=%s) " , account_name ) = = - 1 ) {
2004-06-22 04:48:59 +04:00
return kvno ;
}
2006-09-04 01:07:16 +04:00
ret = ads_search ( ads , & res , filter , attrs ) ;
2004-06-22 04:48:59 +04:00
SAFE_FREE ( filter ) ;
2008-06-17 18:17:03 +04:00
if ( ! ADS_ERR_OK ( ret ) | | ( ads_count_replies ( ads , res ) ! = 1 ) ) {
2008-06-17 18:20:29 +04:00
DEBUG ( 1 , ( " ads_get_kvno: Account for %s not found. \n " , account_name ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return kvno ;
}
dn_string = ads_get_dn ( ads , res ) ;
if ( ! dn_string ) {
DEBUG ( 0 , ( " ads_get_kvno: out of memory. \n " ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return kvno ;
}
DEBUG ( 5 , ( " ads_get_kvno: Using: %s \n " , dn_string ) ) ;
ads_memfree ( ads , dn_string ) ;
/* ---------------------------------------------------------
* 0 is returned as a default KVNO from this point on . . .
* This is done because Windows 2000 does not support key
* version numbers . Chances are that a failure in the next
* step is simply due to Windows 2000 being used for a
* domain controller . */
kvno = 0 ;
if ( ! ads_pull_uint32 ( ads , res , " msDS-KeyVersionNumber " , & kvno ) ) {
DEBUG ( 3 , ( " ads_get_kvno: Error Determining KVNO! \n " ) ) ;
DEBUG ( 3 , ( " ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal. \n " ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return kvno ;
}
/* Success */
DEBUG ( 5 , ( " ads_get_kvno: Looked Up KVNO of: %d \n " , kvno ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return kvno ;
}
2008-06-17 18:20:29 +04:00
/**
* Determines the computer account ' s current KVNO via an LDAP lookup
* @ param ads An initialized ADS_STRUCT
* @ param machine_name the NetBIOS name of the computer , which is used to identify the computer account .
* @ return the kvno for the computer account , or - 1 in case of a failure .
* */
uint32_t ads_get_machine_kvno ( ADS_STRUCT * ads , const char * machine_name )
{
char * computer_account = NULL ;
uint32_t kvno = - 1 ;
if ( asprintf ( & computer_account , " %s$ " , machine_name ) < 0 ) {
return kvno ;
}
kvno = ads_get_kvno ( ads , computer_account ) ;
free ( computer_account ) ;
return kvno ;
}
2004-06-22 04:48:59 +04:00
/**
* This clears out all registered spn ' s for a given hostname
* @ param ads An initilaized ADS_STRUCT
* @ param machine_name the NetBIOS name of the computer .
* @ return 0 upon success , non - zero otherwise .
* */
ADS_STATUS ads_clear_service_principal_names ( ADS_STRUCT * ads , const char * machine_name )
{
TALLOC_CTX * ctx ;
2004-06-23 04:20:31 +04:00
LDAPMessage * res = NULL ;
2004-06-22 04:48:59 +04:00
ADS_MODLIST mods ;
const char * servicePrincipalName [ 1 ] = { NULL } ;
ADS_STATUS ret = ADS_ERROR ( LDAP_SUCCESS ) ;
char * dn_string = NULL ;
2006-09-04 01:07:16 +04:00
ret = ads_find_machine_acct ( ads , & res , machine_name ) ;
2004-06-22 04:48:59 +04:00
if ( ! ADS_ERR_OK ( ret ) | | ads_count_replies ( ads , res ) ! = 1 ) {
DEBUG ( 5 , ( " ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation. \n " , machine_name ) ) ;
DEBUG ( 5 , ( " ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared. \n " , machine_name ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_SUCH_OBJECT ) ;
}
DEBUG ( 5 , ( " ads_clear_service_principal_names: Host account for %s found \n " , machine_name ) ) ;
ctx = talloc_init ( " ads_clear_service_principal_names " ) ;
if ( ! ctx ) {
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
if ( ! ( mods = ads_init_mods ( ctx ) ) ) {
talloc_destroy ( ctx ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
ret = ads_mod_strlist ( ctx , & mods , " servicePrincipalName " , servicePrincipalName ) ;
if ( ! ADS_ERR_OK ( ret ) ) {
DEBUG ( 1 , ( " ads_clear_service_principal_names: Error creating strlist. \n " ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
talloc_destroy ( ctx ) ;
return ret ;
}
dn_string = ads_get_dn ( ads , res ) ;
if ( ! dn_string ) {
talloc_destroy ( ctx ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
ret = ads_gen_mod ( ads , dn_string , mods ) ;
ads_memfree ( ads , dn_string ) ;
if ( ! ADS_ERR_OK ( ret ) ) {
DEBUG ( 1 , ( " ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP \n " ,
machine_name ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
talloc_destroy ( ctx ) ;
return ret ;
}
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
talloc_destroy ( ctx ) ;
return ret ;
}
/**
* This adds a service principal name to an existing computer account
* ( found by hostname ) in AD .
* @ param ads An initialized ADS_STRUCT
* @ param machine_name the NetBIOS name of the computer , which is used to identify the computer account .
2006-07-11 22:45:22 +04:00
* @ param my_fqdn The fully qualified DNS name of the machine
2004-06-22 04:48:59 +04:00
* @ param spn A string of the service principal to add , i . e . ' host '
* @ return 0 upon sucess , or non - zero if a failure occurs
* */
2006-07-11 22:45:22 +04:00
ADS_STATUS ads_add_service_principal_name ( ADS_STRUCT * ads , const char * machine_name ,
const char * my_fqdn , const char * spn )
2004-06-22 04:48:59 +04:00
{
ADS_STATUS ret ;
TALLOC_CTX * ctx ;
2004-06-23 04:20:31 +04:00
LDAPMessage * res = NULL ;
2006-07-11 22:45:22 +04:00
char * psp1 , * psp2 ;
2004-06-22 04:48:59 +04:00
ADS_MODLIST mods ;
char * dn_string = NULL ;
2006-07-11 22:45:22 +04:00
const char * servicePrincipalName [ 3 ] = { NULL , NULL , NULL } ;
2004-06-22 04:48:59 +04:00
2006-09-04 01:07:16 +04:00
ret = ads_find_machine_acct ( ads , & res , machine_name ) ;
2004-06-22 04:48:59 +04:00
if ( ! ADS_ERR_OK ( ret ) | | ads_count_replies ( ads , res ) ! = 1 ) {
DEBUG ( 1 , ( " ads_add_service_principal_name: WARNING: Host Account for %s not found... skipping operation. \n " ,
machine_name ) ) ;
DEBUG ( 1 , ( " ads_add_service_principal_name: WARNING: Service Principal '%s/%s@%s' has NOT been added. \n " ,
spn , machine_name , ads - > config . realm ) ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_SUCH_OBJECT ) ;
}
DEBUG ( 1 , ( " ads_add_service_principal_name: Host account for %s found \n " , machine_name ) ) ;
if ( ! ( ctx = talloc_init ( " ads_add_service_principal_name " ) ) ) {
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2006-07-11 22:45:22 +04:00
/* add short name spn */
if ( ( psp1 = talloc_asprintf ( ctx , " %s/%s " , spn , machine_name ) ) = = NULL ) {
2006-06-17 03:21:36 +04:00
talloc_destroy ( ctx ) ;
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2004-06-22 04:48:59 +04:00
strupper_m ( psp1 ) ;
strlower_m ( & psp1 [ strlen ( spn ) ] ) ;
servicePrincipalName [ 0 ] = psp1 ;
2006-07-11 22:45:22 +04:00
DEBUG ( 5 , ( " ads_add_service_principal_name: INFO: Adding %s to host %s \n " ,
psp1 , machine_name ) ) ;
2006-06-17 03:21:36 +04:00
2006-07-11 22:45:22 +04:00
/* add fully qualified spn */
if ( ( psp2 = talloc_asprintf ( ctx , " %s/%s " , spn , my_fqdn ) ) = = NULL ) {
ret = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
2004-06-22 04:48:59 +04:00
strupper_m ( psp2 ) ;
strlower_m ( & psp2 [ strlen ( spn ) ] ) ;
servicePrincipalName [ 1 ] = psp2 ;
2006-07-11 22:45:22 +04:00
DEBUG ( 5 , ( " ads_add_service_principal_name: INFO: Adding %s to host %s \n " ,
psp2 , machine_name ) ) ;
2006-06-17 03:21:36 +04:00
2006-07-11 22:45:22 +04:00
if ( ( mods = ads_init_mods ( ctx ) ) = = NULL ) {
ret = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
2004-06-22 04:48:59 +04:00
}
2006-07-11 22:45:22 +04:00
2004-06-22 04:48:59 +04:00
ret = ads_add_strlist ( ctx , & mods , " servicePrincipalName " , servicePrincipalName ) ;
if ( ! ADS_ERR_OK ( ret ) ) {
DEBUG ( 1 , ( " ads_add_service_principal_name: Error: Updating Service Principals in LDAP \n " ) ) ;
2006-07-11 22:45:22 +04:00
goto out ;
2004-06-22 04:48:59 +04:00
}
2006-07-11 22:45:22 +04:00
if ( ( dn_string = ads_get_dn ( ads , res ) ) = = NULL ) {
ret = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
2004-06-22 04:48:59 +04:00
}
2006-07-11 22:45:22 +04:00
2004-06-23 04:20:31 +04:00
ret = ads_gen_mod ( ads , dn_string , mods ) ;
2004-06-22 04:48:59 +04:00
ads_memfree ( ads , dn_string ) ;
if ( ! ADS_ERR_OK ( ret ) ) {
DEBUG ( 1 , ( " ads_add_service_principal_name: Error: Updating Service Principals in LDAP \n " ) ) ;
2006-07-11 22:45:22 +04:00
goto out ;
2004-06-22 04:48:59 +04:00
}
2006-07-11 22:45:22 +04:00
out :
TALLOC_FREE ( ctx ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2004-06-22 04:48:59 +04:00
return ret ;
}
/**
* adds a machine account to the ADS server
* @ param ads An intialized ADS_STRUCT
* @ param machine_name - the NetBIOS machine name of this account .
* @ param account_type A number indicating the type of account to create
* @ param org_unit The LDAP path in which to place this account
* @ return 0 upon success , or non - zero otherwise
* */
2006-05-13 08:39:19 +04:00
ADS_STATUS ads_create_machine_acct ( ADS_STRUCT * ads , const char * machine_name ,
const char * org_unit )
2001-11-20 11:54:15 +03:00
{
2006-05-13 08:39:19 +04:00
ADS_STATUS ret ;
char * samAccountName , * controlstr ;
2002-02-12 21:22:33 +03:00
TALLOC_CTX * ctx ;
ADS_MODLIST mods ;
2007-03-01 04:17:36 +03:00
char * machine_escaped = NULL ;
2006-05-13 08:39:19 +04:00
char * new_dn ;
2002-07-15 14:35:28 +04:00
const char * objectClass [ ] = { " top " , " person " , " organizationalPerson " ,
" user " , " computer " , NULL } ;
2004-06-23 04:20:31 +04:00
LDAPMessage * res = NULL ;
2006-05-13 08:39:19 +04:00
uint32 acct_control = ( UF_WORKSTATION_TRUST_ACCOUNT | \
UF_DONT_EXPIRE_PASSWD | \
UF_ACCOUNTDISABLE ) ;
2004-06-22 04:48:59 +04:00
if ( ! ( ctx = talloc_init ( " ads_add_machine_acct " ) ) )
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
ret = ADS_ERROR ( LDAP_NO_MEMORY ) ;
2007-03-01 03:49:28 +03:00
machine_escaped = escape_rdn_val_string_alloc ( machine_name ) ;
if ( ! machine_escaped ) {
goto done ;
}
new_dn = talloc_asprintf ( ctx , " cn=%s,%s " , machine_escaped , org_unit ) ;
2006-05-13 08:39:19 +04:00
samAccountName = talloc_asprintf ( ctx , " %s$ " , machine_name ) ;
2004-06-22 04:48:59 +04:00
2006-05-13 08:39:19 +04:00
if ( ! new_dn | | ! samAccountName ) {
2002-02-12 21:22:33 +03:00
goto done ;
2004-06-22 04:48:59 +04:00
}
2006-05-13 08:39:19 +04:00
2002-10-29 17:47:11 +03:00
# ifndef ENCTYPE_ARCFOUR_HMAC
acct_control | = UF_USE_DES_KEY_ONLY ;
# endif
2003-06-16 06:42:00 +04:00
2004-06-22 04:48:59 +04:00
if ( ! ( controlstr = talloc_asprintf ( ctx , " %u " , acct_control ) ) ) {
2002-02-12 21:22:33 +03:00
goto done ;
2004-06-22 04:48:59 +04:00
}
2002-02-12 21:22:33 +03:00
2004-06-22 04:48:59 +04:00
if ( ! ( mods = ads_init_mods ( ctx ) ) ) {
2002-02-12 21:22:33 +03:00
goto done ;
2004-06-22 04:48:59 +04:00
}
2006-05-13 08:39:19 +04:00
ads_mod_str ( ctx , & mods , " cn " , machine_name ) ;
ads_mod_str ( ctx , & mods , " sAMAccountName " , samAccountName ) ;
ads_mod_strlist ( ctx , & mods , " objectClass " , objectClass ) ;
2006-03-07 19:56:31 +03:00
ads_mod_str ( ctx , & mods , " userAccountControl " , controlstr ) ;
2003-02-19 15:31:16 +03:00
2006-05-13 08:39:19 +04:00
ret = ads_gen_add ( ads , new_dn , mods ) ;
2003-02-19 15:31:16 +03:00
2002-02-12 21:22:33 +03:00
done :
2007-03-01 04:17:36 +03:00
SAFE_FREE ( machine_escaped ) ;
2004-06-23 04:20:31 +04:00
ads_msgfree ( ads , res ) ;
2002-02-12 21:22:33 +03:00
talloc_destroy ( ctx ) ;
2006-05-13 08:39:19 +04:00
2001-11-20 11:54:15 +03:00
return ret ;
}
2007-05-07 01:45:53 +04:00
/**
* move a machine account to another OU on the ADS server
* @ param ads - An intialized ADS_STRUCT
* @ param machine_name - the NetBIOS machine name of this account .
* @ param org_unit - The LDAP path in which to place this account
* @ param moved - whether we moved the machine account ( optional )
* @ return 0 upon success , or non - zero otherwise
* */
ADS_STATUS ads_move_machine_acct ( ADS_STRUCT * ads , const char * machine_name ,
2007-10-19 04:40:25 +04:00
const char * org_unit , bool * moved )
2007-05-07 01:45:53 +04:00
{
ADS_STATUS rc ;
int ldap_status ;
LDAPMessage * res = NULL ;
char * filter = NULL ;
char * computer_dn = NULL ;
char * parent_dn ;
char * computer_rdn = NULL ;
2007-10-19 04:40:25 +04:00
bool need_move = False ;
2007-05-07 01:45:53 +04:00
if ( asprintf ( & filter , " (samAccountName=%s$) " , machine_name ) = = - 1 ) {
rc = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto done ;
}
/* Find pre-existing machine */
rc = ads_search ( ads , & res , filter , NULL ) ;
if ( ! ADS_ERR_OK ( rc ) ) {
goto done ;
}
computer_dn = ads_get_dn ( ads , res ) ;
if ( ! computer_dn ) {
rc = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto done ;
}
parent_dn = ads_parent_dn ( computer_dn ) ;
if ( strequal ( parent_dn , org_unit ) ) {
goto done ;
}
need_move = True ;
if ( asprintf ( & computer_rdn , " CN=%s " , machine_name ) = = - 1 ) {
rc = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto done ;
}
2007-07-16 15:08:00 +04:00
ldap_status = ldap_rename_s ( ads - > ldap . ld , computer_dn , computer_rdn ,
2007-05-15 14:47:40 +04:00
org_unit , 1 , NULL , NULL ) ;
2007-05-07 01:45:53 +04:00
rc = ADS_ERROR ( ldap_status ) ;
done :
ads_msgfree ( ads , res ) ;
SAFE_FREE ( filter ) ;
SAFE_FREE ( computer_dn ) ;
SAFE_FREE ( computer_rdn ) ;
if ( ! ADS_ERR_OK ( rc ) ) {
need_move = False ;
}
if ( moved ) {
* moved = need_move ;
}
return rc ;
}
2001-11-25 04:06:56 +03:00
/*
dump a binary result from ldap
*/
2007-07-11 17:21:32 +04:00
static void dump_binary ( ADS_STRUCT * ads , const char * field , struct berval * * values )
2001-11-25 04:06:56 +03:00
{
int i , j ;
for ( i = 0 ; values [ i ] ; i + + ) {
printf ( " %s: " , field ) ;
for ( j = 0 ; j < values [ i ] - > bv_len ; j + + ) {
printf ( " %02X " , ( unsigned char ) values [ i ] - > bv_val [ j ] ) ;
}
printf ( " \n " ) ;
}
}
2007-07-11 17:21:32 +04:00
static void dump_guid ( ADS_STRUCT * ads , const char * field , struct berval * * values )
2002-10-29 17:47:11 +03:00
{
int i ;
for ( i = 0 ; values [ i ] ; i + + ) {
2007-11-25 12:10:52 +03:00
UUID_FLAT guid ;
struct GUID tmp ;
2002-10-29 17:47:11 +03:00
memcpy ( guid . info , values [ i ] - > bv_val , sizeof ( guid . info ) ) ;
2007-11-25 12:10:52 +03:00
smb_uuid_unpack ( guid , & tmp ) ;
2008-10-14 04:26:18 +04:00
printf ( " %s: %s \n " , field , GUID_string ( talloc_tos ( ) , & tmp ) ) ;
2002-10-29 17:47:11 +03:00
}
}
2001-12-19 11:44:23 +03:00
/*
dump a sid result from ldap
*/
2007-07-11 17:21:32 +04:00
static void dump_sid ( ADS_STRUCT * ads , const char * field , struct berval * * values )
2001-12-19 11:44:23 +03:00
{
int i ;
for ( i = 0 ; values [ i ] ; i + + ) {
DOM_SID sid ;
2007-12-16 00:00:39 +03:00
fstring tmp ;
2001-12-19 11:44:23 +03:00
sid_parse ( values [ i ] - > bv_val , values [ i ] - > bv_len , & sid ) ;
2007-12-16 00:47:30 +03:00
printf ( " %s: %s \n " , field , sid_to_fstring ( tmp , & sid ) ) ;
2001-12-19 11:44:23 +03:00
}
}
2002-03-10 04:54:44 +03:00
/*
dump ntSecurityDescriptor
*/
2007-07-11 17:21:32 +04:00
static void dump_sd ( ADS_STRUCT * ads , const char * filed , struct berval * * values )
2002-03-10 04:54:44 +03:00
{
2007-12-16 16:15:16 +03:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
struct security_descriptor * psd ;
NTSTATUS status ;
2002-03-10 04:54:44 +03:00
2007-12-16 16:15:16 +03:00
status = unmarshall_sec_desc ( talloc_tos ( ) , ( uint8 * ) values [ 0 ] - > bv_val ,
values [ 0 ] - > bv_len , & psd ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " unmarshall_sec_desc failed: %s \n " ,
nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
2002-03-10 04:54:44 +03:00
return ;
}
2007-12-16 16:15:16 +03:00
2007-07-11 17:30:38 +04:00
if ( psd ) {
2007-12-16 16:15:16 +03:00
ads_disp_sd ( ads , talloc_tos ( ) , psd ) ;
2007-07-11 17:30:38 +04:00
}
2002-03-10 04:54:44 +03:00
2007-12-16 16:15:16 +03:00
TALLOC_FREE ( frame ) ;
2002-03-10 04:54:44 +03:00
}
2001-11-25 04:06:56 +03:00
/*
dump a string result from ldap
*/
2002-07-15 14:35:28 +04:00
static void dump_string ( const char * field , char * * values )
2001-11-25 04:06:56 +03:00
{
int i ;
for ( i = 0 ; values [ i ] ; i + + ) {
2002-07-15 14:35:28 +04:00
printf ( " %s: %s \n " , field , values [ i ] ) ;
2001-11-25 04:06:56 +03:00
}
}
2001-11-20 11:54:15 +03:00
/*
2002-03-30 00:06:33 +03:00
dump a field from LDAP on stdout
2001-11-20 11:54:15 +03:00
used for debugging
*/
2002-03-30 00:06:33 +03:00
2007-10-19 04:40:25 +04:00
static bool ads_dump_field ( ADS_STRUCT * ads , char * field , void * * values , void * data_area )
2001-11-20 11:54:15 +03:00
{
2003-01-03 11:28:12 +03:00
const struct {
const char * name ;
2007-10-19 04:40:25 +04:00
bool string ;
2007-07-11 17:21:32 +04:00
void ( * handler ) ( ADS_STRUCT * , const char * , struct berval * * ) ;
2001-11-25 04:06:56 +03:00
} handlers [ ] = {
2002-10-29 17:47:11 +03:00
{ " objectGUID " , False , dump_guid } ,
2006-02-09 13:24:27 +03:00
{ " netbootGUID " , False , dump_guid } ,
2002-07-15 14:35:28 +04:00
{ " nTSecurityDescriptor " , False , dump_sd } ,
2002-08-17 21:00:51 +04:00
{ " dnsRecord " , False , dump_binary } ,
2002-07-15 14:35:28 +04:00
{ " objectSid " , False , dump_sid } ,
2003-03-18 01:41:14 +03:00
{ " tokenGroups " , False , dump_sid } ,
2006-04-26 00:13:05 +04:00
{ " tokenGroupsNoGCAcceptable " , False , dump_sid } ,
{ " tokengroupsGlobalandUniversal " , False , dump_sid } ,
2006-09-25 20:55:19 +04:00
{ " mS-DS-CreatorSID " , False , dump_sid } ,
2007-08-06 18:03:11 +04:00
{ " msExchMailboxGuid " , False , dump_guid } ,
2002-07-15 14:35:28 +04:00
{ NULL , True , NULL }
2001-11-25 04:06:56 +03:00
} ;
2002-03-30 00:06:33 +03:00
int i ;
if ( ! field ) { /* must be end of an entry */
printf ( " \n " ) ;
2002-07-15 14:35:28 +04:00
return False ;
2002-03-30 00:06:33 +03:00
}
for ( i = 0 ; handlers [ i ] . name ; i + + ) {
if ( StrCaseCmp ( handlers [ i ] . name , field ) = = 0 ) {
2002-07-15 14:35:28 +04:00
if ( ! values ) /* first time, indicate string or not */
return handlers [ i ] . string ;
2007-07-11 17:21:32 +04:00
handlers [ i ] . handler ( ads , field , ( struct berval * * ) values ) ;
2002-03-30 00:06:33 +03:00
break ;
}
}
if ( ! handlers [ i ] . name ) {
2002-07-15 14:35:28 +04:00
if ( ! values ) /* first time, indicate string conversion */
return True ;
dump_string ( field , ( char * * ) values ) ;
2002-03-30 00:06:33 +03:00
}
2002-07-15 14:35:28 +04:00
return False ;
2002-03-30 00:06:33 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* Dump a result from LDAP on stdout
* used for debugging
* @ param ads connection to ads server
* @ param res Results to dump
* */
2002-03-30 00:06:33 +03:00
2006-09-04 01:07:16 +04:00
void ads_dump ( ADS_STRUCT * ads , LDAPMessage * res )
2002-03-30 00:06:33 +03:00
{
ads_process_results ( ads , res , ads_dump_field , NULL ) ;
}
2002-04-10 17:28:03 +04:00
/**
* Walk through results , calling a function for each entry found .
* The function receives a field name , a berval * array of values ,
* and a data area passed through from the start . The function is
* called once with null for field and values at the end of each
* entry .
* @ param ads connection to ads server
* @ param res Results to process
* @ param fn Function for processing each result
* @ param data_area user - defined area to pass to function
* */
2006-09-04 01:07:16 +04:00
void ads_process_results ( ADS_STRUCT * ads , LDAPMessage * res ,
2007-10-19 04:40:25 +04:00
bool ( * fn ) ( ADS_STRUCT * , char * , void * * , void * ) ,
2006-09-04 01:07:16 +04:00
void * data_area )
2002-03-30 00:06:33 +03:00
{
2006-09-04 01:07:16 +04:00
LDAPMessage * msg ;
2002-07-15 14:35:28 +04:00
TALLOC_CTX * ctx ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-07-15 14:35:28 +04:00
2002-12-20 23:21:31 +03:00
if ( ! ( ctx = talloc_init ( " ads_process_results " ) ) )
2002-07-15 14:35:28 +04:00
return ;
2002-03-30 00:06:33 +03:00
for ( msg = ads_first_entry ( ads , res ) ; msg ;
msg = ads_next_entry ( ads , msg ) ) {
2002-07-15 14:35:28 +04:00
char * utf8_field ;
2002-03-30 00:06:33 +03:00
BerElement * b ;
2007-07-16 15:08:00 +04:00
for ( utf8_field = ldap_first_attribute ( ads - > ldap . ld ,
2002-07-15 14:35:28 +04:00
( LDAPMessage * ) msg , & b ) ;
utf8_field ;
2007-07-16 15:08:00 +04:00
utf8_field = ldap_next_attribute ( ads - > ldap . ld ,
2002-07-15 14:35:28 +04:00
( LDAPMessage * ) msg , b ) ) {
struct berval * * ber_vals ;
char * * str_vals , * * utf8_vals ;
char * field ;
2007-10-19 04:40:25 +04:00
bool string ;
2002-07-15 14:35:28 +04:00
2008-04-30 01:36:24 +04:00
if ( ! pull_utf8_talloc ( ctx , & field , utf8_field ,
& converted_size ) )
{
DEBUG ( 0 , ( " ads_process_results: "
" pull_utf8_talloc failed: %s " ,
strerror ( errno ) ) ) ;
}
2007-07-11 17:21:32 +04:00
string = fn ( ads , field , NULL , data_area ) ;
2002-07-15 14:35:28 +04:00
if ( string ) {
2007-07-16 15:08:00 +04:00
utf8_vals = ldap_get_values ( ads - > ldap . ld ,
2002-07-15 14:35:28 +04:00
( LDAPMessage * ) msg , field ) ;
str_vals = ads_pull_strvals ( ctx ,
( const char * * ) utf8_vals ) ;
2007-07-11 17:21:32 +04:00
fn ( ads , field , ( void * * ) str_vals , data_area ) ;
2002-07-15 14:35:28 +04:00
ldap_value_free ( utf8_vals ) ;
} else {
2007-07-16 15:08:00 +04:00
ber_vals = ldap_get_values_len ( ads - > ldap . ld ,
2002-07-15 14:35:28 +04:00
( LDAPMessage * ) msg , field ) ;
2007-07-11 17:21:32 +04:00
fn ( ads , field , ( void * * ) ber_vals , data_area ) ;
2002-07-15 14:35:28 +04:00
ldap_value_free_len ( ber_vals ) ;
}
ldap_memfree ( utf8_field ) ;
2001-11-20 11:54:15 +03:00
}
2002-03-30 00:06:33 +03:00
ber_free ( b , 0 ) ;
2005-05-03 11:33:49 +04:00
talloc_free_children ( ctx ) ;
2007-07-11 17:21:32 +04:00
fn ( ads , NULL , NULL , data_area ) ; /* completed an entry */
2001-11-20 11:54:15 +03:00
}
2002-07-15 14:35:28 +04:00
talloc_destroy ( ctx ) ;
2001-11-20 11:54:15 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* count how many replies are in a LDAPMessage
* @ param ads connection to ads server
* @ param res Results to count
* @ return number of replies
* */
2001-11-20 11:54:15 +03:00
int ads_count_replies ( ADS_STRUCT * ads , void * res )
{
2007-07-16 15:08:00 +04:00
return ldap_count_entries ( ads - > ldap . ld , ( LDAPMessage * ) res ) ;
2001-11-20 11:54:15 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* pull the first entry from a ADS result
* @ param ads connection to ads server
* @ param res Results of search
* @ return first entry from result
* */
2006-09-04 01:07:16 +04:00
LDAPMessage * ads_first_entry ( ADS_STRUCT * ads , LDAPMessage * res )
2001-12-03 09:04:18 +03:00
{
2007-07-16 15:08:00 +04:00
return ldap_first_entry ( ads - > ldap . ld , res ) ;
2001-12-03 09:04:18 +03:00
}
2002-04-10 17:28:03 +04:00
/**
* pull the next entry from a ADS result
* @ param ads connection to ads server
* @ param res Results of search
* @ return next entry from result
* */
2006-09-04 01:07:16 +04:00
LDAPMessage * ads_next_entry ( ADS_STRUCT * ads , LDAPMessage * res )
2001-12-03 09:04:18 +03:00
{
2007-07-16 15:08:00 +04:00
return ldap_next_entry ( ads - > ldap . ld , res ) ;
2001-12-03 09:04:18 +03:00
}
2008-04-26 05:34:46 +04:00
/**
* pull the first message from a ADS result
* @ param ads connection to ads server
* @ param res Results of search
* @ return first message from result
* */
LDAPMessage * ads_first_message ( ADS_STRUCT * ads , LDAPMessage * res )
{
return ldap_first_message ( ads - > ldap . ld , res ) ;
}
/**
* pull the next message from a ADS result
* @ param ads connection to ads server
* @ param res Results of search
* @ return next message from result
* */
LDAPMessage * ads_next_message ( ADS_STRUCT * ads , LDAPMessage * res )
{
return ldap_next_message ( ads - > ldap . ld , res ) ;
}
2002-04-10 17:28:03 +04:00
/**
* pull a single string from a ADS result
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX to use for allocating result string
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ return Result string in talloc context
* */
2006-09-04 01:07:16 +04:00
char * ads_pull_string ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , LDAPMessage * msg ,
const char * field )
2001-12-03 09:04:18 +03:00
{
char * * values ;
2001-12-05 10:35:57 +03:00
char * ret = NULL ;
2002-07-15 14:35:28 +04:00
char * ux_string ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2001-12-03 09:04:18 +03:00
2007-07-16 15:08:00 +04:00
values = ldap_get_values ( ads - > ldap . ld , msg , field ) ;
2003-02-05 02:44:28 +03:00
if ( ! values )
return NULL ;
2001-12-05 10:35:57 +03:00
2008-04-30 01:36:24 +04:00
if ( values [ 0 ] & & pull_utf8_talloc ( mem_ctx , & ux_string , values [ 0 ] ,
& converted_size ) )
{
ret = ux_string ;
2001-12-05 10:35:57 +03:00
}
2001-12-03 09:04:18 +03:00
ldap_value_free ( values ) ;
return ret ;
}
2002-07-15 14:35:28 +04:00
/**
* pull an array of strings from a ADS result
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX to use for allocating result string
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ return Result strings in talloc context
* */
2006-09-04 01:07:16 +04:00
char * * ads_pull_strings ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx ,
LDAPMessage * msg , const char * field ,
size_t * num_values )
2002-07-15 14:35:28 +04:00
{
char * * values ;
char * * ret = NULL ;
2004-01-05 04:48:21 +03:00
int i ;
2008-04-30 01:36:24 +04:00
size_t converted_size ;
2002-07-15 14:35:28 +04:00
2007-07-16 15:08:00 +04:00
values = ldap_get_values ( ads - > ldap . ld , msg , field ) ;
2003-02-05 02:44:28 +03:00
if ( ! values )
return NULL ;
2002-07-15 14:35:28 +04:00
2004-01-05 04:48:21 +03:00
* num_values = ldap_count_values ( values ) ;
2002-07-15 14:35:28 +04:00
2004-12-07 21:25:53 +03:00
ret = TALLOC_ARRAY ( mem_ctx , char * , * num_values + 1 ) ;
2003-02-05 02:44:28 +03:00
if ( ! ret ) {
ldap_value_free ( values ) ;
return NULL ;
}
2002-07-15 14:35:28 +04:00
2004-01-05 04:48:21 +03:00
for ( i = 0 ; i < * num_values ; i + + ) {
2008-04-30 01:36:24 +04:00
if ( ! pull_utf8_talloc ( mem_ctx , & ret [ i ] , values [ i ] ,
& converted_size ) )
{
2003-02-05 02:44:28 +03:00
ldap_value_free ( values ) ;
2002-07-15 14:35:28 +04:00
return NULL ;
}
}
ret [ i ] = NULL ;
ldap_value_free ( values ) ;
return ret ;
}
2004-01-05 04:48:21 +03:00
/**
* pull an array of strings from a ADS result
* ( handle large multivalue attributes with range retrieval )
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX to use for allocating result string
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param current_strings strings returned by a previous call to this function
* @ param next_attribute The next query should ask for this attribute
* @ param num_values How many values did we get this time ?
* @ param more_values Are there more values to get ?
* @ return Result strings in talloc context
* */
2006-09-04 01:07:16 +04:00
char * * ads_pull_strings_range ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
LDAPMessage * msg , const char * field ,
char * * current_strings ,
const char * * next_attribute ,
size_t * num_strings ,
2007-10-19 04:40:25 +04:00
bool * more_strings )
2004-01-05 04:48:21 +03:00
{
char * attr ;
char * expected_range_attrib , * range_attr ;
BerElement * ptr = NULL ;
char * * strings ;
char * * new_strings ;
size_t num_new_strings ;
unsigned long int range_start ;
unsigned long int range_end ;
/* we might have been given the whole lot anyway */
if ( ( strings = ads_pull_strings ( ads , mem_ctx , msg , field , num_strings ) ) ) {
* more_strings = False ;
return strings ;
}
expected_range_attrib = talloc_asprintf ( mem_ctx , " %s;Range= " , field ) ;
/* look for Range result */
2007-07-16 15:08:00 +04:00
for ( attr = ldap_first_attribute ( ads - > ldap . ld , ( LDAPMessage * ) msg , & ptr ) ;
2004-01-05 04:48:21 +03:00
attr ;
2007-07-16 15:08:00 +04:00
attr = ldap_next_attribute ( ads - > ldap . ld , ( LDAPMessage * ) msg , ptr ) ) {
2004-01-05 04:48:21 +03:00
/* we ignore the fact that this is utf8, as all attributes are ascii... */
if ( strnequal ( attr , expected_range_attrib , strlen ( expected_range_attrib ) ) ) {
range_attr = attr ;
break ;
}
ldap_memfree ( attr ) ;
}
if ( ! attr ) {
ber_free ( ptr , 0 ) ;
2004-02-08 03:31:36 +03:00
/* nothing here - this field is just empty */
2004-01-05 04:48:21 +03:00
* more_strings = False ;
return NULL ;
}
if ( sscanf ( & range_attr [ strlen ( expected_range_attrib ) ] , " %lu-%lu " ,
& range_start , & range_end ) = = 2 ) {
* more_strings = True ;
} else {
if ( sscanf ( & range_attr [ strlen ( expected_range_attrib ) ] , " %lu-* " ,
& range_start ) = = 1 ) {
* more_strings = False ;
} else {
2004-01-05 15:20:15 +03:00
DEBUG ( 1 , ( " ads_pull_strings_range: Cannot parse Range attriubte (%s) \n " ,
range_attr ) ) ;
2004-01-05 04:48:21 +03:00
ldap_memfree ( range_attr ) ;
* more_strings = False ;
return NULL ;
}
}
if ( ( * num_strings ) ! = range_start ) {
2004-01-05 15:20:15 +03:00
DEBUG ( 1 , ( " ads_pull_strings_range: Range attribute (%s) doesn't start at %u, but at %lu "
" - aborting range retreival \n " ,
2005-09-30 21:13:37 +04:00
range_attr , ( unsigned int ) ( * num_strings ) + 1 , range_start ) ) ;
2004-01-05 04:48:21 +03:00
ldap_memfree ( range_attr ) ;
* more_strings = False ;
return NULL ;
}
new_strings = ads_pull_strings ( ads , mem_ctx , msg , range_attr , & num_new_strings ) ;
if ( * more_strings & & ( ( * num_strings + num_new_strings ) ! = ( range_end + 1 ) ) ) {
2004-01-05 15:20:15 +03:00
DEBUG ( 1 , ( " ads_pull_strings_range: Range attribute (%s) tells us we have %lu "
" strings in this bunch, but we only got %lu - aborting range retreival \n " ,
range_attr , ( unsigned long int ) range_end - range_start + 1 ,
( unsigned long int ) num_new_strings ) ) ;
2004-01-05 04:48:21 +03:00
ldap_memfree ( range_attr ) ;
* more_strings = False ;
return NULL ;
}
2004-12-07 21:25:53 +03:00
strings = TALLOC_REALLOC_ARRAY ( mem_ctx , current_strings , char * ,
* num_strings + num_new_strings ) ;
2004-01-05 04:48:21 +03:00
if ( strings = = NULL ) {
ldap_memfree ( range_attr ) ;
* more_strings = False ;
return NULL ;
}
2006-06-17 03:14:12 +04:00
if ( new_strings & & num_new_strings ) {
memcpy ( & strings [ * num_strings ] , new_strings ,
sizeof ( * new_strings ) * num_new_strings ) ;
}
2004-01-05 04:48:21 +03:00
( * num_strings ) + = num_new_strings ;
if ( * more_strings ) {
* next_attribute = talloc_asprintf ( mem_ctx ,
2004-02-08 03:31:36 +03:00
" %s;range=%d-* " ,
field ,
2005-09-30 21:13:37 +04:00
( int ) * num_strings ) ;
2004-01-05 04:48:21 +03:00
if ( ! * next_attribute ) {
DEBUG ( 1 , ( " talloc_asprintf for next attribute failed! \n " ) ) ;
ldap_memfree ( range_attr ) ;
* more_strings = False ;
return NULL ;
}
}
ldap_memfree ( range_attr ) ;
return strings ;
}
2002-07-15 14:35:28 +04:00
2002-04-10 17:28:03 +04:00
/**
* pull a single uint32 from a ADS result
* @ param ads connection to ads server
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param v Pointer to int to store result
* @ return boolean inidicating success
2001-12-03 09:04:18 +03:00
*/
2007-10-19 04:40:25 +04:00
bool ads_pull_uint32 ( ADS_STRUCT * ads , LDAPMessage * msg , const char * field ,
2006-09-04 01:07:16 +04:00
uint32 * v )
2001-12-03 09:04:18 +03:00
{
char * * values ;
2007-07-16 15:08:00 +04:00
values = ldap_get_values ( ads - > ldap . ld , msg , field ) ;
2003-02-05 02:44:28 +03:00
if ( ! values )
return False ;
2001-12-05 10:35:57 +03:00
if ( ! values [ 0 ] ) {
ldap_value_free ( values ) ;
return False ;
}
2001-12-03 09:04:18 +03:00
* v = atoi ( values [ 0 ] ) ;
ldap_value_free ( values ) ;
return True ;
}
2002-12-13 22:01:27 +03:00
/**
* pull a single objectGUID from an ADS result
* @ param ads connection to ADS server
* @ param msg results of search
* @ param guid 37 - byte area to receive text guid
* @ return boolean indicating success
* */
2007-10-19 04:40:25 +04:00
bool ads_pull_guid ( ADS_STRUCT * ads , LDAPMessage * msg , struct GUID * guid )
2002-12-13 22:01:27 +03:00
{
char * * values ;
2004-04-13 18:39:48 +04:00
UUID_FLAT flat_guid ;
2002-12-13 22:01:27 +03:00
2007-07-16 15:08:00 +04:00
values = ldap_get_values ( ads - > ldap . ld , msg , " objectGUID " ) ;
2003-02-05 02:44:28 +03:00
if ( ! values )
return False ;
2002-12-13 22:01:27 +03:00
if ( values [ 0 ] ) {
2004-04-13 18:39:48 +04:00
memcpy ( & flat_guid . info , values [ 0 ] , sizeof ( UUID_FLAT ) ) ;
smb_uuid_unpack ( flat_guid , guid ) ;
2002-12-13 22:01:27 +03:00
ldap_value_free ( values ) ;
return True ;
}
ldap_value_free ( values ) ;
return False ;
}
2002-04-10 17:28:03 +04:00
/**
* pull a single DOM_SID from a ADS result
* @ param ads connection to ads server
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param sid Pointer to sid to store result
* @ return boolean inidicating success
2001-12-03 09:04:18 +03:00
*/
2007-10-19 04:40:25 +04:00
bool ads_pull_sid ( ADS_STRUCT * ads , LDAPMessage * msg , const char * field ,
2006-09-04 01:07:16 +04:00
DOM_SID * sid )
2001-12-03 09:04:18 +03:00
{
struct berval * * values ;
2007-10-19 04:40:25 +04:00
bool ret = False ;
2001-12-03 09:04:18 +03:00
2007-07-16 15:08:00 +04:00
values = ldap_get_values_len ( ads - > ldap . ld , msg , field ) ;
2001-12-03 09:04:18 +03:00
2003-02-05 02:44:28 +03:00
if ( ! values )
return False ;
2001-12-03 09:04:18 +03:00
2003-02-05 02:44:28 +03:00
if ( values [ 0 ] )
2001-12-05 10:35:57 +03:00
ret = sid_parse ( values [ 0 ] - > bv_val , values [ 0 ] - > bv_len , sid ) ;
2001-12-03 09:04:18 +03:00
ldap_value_free_len ( values ) ;
return ret ;
}
2002-04-10 17:28:03 +04:00
/**
* pull an array of DOM_SIDs from a ADS result
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param sids pointer to sid array to allocate
* @ return the count of SIDs pulled
* */
2006-09-04 01:07:16 +04:00
int ads_pull_sids ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx ,
LDAPMessage * msg , const char * field , DOM_SID * * sids )
2001-12-04 15:08:16 +03:00
{
struct berval * * values ;
2007-10-19 04:40:25 +04:00
bool ret ;
2001-12-04 15:08:16 +03:00
int count , i ;
2007-07-16 15:08:00 +04:00
values = ldap_get_values_len ( ads - > ldap . ld , msg , field ) ;
2001-12-04 15:08:16 +03:00
2003-02-05 02:44:28 +03:00
if ( ! values )
return 0 ;
2001-12-04 15:08:16 +03:00
2003-02-05 02:44:28 +03:00
for ( i = 0 ; values [ i ] ; i + + )
/* nop */ ;
2001-12-04 15:08:16 +03:00
2007-04-30 06:39:34 +04:00
if ( i ) {
( * sids ) = TALLOC_ARRAY ( mem_ctx , DOM_SID , i ) ;
if ( ! ( * sids ) ) {
ldap_value_free_len ( values ) ;
return 0 ;
}
} else {
( * sids ) = NULL ;
2003-02-05 02:44:28 +03:00
}
2001-12-04 15:08:16 +03:00
count = 0 ;
for ( i = 0 ; values [ i ] ; i + + ) {
ret = sid_parse ( values [ i ] - > bv_val , values [ i ] - > bv_len , & ( * sids ) [ count ] ) ;
2003-02-24 05:55:00 +03:00
if ( ret ) {
2007-12-15 23:11:36 +03:00
DEBUG ( 10 , ( " pulling SID: %s \n " ,
sid_string_dbg ( & ( * sids ) [ count ] ) ) ) ;
2003-02-05 02:44:28 +03:00
count + + ;
2003-02-24 05:55:00 +03:00
}
2001-12-04 15:08:16 +03:00
}
ldap_value_free_len ( values ) ;
return count ;
}
2002-10-01 22:26:00 +04:00
/**
* pull a SEC_DESC from a ADS result
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param sd Pointer to * SEC_DESC to store result ( talloc ( ) ed )
* @ return boolean inidicating success
*/
2007-10-19 04:40:25 +04:00
bool ads_pull_sd ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx ,
2006-09-04 01:07:16 +04:00
LDAPMessage * msg , const char * field , SEC_DESC * * sd )
2002-10-01 22:26:00 +04:00
{
struct berval * * values ;
2007-12-30 00:47:03 +03:00
bool ret = true ;
2002-10-01 22:26:00 +04:00
2007-07-16 15:08:00 +04:00
values = ldap_get_values_len ( ads - > ldap . ld , msg , field ) ;
2002-10-01 22:26:00 +04:00
2007-12-30 00:47:03 +03:00
if ( ! values ) return false ;
2002-10-01 22:26:00 +04:00
if ( values [ 0 ] ) {
2007-12-30 00:47:03 +03:00
NTSTATUS status ;
status = unmarshall_sec_desc ( mem_ctx ,
( uint8 * ) values [ 0 ] - > bv_val ,
values [ 0 ] - > bv_len , sd ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " unmarshall_sec_desc failed: %s \n " ,
nt_errstr ( status ) ) ) ;
ret = false ;
}
2002-10-01 22:26:00 +04:00
}
ldap_value_free_len ( values ) ;
return ret ;
}
/*
* in order to support usernames longer than 21 characters we need to
* use both the sAMAccountName and the userPrincipalName attributes
* It seems that not all users have the userPrincipalName attribute set
*
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param msg Results of search
* @ return the username
*/
2006-09-04 01:07:16 +04:00
char * ads_pull_username ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx ,
LDAPMessage * msg )
2002-10-01 22:26:00 +04:00
{
2004-08-27 20:15:23 +04:00
#if 0 /* JERRY */
2002-10-01 22:26:00 +04:00
char * ret , * p ;
2004-08-27 20:15:23 +04:00
/* lookup_name() only works on the sAMAccountName to
returning the username portion of userPrincipalName
breaks winbindd_getpwnam ( ) */
2002-10-01 22:26:00 +04:00
ret = ads_pull_string ( ads , mem_ctx , msg , " userPrincipalName " ) ;
2004-10-27 04:41:41 +04:00
if ( ret & & ( p = strchr_m ( ret , ' @ ' ) ) ) {
2002-10-01 22:26:00 +04:00
* p = 0 ;
return ret ;
}
2004-08-27 20:15:23 +04:00
# endif
2002-10-01 22:26:00 +04:00
return ads_pull_string ( ads , mem_ctx , msg , " sAMAccountName " ) ;
}
2001-12-03 09:04:18 +03:00
2002-04-10 17:28:03 +04:00
/**
* find the update serial number - this is the core of the ldap cache
* @ param ads connection to ads server
* @ param ads connection to ADS server
* @ param usn Pointer to retrieved update serial number
* @ return status of search
* */
2001-12-19 15:21:12 +03:00
ADS_STATUS ads_USN ( ADS_STRUCT * ads , uint32 * usn )
2001-11-28 06:56:30 +03:00
{
const char * attrs [ ] = { " highestCommittedUSN " , NULL } ;
2001-12-19 15:21:12 +03:00
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2001-11-28 06:56:30 +03:00
2003-09-06 22:02:19 +04:00
status = ads_do_search_retry ( ads , " " , LDAP_SCOPE_BASE , " (objectclass=*) " , attrs , & res ) ;
2003-10-04 01:43:09 +04:00
if ( ! ADS_ERR_OK ( status ) )
return status ;
2001-12-19 15:21:12 +03:00
if ( ads_count_replies ( ads , res ) ! = 1 ) {
2006-09-06 16:14:58 +04:00
ads_msgfree ( ads , res ) ;
2001-12-19 15:21:12 +03:00
return ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
}
2006-09-06 16:14:58 +04:00
if ( ! ads_pull_uint32 ( ads , res , " highestCommittedUSN " , usn ) ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_SUCH_ATTRIBUTE ) ;
}
2001-12-05 12:19:25 +03:00
ads_msgfree ( ads , res ) ;
2001-12-19 15:21:12 +03:00
return ADS_SUCCESS ;
2001-11-28 06:56:30 +03:00
}
2002-09-25 19:19:00 +04:00
/* parse a ADS timestring - typical string is
' 20020917091222.0 Z0 ' which means 09 : 12.22 17 th September
2002 , timezone 0 */
static time_t ads_parse_time ( const char * str )
{
struct tm tm ;
ZERO_STRUCT ( tm ) ;
if ( sscanf ( str , " %4d%2d%2d%2d%2d%2d " ,
& tm . tm_year , & tm . tm_mon , & tm . tm_mday ,
& tm . tm_hour , & tm . tm_min , & tm . tm_sec ) ! = 6 ) {
return 0 ;
}
tm . tm_year - = 1900 ;
tm . tm_mon - = 1 ;
return timegm ( & tm ) ;
}
2006-07-11 22:45:22 +04:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-05-12 19:17:35 +04:00
ADS_STATUS ads_current_time ( ADS_STRUCT * ads )
2001-12-08 14:18:56 +03:00
{
2006-05-12 19:17:35 +04:00
const char * attrs [ ] = { " currentTime " , NULL } ;
2001-12-19 15:21:12 +03:00
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2002-09-25 19:19:00 +04:00
char * timestr ;
TALLOC_CTX * ctx ;
2006-05-12 19:17:35 +04:00
ADS_STRUCT * ads_s = ads ;
2002-09-25 19:19:00 +04:00
2006-07-11 22:45:22 +04:00
if ( ! ( ctx = talloc_init ( " ads_current_time " ) ) ) {
2002-09-25 19:19:00 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2001-12-08 14:18:56 +03:00
2006-05-12 19:17:35 +04:00
/* establish a new ldap tcp session if necessary */
2001-12-08 14:18:56 +03:00
2007-07-16 15:08:00 +04:00
if ( ! ads - > ldap . ld ) {
2006-05-12 19:17:35 +04:00
if ( ( ads_s = ads_init ( ads - > server . realm , ads - > server . workgroup ,
ads - > server . ldap_server ) ) = = NULL )
{
goto done ;
}
ads_s - > auth . flags = ADS_AUTH_ANON_BIND ;
status = ads_connect ( ads_s ) ;
if ( ! ADS_ERR_OK ( status ) )
goto done ;
2002-09-25 19:19:00 +04:00
}
2006-05-12 19:17:35 +04:00
status = ads_do_search ( ads_s , " " , LDAP_SCOPE_BASE , " (objectclass=*) " , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
goto done ;
2002-09-25 19:19:00 +04:00
}
2006-05-12 19:17:35 +04:00
timestr = ads_pull_string ( ads_s , ctx , res , " currentTime " ) ;
if ( ! timestr ) {
2006-09-06 16:14:58 +04:00
ads_msgfree ( ads_s , res ) ;
2006-05-12 19:17:35 +04:00
status = ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
goto done ;
2005-06-29 18:03:53 +04:00
}
2006-05-12 19:17:35 +04:00
/* but save the time and offset in the original ADS_STRUCT */
ads - > config . current_time = ads_parse_time ( timestr ) ;
2001-12-08 14:18:56 +03:00
2006-05-12 19:17:35 +04:00
if ( ads - > config . current_time ! = 0 ) {
ads - > auth . time_offset = ads - > config . current_time - time ( NULL ) ;
DEBUG ( 4 , ( " time offset is %d seconds \n " , ads - > auth . time_offset ) ) ;
2001-12-08 14:18:56 +03:00
}
2006-05-18 19:08:09 +04:00
ads_msgfree ( ads , res ) ;
2006-05-12 19:17:35 +04:00
status = ADS_SUCCESS ;
2001-12-08 14:18:56 +03:00
2006-05-12 19:17:35 +04:00
done :
/* free any temporary ads connections */
if ( ads_s ! = ads ) {
ads_destroy ( & ads_s ) ;
2001-12-08 14:18:56 +03:00
}
2006-05-12 19:17:35 +04:00
talloc_destroy ( ctx ) ;
2001-12-08 14:18:56 +03:00
2006-05-12 19:17:35 +04:00
return status ;
}
2001-12-08 14:18:56 +03:00
2006-07-11 22:45:22 +04:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
ADS_STATUS ads_domain_func_level ( ADS_STRUCT * ads , uint32 * val )
{
const char * attrs [ ] = { " domainFunctionality " , NULL } ;
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2006-07-11 22:45:22 +04:00
ADS_STRUCT * ads_s = ads ;
* val = DS_DOMAIN_FUNCTION_2000 ;
/* establish a new ldap tcp session if necessary */
2007-07-16 15:08:00 +04:00
if ( ! ads - > ldap . ld ) {
2006-07-11 22:45:22 +04:00
if ( ( ads_s = ads_init ( ads - > server . realm , ads - > server . workgroup ,
ads - > server . ldap_server ) ) = = NULL )
{
2008-10-05 00:15:03 +04:00
status = ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
2006-07-11 22:45:22 +04:00
goto done ;
}
ads_s - > auth . flags = ADS_AUTH_ANON_BIND ;
status = ads_connect ( ads_s ) ;
if ( ! ADS_ERR_OK ( status ) )
goto done ;
}
/* If the attribute does not exist assume it is a Windows 2000
functional domain */
status = ads_do_search ( ads_s , " " , LDAP_SCOPE_BASE , " (objectclass=*) " , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
if ( status . err . rc = = LDAP_NO_SUCH_ATTRIBUTE ) {
status = ADS_SUCCESS ;
}
goto done ;
}
if ( ! ads_pull_uint32 ( ads_s , res , " domainFunctionality " , val ) ) {
DEBUG ( 5 , ( " ads_domain_func_level: Failed to pull the domainFunctionality attribute. \n " ) ) ;
}
DEBUG ( 3 , ( " ads_domain_func_level: %d \n " , * val ) ) ;
ads_msgfree ( ads , res ) ;
done :
/* free any temporary ads connections */
if ( ads_s ! = ads ) {
ads_destroy ( & ads_s ) ;
}
return status ;
}
2002-04-10 17:28:03 +04:00
/**
* find the domain sid for our domain
* @ param ads connection to ads server
* @ param sid Pointer to domain sid
* @ return status of search
* */
2001-12-21 02:35:14 +03:00
ADS_STATUS ads_domain_sid ( ADS_STRUCT * ads , DOM_SID * sid )
{
const char * attrs [ ] = { " objectSid " , NULL } ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2001-12-21 02:35:14 +03:00
ADS_STATUS rc ;
2003-09-06 22:02:19 +04:00
rc = ads_do_search_retry ( ads , ads - > config . bind_path , LDAP_SCOPE_BASE , " (objectclass=*) " ,
2001-12-21 02:35:14 +03:00
attrs , & res ) ;
if ( ! ADS_ERR_OK ( rc ) ) return rc ;
if ( ! ads_pull_sid ( ads , res , " objectSid " , sid ) ) {
2004-05-07 21:58:06 +04:00
ads_msgfree ( ads , res ) ;
2001-12-21 02:35:14 +03:00
return ADS_ERROR_SYSTEM ( ENOENT ) ;
}
ads_msgfree ( ads , res ) ;
return ADS_SUCCESS ;
}
2006-02-04 01:19:41 +03:00
/**
* find our site name
* @ param ads connection to ads server
* @ param mem_ctx Pointer to talloc context
* @ param site_name Pointer to the sitename
* @ return status of search
* */
ADS_STATUS ads_site_dn ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , const char * * site_name )
{
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2006-02-04 01:19:41 +03:00
const char * dn , * service_name ;
const char * attrs [ ] = { " dsServiceName " , NULL } ;
status = ads_do_search ( ads , " " , LDAP_SCOPE_BASE , " (objectclass=*) " , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
service_name = ads_pull_string ( ads , mem_ctx , res , " dsServiceName " ) ;
if ( service_name = = NULL ) {
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
return ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
}
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
/* go up three levels */
dn = ads_parent_dn ( ads_parent_dn ( ads_parent_dn ( service_name ) ) ) ;
if ( dn = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
* site_name = talloc_strdup ( mem_ctx , dn ) ;
if ( * site_name = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
return status ;
/*
dsServiceName : CN = NTDS Settings , CN = W2K3DC , CN = Servers , CN = Default - First - Site - Name , CN = Sites , CN = Configuration , DC = ber , DC = suse , DC = de
*/
}
/**
* find the site dn where a machine resides
* @ param ads connection to ads server
* @ param mem_ctx Pointer to talloc context
* @ param computer_name name of the machine
* @ param site_name Pointer to the sitename
* @ return status of search
* */
ADS_STATUS ads_site_dn_for_machine ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , const char * computer_name , const char * * site_dn )
{
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2007-07-18 00:28:31 +04:00
const char * parent , * filter ;
char * config_context = NULL ;
2006-02-04 01:19:41 +03:00
char * dn ;
/* shortcut a query */
if ( strequal ( computer_name , ads - > config . ldap_server_name ) ) {
return ads_site_dn ( ads , mem_ctx , site_dn ) ;
}
2007-07-18 00:28:31 +04:00
status = ads_config_path ( ads , mem_ctx , & config_context ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
filter = talloc_asprintf ( mem_ctx , " (cn=%s) " , computer_name ) ;
if ( filter = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2007-07-18 00:28:31 +04:00
status = ads_do_search ( ads , config_context , LDAP_SCOPE_SUBTREE ,
filter , NULL , & res ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
return ADS_ERROR ( LDAP_NO_SUCH_OBJECT ) ;
}
dn = ads_get_dn ( ads , res ) ;
if ( dn = = NULL ) {
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
/* go up three levels */
parent = ads_parent_dn ( ads_parent_dn ( ads_parent_dn ( dn ) ) ) ;
if ( parent = = NULL ) {
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
ads_memfree ( ads , dn ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
* site_dn = talloc_strdup ( mem_ctx , parent ) ;
if ( * site_dn = = NULL ) {
2006-09-26 20:27:18 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
ads_memfree ( ads , dn ) ;
2007-08-04 14:25:27 +04:00
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
2006-02-04 01:19:41 +03:00
}
ads_memfree ( ads , dn ) ;
ads_msgfree ( ads , res ) ;
return status ;
}
/**
* get the upn suffixes for a domain
* @ param ads connection to ads server
* @ param mem_ctx Pointer to talloc context
* @ param suffixes Pointer to an array of suffixes
2007-02-15 03:03:38 +03:00
* @ param num_suffixes Pointer to the number of suffixes
2006-02-04 01:19:41 +03:00
* @ return status of search
* */
2007-02-15 03:03:38 +03:00
ADS_STATUS ads_upn_suffixes ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , char * * * suffixes , size_t * num_suffixes )
2006-02-04 01:19:41 +03:00
{
ADS_STATUS status ;
2006-09-04 01:07:16 +04:00
LDAPMessage * res ;
2007-07-18 00:28:31 +04:00
const char * base ;
char * config_context = NULL ;
const char * attrs [ ] = { " uPNSuffixes " , NULL } ;
2006-02-04 01:19:41 +03:00
2007-07-18 00:28:31 +04:00
status = ads_config_path ( ads , mem_ctx , & config_context ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
base = talloc_asprintf ( mem_ctx , " cn=Partitions,%s " , config_context ) ;
if ( base = = NULL ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
2007-07-18 00:28:31 +04:00
status = ads_search_dn ( ads , & res , base , attrs ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
2007-07-18 00:28:31 +04:00
ads_msgfree ( ads , res ) ;
2006-02-04 01:19:41 +03:00
return ADS_ERROR ( LDAP_NO_SUCH_OBJECT ) ;
}
2007-02-15 03:03:38 +03:00
( * suffixes ) = ads_pull_strings ( ads , mem_ctx , res , " uPNSuffixes " , num_suffixes ) ;
if ( ( * suffixes ) = = NULL ) {
2006-02-04 01:19:41 +03:00
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
ads_msgfree ( ads , res ) ;
return status ;
}
2008-01-03 19:28:09 +03:00
/**
* get the joinable ous for a domain
* @ param ads connection to ads server
* @ param mem_ctx Pointer to talloc context
* @ param ous Pointer to an array of ous
* @ param num_ous Pointer to the number of ous
* @ return status of search
* */
ADS_STATUS ads_get_joinable_ous ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
char * * * ous ,
size_t * num_ous )
{
ADS_STATUS status ;
LDAPMessage * res = NULL ;
LDAPMessage * msg = NULL ;
const char * attrs [ ] = { " dn " , NULL } ;
int count = 0 ;
status = ads_search ( ads , & res ,
" (|(objectClass=domain)(objectclass=organizationalUnit)) " ,
attrs ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
count = ads_count_replies ( ads , res ) ;
if ( count < 1 ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
}
for ( msg = ads_first_entry ( ads , res ) ; msg ;
msg = ads_next_entry ( ads , msg ) ) {
char * dn = NULL ;
dn = ads_get_dn ( ads , msg ) ;
if ( ! dn ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
if ( ! add_string_to_array ( mem_ctx , dn ,
( const char * * * ) ous ,
( int * ) num_ous ) ) {
ads_memfree ( ads , dn ) ;
ads_msgfree ( ads , res ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
ads_memfree ( ads , dn ) ;
}
ads_msgfree ( ads , res ) ;
return status ;
}
2006-05-18 23:34:25 +04:00
/**
* pull a DOM_SID from an extended dn string
2008-11-15 06:16:12 +03:00
* @ param mem_ctx TALLOC_CTX
2007-04-22 19:13:50 +04:00
* @ param extended_dn string
2006-05-18 23:34:25 +04:00
* @ param flags string type of extended_dn
* @ param sid pointer to a DOM_SID
2008-11-16 00:07:15 +03:00
* @ return NT_STATUS_OK on success ,
* NT_INVALID_PARAMETER on error ,
* NT_STATUS_NOT_FOUND if no SID present
2006-05-18 23:34:25 +04:00
* */
2008-11-16 00:07:15 +03:00
ADS_STATUS ads_get_sid_from_extended_dn ( TALLOC_CTX * mem_ctx ,
const char * extended_dn ,
enum ads_extended_dn_flags flags ,
DOM_SID * sid )
2006-05-18 23:34:25 +04:00
{
2007-04-22 19:13:50 +04:00
char * p , * q , * dn ;
2006-05-18 23:34:25 +04:00
2007-04-22 19:13:50 +04:00
if ( ! extended_dn ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
2007-04-22 19:13:50 +04:00
/* otherwise extended_dn gets stripped off */
if ( ( dn = talloc_strdup ( mem_ctx , extended_dn ) ) = = NULL ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2007-04-22 19:13:50 +04:00
}
2008-11-15 06:16:12 +03:00
/*
2006-05-18 23:34:25 +04:00
* ADS_EXTENDED_DN_HEX_STRING :
* < GUID = 238e1963 cb390f4bb032ba0105525a29 > ; < SID = 010500000000000515000000 bb68c8fd6b61b427572eb04556040000 > ; CN = gd , OU = berlin , OU = suse , DC = ber , DC = suse , DC = de
*
* ADS_EXTENDED_DN_STRING ( only with w2k3 ) :
2008-11-16 00:07:15 +03:00
* < GUID = 63198e23 - 39 cb - 4 b0f - b032 - ba0105525a29 > ; < SID = S - 1 - 5 - 21 - 4257769659 - 666132843 - 1169174103 - 1110 > ; CN = gd , OU = berlin , OU = suse , DC = ber , DC = suse , DC = de
*
* Object with no SID , such as an Exchange Public Folder
* < GUID = 28907f b4bdf6854993e7f0a10b504e7c > ; CN = public , CN = Microsoft Exchange System Objects , DC = sd2k3ms , DC = west , DC = isilon , DC = com
2006-05-18 23:34:25 +04:00
*/
p = strchr ( dn , ' ; ' ) ;
if ( ! p ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
if ( strncmp ( p , " ;<SID= " , strlen ( " ;<SID= " ) ) ! = 0 ) {
2008-11-16 00:07:15 +03:00
DEBUG ( 5 , ( " No SID present in extended dn \n " ) ) ;
return ADS_ERROR_NT ( NT_STATUS_NOT_FOUND ) ;
2006-05-18 23:34:25 +04:00
}
p + = strlen ( " ;<SID= " ) ;
q = strchr ( p , ' > ' ) ;
if ( ! q ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
2008-11-15 06:16:12 +03:00
2006-05-18 23:34:25 +04:00
* q = ' \0 ' ;
DEBUG ( 100 , ( " ads_get_sid_from_extended_dn: sid string is %s \n " , p ) ) ;
switch ( flags ) {
2008-11-15 06:16:12 +03:00
2006-05-18 23:34:25 +04:00
case ADS_EXTENDED_DN_STRING :
if ( ! string_to_sid ( sid , p ) ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
break ;
case ADS_EXTENDED_DN_HEX_STRING : {
2007-12-04 04:17:05 +03:00
fstring buf ;
2006-05-18 23:34:25 +04:00
size_t buf_len ;
2007-12-04 04:17:05 +03:00
buf_len = strhex_to_str ( buf , sizeof ( buf ) , p , strlen ( p ) ) ;
2006-05-18 23:34:25 +04:00
if ( buf_len = = 0 ) {
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
if ( ! sid_parse ( buf , buf_len , sid ) ) {
DEBUG ( 10 , ( " failed to parse sid \n " ) ) ;
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
break ;
}
default :
DEBUG ( 10 , ( " unknown extended dn format \n " ) ) ;
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-05-18 23:34:25 +04:00
}
2008-11-16 00:07:15 +03:00
return ADS_ERROR_NT ( NT_STATUS_OK ) ;
2006-05-18 23:34:25 +04:00
}
/**
* pull an array of DOM_SIDs from a ADS result
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param msg Results of search
* @ param field Attribute to retrieve
* @ param flags string type of extended_dn
* @ param sids pointer to sid array to allocate
* @ return the count of SIDs pulled
* */
2008-11-15 06:16:12 +03:00
int ads_pull_sids_from_extendeddn ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
LDAPMessage * msg ,
2006-09-04 01:07:16 +04:00
const char * field ,
enum ads_extended_dn_flags flags ,
DOM_SID * * sids )
2006-05-18 23:34:25 +04:00
{
int i ;
2008-11-16 00:07:15 +03:00
ADS_STATUS rc ;
size_t dn_count , ret_count = 0 ;
2006-05-18 23:34:25 +04:00
char * * dn_strings ;
2008-11-15 06:16:12 +03:00
if ( ( dn_strings = ads_pull_strings ( ads , mem_ctx , msg , field ,
2006-05-18 23:34:25 +04:00
& dn_count ) ) = = NULL ) {
return 0 ;
}
( * sids ) = TALLOC_ZERO_ARRAY ( mem_ctx , DOM_SID , dn_count + 1 ) ;
if ( ! ( * sids ) ) {
TALLOC_FREE ( dn_strings ) ;
return 0 ;
}
for ( i = 0 ; i < dn_count ; i + + ) {
2008-11-16 00:07:15 +03:00
rc = ads_get_sid_from_extended_dn ( mem_ctx , dn_strings [ i ] ,
flags , & ( * sids ) [ i ] ) ;
if ( ! ADS_ERR_OK ( rc ) ) {
if ( NT_STATUS_EQUAL ( ads_ntstatus ( rc ) ,
NT_STATUS_NOT_FOUND ) ) {
continue ;
}
else {
TALLOC_FREE ( * sids ) ;
TALLOC_FREE ( dn_strings ) ;
return 0 ;
}
2006-05-18 23:34:25 +04:00
}
2008-11-16 00:07:15 +03:00
ret_count + + ;
2006-05-18 23:34:25 +04:00
}
TALLOC_FREE ( dn_strings ) ;
2008-11-16 00:07:15 +03:00
return ret_count ;
2006-05-18 23:34:25 +04:00
}
2006-07-11 22:45:22 +04:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char * ads_get_dnshostname ( ADS_STRUCT * ads , TALLOC_CTX * ctx , const char * machine_name )
{
LDAPMessage * res = NULL ;
ADS_STATUS status ;
int count = 0 ;
char * name = NULL ;
2006-09-04 01:07:16 +04:00
status = ads_find_machine_acct ( ads , & res , global_myname ( ) ) ;
2006-07-11 22:45:22 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " ads_get_dnshostname: Failed to find account for %s \n " ,
global_myname ( ) ) ) ;
goto out ;
}
if ( ( count = ads_count_replies ( ads , res ) ) ! = 1 ) {
DEBUG ( 1 , ( " ads_get_dnshostname: %d entries returned! \n " , count ) ) ;
goto out ;
}
if ( ( name = ads_pull_string ( ads , ctx , res , " dNSHostName " ) ) = = NULL ) {
DEBUG ( 0 , ( " ads_get_dnshostname: No dNSHostName attribute! \n " ) ) ;
}
out :
ads_msgfree ( ads , res ) ;
return name ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char * ads_get_upn ( ADS_STRUCT * ads , TALLOC_CTX * ctx , const char * machine_name )
{
LDAPMessage * res = NULL ;
ADS_STATUS status ;
int count = 0 ;
char * name = NULL ;
2008-01-08 15:46:54 +03:00
status = ads_find_machine_acct ( ads , & res , machine_name ) ;
2006-07-11 22:45:22 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
2006-08-24 19:43:32 +04:00
DEBUG ( 0 , ( " ads_get_upn: Failed to find account for %s \n " ,
2006-07-11 22:45:22 +04:00
global_myname ( ) ) ) ;
goto out ;
}
2008-01-08 15:46:54 +03:00
2006-07-11 22:45:22 +04:00
if ( ( count = ads_count_replies ( ads , res ) ) ! = 1 ) {
2006-08-24 19:43:32 +04:00
DEBUG ( 1 , ( " ads_get_upn: %d entries returned! \n " , count ) ) ;
2006-07-11 22:45:22 +04:00
goto out ;
}
2008-01-08 15:46:54 +03:00
2006-07-11 22:45:22 +04:00
if ( ( name = ads_pull_string ( ads , ctx , res , " userPrincipalName " ) ) = = NULL ) {
2006-08-24 19:43:32 +04:00
DEBUG ( 2 , ( " ads_get_upn: No userPrincipalName attribute! \n " ) ) ;
2006-07-11 22:45:22 +04:00
}
out :
ads_msgfree ( ads , res ) ;
2008-01-08 15:46:54 +03:00
2006-07-11 22:45:22 +04:00
return name ;
}
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char * ads_get_samaccountname ( ADS_STRUCT * ads , TALLOC_CTX * ctx , const char * machine_name )
{
LDAPMessage * res = NULL ;
ADS_STATUS status ;
int count = 0 ;
char * name = NULL ;
2006-09-04 01:07:16 +04:00
status = ads_find_machine_acct ( ads , & res , global_myname ( ) ) ;
2006-07-11 22:45:22 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " ads_get_dnshostname: Failed to find account for %s \n " ,
global_myname ( ) ) ) ;
goto out ;
}
if ( ( count = ads_count_replies ( ads , res ) ) ! = 1 ) {
DEBUG ( 1 , ( " ads_get_dnshostname: %d entries returned! \n " , count ) ) ;
goto out ;
}
if ( ( name = ads_pull_string ( ads , ctx , res , " sAMAccountName " ) ) = = NULL ) {
DEBUG ( 0 , ( " ads_get_dnshostname: No sAMAccountName attribute! \n " ) ) ;
}
out :
ads_msgfree ( ads , res ) ;
return name ;
}
2006-09-13 13:03:42 +04:00
#if 0
SAVED CODE - we used to join via ldap - remember how we did this . JRA .
/**
* Join a machine to a realm
* Creates the machine account and sets the machine password
* @ param ads connection to ads server
* @ param machine name of host to add
* @ param org_unit Organizational unit to place machine in
* @ return status of join
* */
ADS_STATUS ads_join_realm ( ADS_STRUCT * ads , const char * machine_name ,
uint32 account_type , const char * org_unit )
{
ADS_STATUS status ;
LDAPMessage * res = NULL ;
char * machine ;
/* machine name must be lowercase */
machine = SMB_STRDUP ( machine_name ) ;
strlower_m ( machine ) ;
/*
status = ads_find_machine_acct ( ads , ( void * * ) & res , machine ) ;
if ( ADS_ERR_OK ( status ) & & ads_count_replies ( ads , res ) = = 1 ) {
DEBUG ( 0 , ( " Host account for %s already exists - deleting old account \n " , machine ) ) ;
status = ads_leave_realm ( ads , machine ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " Failed to delete host '%s' from the '%s' realm. \n " ,
machine , ads - > config . realm ) ) ;
return status ;
}
}
*/
status = ads_add_machine_acct ( ads , machine , account_type , org_unit ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " ads_join_realm: ads_add_machine_acct failed (%s): %s \n " , machine , ads_errstr ( status ) ) ) ;
SAFE_FREE ( machine ) ;
return status ;
}
status = ads_find_machine_acct ( ads , ( void * * ) ( void * ) & res , machine ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " ads_join_realm: Host account test failed for machine %s \n " , machine ) ) ;
SAFE_FREE ( machine ) ;
return status ;
}
SAFE_FREE ( machine ) ;
ads_msgfree ( ads , res ) ;
return status ;
}
# endif
/**
* Delete a machine from the realm
* @ param ads connection to ads server
* @ param hostname Machine to remove
* @ return status of delete
* */
ADS_STATUS ads_leave_realm ( ADS_STRUCT * ads , const char * hostname )
{
ADS_STATUS status ;
void * msg ;
LDAPMessage * res ;
char * hostnameDN , * host ;
int rc ;
LDAPControl ldap_control ;
LDAPControl * pldap_control [ 2 ] = { NULL , NULL } ;
pldap_control [ 0 ] = & ldap_control ;
memset ( & ldap_control , 0 , sizeof ( LDAPControl ) ) ;
ldap_control . ldctl_oid = ( char * ) LDAP_SERVER_TREE_DELETE_OID ;
/* hostname must be lowercase */
host = SMB_STRDUP ( hostname ) ;
strlower_m ( host ) ;
status = ads_find_machine_acct ( ads , & res , host ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 0 , ( " Host account for %s does not exist. \n " , host ) ) ;
SAFE_FREE ( host ) ;
return status ;
}
msg = ads_first_entry ( ads , res ) ;
if ( ! msg ) {
SAFE_FREE ( host ) ;
return ADS_ERROR_SYSTEM ( ENOENT ) ;
}
hostnameDN = ads_get_dn ( ads , ( LDAPMessage * ) msg ) ;
2007-07-16 15:08:00 +04:00
rc = ldap_delete_ext_s ( ads - > ldap . ld , hostnameDN , pldap_control , NULL ) ;
2006-09-13 13:03:42 +04:00
if ( rc ) {
DEBUG ( 3 , ( " ldap_delete_ext_s failed with error code %d \n " , rc ) ) ;
} else {
DEBUG ( 3 , ( " ldap_delete_ext_s succeeded with error code %d \n " , rc ) ) ;
}
if ( rc ! = LDAP_SUCCESS ) {
const char * attrs [ ] = { " cn " , NULL } ;
2006-09-13 15:40:21 +04:00
LDAPMessage * msg_sub ;
2006-09-13 13:03:42 +04:00
/* we only search with scope ONE, we do not expect any further
* objects to be created deeper */
2006-09-13 15:40:21 +04:00
status = ads_do_search_retry ( ads , hostnameDN ,
LDAP_SCOPE_ONELEVEL ,
" (objectclass=*) " , attrs , & res ) ;
2006-09-13 13:03:42 +04:00
if ( ! ADS_ERR_OK ( status ) ) {
SAFE_FREE ( host ) ;
ads_memfree ( ads , hostnameDN ) ;
return status ;
}
for ( msg_sub = ads_first_entry ( ads , res ) ; msg_sub ;
msg_sub = ads_next_entry ( ads , msg_sub ) ) {
char * dn = NULL ;
if ( ( dn = ads_get_dn ( ads , msg_sub ) ) = = NULL ) {
SAFE_FREE ( host ) ;
ads_memfree ( ads , hostnameDN ) ;
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
status = ads_del_dn ( ads , dn ) ;
if ( ! ADS_ERR_OK ( status ) ) {
DEBUG ( 3 , ( " failed to delete dn %s: %s \n " , dn , ads_errstr ( status ) ) ) ;
SAFE_FREE ( host ) ;
ads_memfree ( ads , dn ) ;
ads_memfree ( ads , hostnameDN ) ;
return status ;
}
ads_memfree ( ads , dn ) ;
}
/* there should be no subordinate objects anymore */
2006-09-13 15:40:21 +04:00
status = ads_do_search_retry ( ads , hostnameDN ,
LDAP_SCOPE_ONELEVEL ,
" (objectclass=*) " , attrs , & res ) ;
2006-09-13 13:03:42 +04:00
if ( ! ADS_ERR_OK ( status ) | | ( ( ads_count_replies ( ads , res ) ) > 0 ) ) {
SAFE_FREE ( host ) ;
ads_memfree ( ads , hostnameDN ) ;
return status ;
}
/* delete hostnameDN now */
status = ads_del_dn ( ads , hostnameDN ) ;
if ( ! ADS_ERR_OK ( status ) ) {
SAFE_FREE ( host ) ;
DEBUG ( 3 , ( " failed to delete dn %s: %s \n " , hostnameDN , ads_errstr ( status ) ) ) ;
ads_memfree ( ads , hostnameDN ) ;
return status ;
}
}
ads_memfree ( ads , hostnameDN ) ;
status = ads_find_machine_acct ( ads , & res , host ) ;
if ( ADS_ERR_OK ( status ) & & ads_count_replies ( ads , res ) = = 1 ) {
DEBUG ( 3 , ( " Failed to remove host account. \n " ) ) ;
SAFE_FREE ( host ) ;
return status ;
}
SAFE_FREE ( host ) ;
return status ;
}
2006-09-13 14:03:27 +04:00
2007-05-11 17:33:37 +04:00
/**
* pull all token - sids from an LDAP dn
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param dn of LDAP object
* @ param user_sid pointer to DOM_SID ( objectSid )
* @ param primary_group_sid pointer to DOM_SID ( self composed )
* @ param sids pointer to sid array to allocate
* @ param num_sids counter of SIDs pulled
* @ return status of token query
* */
ADS_STATUS ads_get_tokensids ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * dn ,
DOM_SID * user_sid ,
DOM_SID * primary_group_sid ,
DOM_SID * * sids ,
size_t * num_sids )
{
ADS_STATUS status ;
LDAPMessage * res = NULL ;
int count = 0 ;
size_t tmp_num_sids ;
DOM_SID * tmp_sids ;
DOM_SID tmp_user_sid ;
DOM_SID tmp_primary_group_sid ;
uint32 pgid ;
const char * attrs [ ] = {
" objectSid " ,
" tokenGroups " ,
" primaryGroupID " ,
NULL
} ;
status = ads_search_retry_dn ( ads , & res , dn , attrs ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
count = ads_count_replies ( ads , res ) ;
if ( count ! = 1 ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_SUCH_OBJECT ) ;
}
if ( ! ads_pull_sid ( ads , res , " objectSid " , & tmp_user_sid ) ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
if ( ! ads_pull_uint32 ( ads , res , " primaryGroupID " , & pgid ) ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
{
/* hack to compose the primary group sid without knowing the
* domsid */
DOM_SID domsid ;
uint32 dummy_rid ;
sid_copy ( & domsid , & tmp_user_sid ) ;
if ( ! sid_split_rid ( & domsid , & dummy_rid ) ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
if ( ! sid_compose ( & tmp_primary_group_sid , & domsid , pgid ) ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
}
tmp_num_sids = ads_pull_sids ( ads , mem_ctx , res , " tokenGroups " , & tmp_sids ) ;
if ( tmp_num_sids = = 0 | | ! tmp_sids ) {
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
if ( num_sids ) {
* num_sids = tmp_num_sids ;
}
if ( sids ) {
* sids = tmp_sids ;
}
if ( user_sid ) {
* user_sid = tmp_user_sid ;
}
if ( primary_group_sid ) {
* primary_group_sid = tmp_primary_group_sid ;
}
DEBUG ( 10 , ( " ads_get_tokensids: returned %d sids \n " , ( int ) tmp_num_sids + 2 ) ) ;
ads_msgfree ( ads , res ) ;
return ADS_ERROR_LDAP ( LDAP_SUCCESS ) ;
}
2007-07-11 17:17:42 +04:00
/**
* Find a sAMAccoutName in LDAP
* @ param ads connection to ads server
* @ param mem_ctx TALLOC_CTX for allocating sid array
* @ param samaccountname to search
* @ param uac_ret uint32 pointer userAccountControl attribute value
* @ param dn_ret pointer to dn
* @ return status of token query
* */
2007-07-09 20:03:00 +04:00
ADS_STATUS ads_find_samaccount ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * samaccountname ,
uint32 * uac_ret ,
const char * * dn_ret )
{
ADS_STATUS status ;
const char * attrs [ ] = { " userAccountControl " , NULL } ;
const char * filter ;
LDAPMessage * res = NULL ;
char * dn = NULL ;
uint32 uac = 0 ;
filter = talloc_asprintf ( mem_ctx , " (&(objectclass=user)(sAMAccountName=%s)) " ,
samaccountname ) ;
if ( filter = = NULL ) {
2008-03-23 21:26:35 +03:00
status = ADS_ERROR_NT ( NT_STATUS_NO_MEMORY ) ;
2007-07-09 20:03:00 +04:00
goto out ;
}
status = ads_do_search_all ( ads , ads - > config . bind_path ,
LDAP_SCOPE_SUBTREE ,
filter , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
goto out ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
2007-07-13 13:53:55 +04:00
status = ADS_ERROR ( LDAP_NO_RESULTS_RETURNED ) ;
2007-07-09 20:03:00 +04:00
goto out ;
}
dn = ads_get_dn ( ads , res ) ;
if ( dn = = NULL ) {
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
if ( ! ads_pull_uint32 ( ads , res , " userAccountControl " , & uac ) ) {
status = ADS_ERROR ( LDAP_NO_SUCH_ATTRIBUTE ) ;
goto out ;
}
if ( uac_ret ) {
* uac_ret = uac ;
}
if ( dn_ret ) {
* dn_ret = talloc_strdup ( mem_ctx , dn ) ;
if ( ! * dn_ret ) {
status = ADS_ERROR ( LDAP_NO_MEMORY ) ;
goto out ;
}
}
out :
ads_memfree ( ads , dn ) ;
ads_msgfree ( ads , res ) ;
return status ;
}
2007-07-11 17:26:04 +04:00
/**
* find our configuration path
* @ param ads connection to ads server
* @ param mem_ctx Pointer to talloc context
* @ param config_path Pointer to the config path
* @ return status of search
* */
ADS_STATUS ads_config_path ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
char * * config_path )
{
ADS_STATUS status ;
LDAPMessage * res = NULL ;
const char * config_context = NULL ;
const char * attrs [ ] = { " configurationNamingContext " , NULL } ;
status = ads_do_search ( ads , " " , LDAP_SCOPE_BASE ,
" (objectclass=*) " , attrs , & res ) ;
if ( ! ADS_ERR_OK ( status ) ) {
return status ;
}
config_context = ads_pull_string ( ads , mem_ctx , res ,
" configurationNamingContext " ) ;
ads_msgfree ( ads , res ) ;
if ( ! config_context ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
if ( config_path ) {
* config_path = talloc_strdup ( mem_ctx , config_context ) ;
if ( ! * config_path ) {
return ADS_ERROR ( LDAP_NO_MEMORY ) ;
}
}
return ADS_ERROR ( LDAP_SUCCESS ) ;
}
/**
* find the displayName of an extended right
* @ param ads connection to ads server
* @ param config_path The config path
* @ param mem_ctx Pointer to talloc context
* @ param GUID struct of the rightsGUID
* @ return status of search
* */
const char * ads_get_extended_right_name_by_guid ( ADS_STRUCT * ads ,
const char * config_path ,
TALLOC_CTX * mem_ctx ,
const struct GUID * rights_guid )
{
ADS_STATUS rc ;
LDAPMessage * res = NULL ;
char * expr = NULL ;
const char * attrs [ ] = { " displayName " , NULL } ;
const char * result = NULL ;
const char * path ;
if ( ! ads | | ! mem_ctx | | ! rights_guid ) {
goto done ;
}
expr = talloc_asprintf ( mem_ctx , " (rightsGuid=%s) " ,
2008-10-14 04:26:18 +04:00
GUID_string ( mem_ctx , rights_guid ) ) ;
2007-07-11 17:26:04 +04:00
if ( ! expr ) {
goto done ;
}
path = talloc_asprintf ( mem_ctx , " cn=Extended-Rights,%s " , config_path ) ;
if ( ! path ) {
goto done ;
}
rc = ads_do_search_retry ( ads , path , LDAP_SCOPE_SUBTREE ,
expr , attrs , & res ) ;
if ( ! ADS_ERR_OK ( rc ) ) {
goto done ;
}
if ( ads_count_replies ( ads , res ) ! = 1 ) {
goto done ;
}
result = ads_pull_string ( ads , mem_ctx , res , " displayName " ) ;
done :
ads_msgfree ( ads , res ) ;
return result ;
}
2008-03-28 18:33:54 +03:00
/**
* verify or build and verify an account ou
* @ param mem_ctx Pointer to talloc context
* @ param ads connection to ads server
* @ param account_ou
* @ return status of search
* */
ADS_STATUS ads_check_ou_dn ( TALLOC_CTX * mem_ctx ,
ADS_STRUCT * ads ,
2008-05-15 01:50:25 +04:00
const char * * account_ou )
2008-03-28 18:33:54 +03:00
{
struct ldb_dn * name_dn = NULL ;
const char * name = NULL ;
char * ou_string = NULL ;
2008-05-15 01:50:25 +04:00
name_dn = ldb_dn_explode ( mem_ctx , * account_ou ) ;
2008-03-28 18:33:54 +03:00
if ( name_dn ) {
return ADS_SUCCESS ;
}
2008-05-15 01:50:25 +04:00
ou_string = ads_ou_string ( ads , * account_ou ) ;
2008-03-28 18:33:54 +03:00
if ( ! ou_string ) {
return ADS_ERROR_LDAP ( LDAP_INVALID_DN_SYNTAX ) ;
}
name = talloc_asprintf ( mem_ctx , " %s,%s " , ou_string ,
ads - > config . bind_path ) ;
SAFE_FREE ( ou_string ) ;
if ( ! name ) {
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
name_dn = ldb_dn_explode ( mem_ctx , name ) ;
if ( ! name_dn ) {
return ADS_ERROR_LDAP ( LDAP_INVALID_DN_SYNTAX ) ;
}
2008-05-15 01:50:25 +04:00
* account_ou = talloc_strdup ( mem_ctx , name ) ;
if ( ! * account_ou ) {
2008-03-28 18:33:54 +03:00
return ADS_ERROR_LDAP ( LDAP_NO_MEMORY ) ;
}
return ADS_SUCCESS ;
}
2006-09-13 14:03:27 +04:00
# endif