mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
r4840: * Add more generic root-dse inspection function to check for given
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
This commit is contained in:
Günther Deschner
Gerald (Jerry) Carter
parent
87965a2425
commit
0c6010238d
@ -145,6 +145,7 @@ struct smbldap_state {
|
||||
const char *uri;
|
||||
char *bind_dn;
|
||||
char *bind_secret;
|
||||
BOOL paged_results;
|
||||
|
||||
unsigned int num_failures;
|
||||
|
||||
|
||||
@ -806,6 +806,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
|
||||
int rc;
|
||||
char *ldap_dn;
|
||||
char *ldap_secret;
|
||||
int version;
|
||||
|
||||
/* get the password */
|
||||
if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) {
|
||||
@ -855,7 +856,14 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
|
||||
|
||||
ldap_state->num_failures = 0;
|
||||
|
||||
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
|
||||
|
||||
if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) {
|
||||
ldap_state->paged_results = True;
|
||||
}
|
||||
|
||||
DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
|
||||
DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not"));
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -1431,3 +1439,96 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
|
||||
return unix_dn;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Check if root-dse has a certain Control or Extension
|
||||
********************************************************************/
|
||||
|
||||
static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value)
|
||||
{
|
||||
LDAPMessage *msg = NULL;
|
||||
LDAPMessage *entry = NULL;
|
||||
char **values = NULL;
|
||||
int rc, num_result, num_values, i;
|
||||
BOOL result = False;
|
||||
|
||||
if (!attrs[0]) {
|
||||
DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!strequal(attrs[0], "supportedExtension") &&
|
||||
!strequal(attrs[0], "supportedControl")) {
|
||||
DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
|
||||
return False;
|
||||
}
|
||||
|
||||
rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE,
|
||||
"(objectclass=*)", attrs, 0 , &msg);
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
|
||||
|
||||
if (num_result != 1) {
|
||||
DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
|
||||
goto done;
|
||||
}
|
||||
|
||||
entry = ldap_first_entry(ldap_state->ldap_struct, msg);
|
||||
|
||||
if (entry == NULL) {
|
||||
DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]);
|
||||
|
||||
if (values == NULL) {
|
||||
DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
|
||||
goto done;
|
||||
}
|
||||
|
||||
num_values = ldap_count_values(values);
|
||||
|
||||
if (num_values == 0) {
|
||||
DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i=0; i<num_values; i++) {
|
||||
if (strcmp(values[i], value) == 0)
|
||||
result = True;
|
||||
}
|
||||
|
||||
|
||||
done:
|
||||
if (values != NULL)
|
||||
ldap_value_free(values);
|
||||
if (msg != NULL)
|
||||
ldap_msgfree(msg);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Check if LDAP-Server supports a certain Control (OID in string format)
|
||||
********************************************************************/
|
||||
|
||||
BOOL smbldap_has_control(struct smbldap_state *ldap_state, const char *control)
|
||||
{
|
||||
const char *attrs[] = { "supportedControl", NULL };
|
||||
return smbldap_check_root_dse(ldap_state, attrs, control);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Check if LDAP-Server supports a certain Extension (OID in string format)
|
||||
********************************************************************/
|
||||
|
||||
BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extension)
|
||||
{
|
||||
const char *attrs[] = { "supportedExtension", NULL };
|
||||
return smbldap_check_root_dse(ldap_state, attrs, extension);
|
||||
}
|
||||
|
||||
@ -782,8 +782,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
|
||||
pdb_set_hours_len(sampass, hours_len, PDB_SET);
|
||||
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
|
||||
|
||||
/* pdb_set_munged_dial(sampass, munged_dial, PDB_SET); */
|
||||
|
||||
if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
|
||||
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
|
||||
/* leave as default */
|
||||
@ -1409,62 +1407,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
|
||||
|
||||
static BOOL ldapsam_can_pwchange_exop(struct smbldap_state *ldap_state)
|
||||
{
|
||||
LDAPMessage *msg = NULL;
|
||||
LDAPMessage *entry = NULL;
|
||||
char **values = NULL;
|
||||
char *attrs[] = { "supportedExtension", NULL };
|
||||
int rc, num_result, num_values, i;
|
||||
BOOL result = False;
|
||||
|
||||
rc = smbldap_search(ldap_state, "", LDAP_SCOPE_BASE, "(objectclass=*)",
|
||||
attrs, 0, &msg);
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
DEBUG(3, ("Could not search rootDSE\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
|
||||
|
||||
if (num_result != 1) {
|
||||
DEBUG(3, ("Expected one rootDSE, got %d\n", num_result));
|
||||
goto done;
|
||||
}
|
||||
|
||||
entry = ldap_first_entry(ldap_state->ldap_struct, msg);
|
||||
|
||||
if (entry == NULL) {
|
||||
DEBUG(3, ("Could not retrieve rootDSE\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
values = ldap_get_values(ldap_state->ldap_struct, entry,
|
||||
"supportedExtension");
|
||||
|
||||
if (values == NULL) {
|
||||
DEBUG(9, ("LDAP Server does not support any extensions\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
num_values = ldap_count_values(values);
|
||||
|
||||
if (num_values == 0) {
|
||||
DEBUG(9, ("LDAP Server does not support any extensions\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i=0; i<num_values; i++) {
|
||||
if (strcmp(values[i], LDAP_EXOP_MODIFY_PASSWD) == 0)
|
||||
result = True;
|
||||
}
|
||||
|
||||
done:
|
||||
if (values != NULL)
|
||||
ldap_value_free(values);
|
||||
if (msg != NULL)
|
||||
ldap_msgfree(msg);
|
||||
|
||||
return result;
|
||||
return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user