mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
update the ldap support code. it compiles.
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc30559
)
This commit is contained in:
parent
037b40f01f
commit
9f59fc64b8
@ -655,6 +655,7 @@ typedef struct sam_passwd
|
||||
#define LOCAL_TRUST_ACCOUNT 0x10
|
||||
#define LOCAL_SET_NO_PASSWORD 0x20
|
||||
#define LOCAL_SET_PASSWORD 0x40
|
||||
#define LOCAL_SET_LDAP_ADMIN_PW 0x80
|
||||
|
||||
/* key and data in the connections database - used in smbstatus and smbd */
|
||||
struct connections_key {
|
||||
@ -1316,6 +1317,12 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
|
||||
#endif /* DEVELOPER */
|
||||
};
|
||||
|
||||
/* LDAP schema types */
|
||||
enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
|
||||
|
||||
/* LDAP SSL options */
|
||||
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
|
||||
|
||||
/* Remote architectures we know about. */
|
||||
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
|
||||
|
||||
|
@ -282,7 +282,7 @@ static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
|
||||
|
||||
/* Sam synchronisation */
|
||||
|
||||
NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
|
||||
uint32 database_id, uint32 *num_deltas,
|
||||
SAM_DELTA_HDR **hdr_deltas,
|
||||
SAM_DELTA_CTR **deltas)
|
||||
@ -306,7 +306,7 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
gen_next_creds(cli, &clnt_creds);
|
||||
|
||||
init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
|
||||
&clnt_creds, database_id);
|
||||
&clnt_creds, ret_creds, database_id);
|
||||
|
||||
/* Marshall data and send request */
|
||||
|
||||
@ -330,6 +330,8 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
*hdr_deltas = r.hdr_deltas;
|
||||
*deltas = r.deltas;
|
||||
|
||||
memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
|
||||
|
||||
done:
|
||||
prs_mem_free(&qbuf);
|
||||
prs_mem_free(&rbuf);
|
||||
|
@ -131,11 +131,6 @@ typedef struct
|
||||
char **szNetbiosAliases;
|
||||
char *szDomainOtherSIDs;
|
||||
char *szNameResolveOrder;
|
||||
char *szLdapServer;
|
||||
char *szLdapSuffix;
|
||||
char *szLdapFilter;
|
||||
char *szLdapRoot;
|
||||
char *szLdapRootPassword;
|
||||
char *szPanicAction;
|
||||
char *szAddUserScript;
|
||||
char *szDelUserScript;
|
||||
@ -200,9 +195,14 @@ typedef struct
|
||||
int min_passwd_length;
|
||||
int oplock_break_wait_time;
|
||||
int winbind_cache_time;
|
||||
#ifdef WITH_LDAP
|
||||
#ifdef WITH_LDAP_SAM
|
||||
int ldap_port;
|
||||
#endif /* WITH_LDAP */
|
||||
int ldap_ssl;
|
||||
char *szLdapServer;
|
||||
char *szLdapSuffix;
|
||||
char *szLdapFilter;
|
||||
char *szLdapAdminDn;
|
||||
#endif /* WITH_LDAP_SAM */
|
||||
#ifdef WITH_SSL
|
||||
int sslVersion;
|
||||
char **sslHostsRequire;
|
||||
@ -568,6 +568,21 @@ static struct enum_list enum_printing[] = {
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
#ifdef WITH_LDAP_SAM
|
||||
static struct enum_list enum_ldap_ssl[] = {
|
||||
{LDAP_SSL_ON, "Yes"},
|
||||
{LDAP_SSL_ON, "yes"},
|
||||
{LDAP_SSL_ON, "on"},
|
||||
{LDAP_SSL_ON, "On"},
|
||||
{LDAP_SSL_OFF, "no"},
|
||||
{LDAP_SSL_OFF, "No"},
|
||||
{LDAP_SSL_OFF, "off"},
|
||||
{LDAP_SSL_OFF, "Off"},
|
||||
{LDAP_SSL_START_TLS, "start tls"},
|
||||
{-1, NULL}
|
||||
};
|
||||
#endif /* WITH_LDAP_SAM */
|
||||
|
||||
/* Types of machine we can announce as. */
|
||||
#define ANNOUNCE_AS_NT_SERVER 1
|
||||
#define ANNOUNCE_AS_WIN95 2
|
||||
@ -939,16 +954,16 @@ static struct parm_struct parm_table[] = {
|
||||
{"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
|
||||
|
||||
#ifdef WITH_LDAP
|
||||
#ifdef WITH_LDAP_SAM
|
||||
{"Ldap Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
|
||||
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
|
||||
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0},
|
||||
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
|
||||
{"ldap root", P_STRING, P_GLOBAL, &Globals.szLdapRoot, NULL, NULL, 0},
|
||||
{"ldap root passwd", P_STRING, P_GLOBAL, &Globals.szLdapRootPassword, NULL, NULL, 0},
|
||||
#endif /* WITH_LDAP */
|
||||
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
|
||||
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
|
||||
#endif /* WITH_LDAP_SAM */
|
||||
|
||||
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
|
||||
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
|
||||
@ -1287,11 +1302,14 @@ static void init_globals(void)
|
||||
a large number of sites (tridge) */
|
||||
Globals.bHostnameLookups = False;
|
||||
|
||||
#ifdef WITH_LDAP
|
||||
/* default values for ldap */
|
||||
#ifdef WITH_LDAP_SAM
|
||||
string_set(&Globals.szLdapServer, "localhost");
|
||||
string_set(&Globals.szLdapSuffix, "");
|
||||
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
|
||||
string_set(&Globals.szLdapAdminDn, "");
|
||||
Globals.ldap_port = 389;
|
||||
#endif /* WITH_LDAP */
|
||||
Globals.ldap_ssl = LDAP_SSL_OFF;
|
||||
#endif /* WITH_LDAP_SAM */
|
||||
|
||||
#ifdef WITH_SSL
|
||||
Globals.sslVersion = SMB_SSL_V23;
|
||||
@ -1492,13 +1510,14 @@ FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
|
||||
FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
|
||||
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
|
||||
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
|
||||
#ifdef WITH_LDAP
|
||||
#ifdef WITH_LDAP_SAM
|
||||
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
|
||||
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
|
||||
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
|
||||
FN_GLOBAL_STRING(lp_ldap_root, &Globals.szLdapRoot)
|
||||
FN_GLOBAL_STRING(lp_ldap_rootpasswd, &Globals.szLdapRootPassword)
|
||||
#endif /* WITH_LDAP */
|
||||
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
|
||||
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
|
||||
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
|
||||
#endif /* WITH_LDAP_SAM */
|
||||
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
|
||||
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
|
||||
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
|
||||
@ -1598,9 +1617,6 @@ FN_GLOBAL_INTEGER(lp_stat_cache_size, &Globals.stat_cache_size)
|
||||
FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
|
||||
FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
|
||||
FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
|
||||
#ifdef WITH_LDAP
|
||||
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
|
||||
#endif /* WITH_LDAP */
|
||||
FN_LOCAL_STRING(lp_preexec, szPreExec)
|
||||
FN_LOCAL_STRING(lp_postexec, szPostExec)
|
||||
FN_LOCAL_STRING(lp_rootpreexec, szRootPreExec)
|
||||
|
@ -245,3 +245,44 @@ void reset_globals_after_fork(void)
|
||||
*/
|
||||
generate_random_buffer( &dummy, 1, True);
|
||||
}
|
||||
|
||||
BOOL secrets_store_ldap_pw(char* dn, char* pw)
|
||||
{
|
||||
fstring key;
|
||||
char *p;
|
||||
|
||||
pstrcpy(key, dn);
|
||||
for (p=key; *p; p++)
|
||||
if (*p == ',') *p = '/';
|
||||
|
||||
return secrets_store(key, pw, strlen(pw));
|
||||
}
|
||||
|
||||
BOOL fetch_ldap_pw(char *dn, char* pw, int len)
|
||||
{
|
||||
fstring key;
|
||||
char *p;
|
||||
void *data = NULL;
|
||||
size_t size;
|
||||
|
||||
pstrcpy(key, dn);
|
||||
for (p=key; *p; p++)
|
||||
if (*p == ',') *p = '/';
|
||||
|
||||
data=secrets_fetch(key, &size);
|
||||
if (!size) {
|
||||
DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (size > len-1)
|
||||
{
|
||||
DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1));
|
||||
return False;
|
||||
}
|
||||
|
||||
memcpy(pw, data, size);
|
||||
pw[size] = '\0';
|
||||
|
||||
return True;
|
||||
}
|
||||
|
@ -1592,18 +1592,21 @@ BOOL net_io_r_sam_logoff(char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps, int
|
||||
makes a NET_Q_SAM_SYNC structure.
|
||||
********************************************************************/
|
||||
BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
|
||||
const char *cli_name, DOM_CRED * cli_creds,
|
||||
uint32 database_id)
|
||||
const char *cli_name, DOM_CRED *cli_creds,
|
||||
DOM_CRED *ret_creds, uint32 database_id)
|
||||
{
|
||||
DEBUG(5, ("init_q_sam_sync\n"));
|
||||
|
||||
init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
|
||||
init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
|
||||
|
||||
if (cli_creds) {
|
||||
if (cli_creds)
|
||||
memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
|
||||
memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
|
||||
}
|
||||
|
||||
if (cli_creds)
|
||||
memcpy(&q_s->ret_creds, ret_creds, sizeof(q_s->ret_creds));
|
||||
else
|
||||
memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
|
||||
|
||||
q_s->database_id = database_id;
|
||||
q_s->restart_state = 0;
|
||||
|
@ -152,6 +152,7 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli,
|
||||
uint32 database_id = 0, num_deltas;
|
||||
SAM_DELTA_HDR *hdr_deltas;
|
||||
SAM_DELTA_CTR *deltas;
|
||||
DOM_CRED ret_creds;
|
||||
|
||||
if (argc > 2) {
|
||||
fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
|
||||
@ -181,9 +182,12 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli,
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* on first call the returnAuthenticator is empty */
|
||||
memset(&ret_creds, 0, sizeof(ret_creds));
|
||||
|
||||
/* Synchronise sam database */
|
||||
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, database_id,
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, database_id,
|
||||
&num_deltas, &hdr_deltas, &deltas);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
|
@ -264,6 +264,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
|
||||
uint32 num_deltas_0, num_deltas_1, num_deltas_2;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
DOM_CRED ret_creds;
|
||||
/* Initialise */
|
||||
|
||||
if (!(mem_ctx = talloc_init())) {
|
||||
@ -283,9 +284,12 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* on first call the returnAuthenticator is empty */
|
||||
memset(&ret_creds, 0, sizeof(ret_creds));
|
||||
|
||||
/* Do sam synchronisation on the SAM database*/
|
||||
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
@ -300,11 +304,10 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
|
||||
* we must chain the credentials
|
||||
*/
|
||||
|
||||
|
||||
#if 0
|
||||
#if 1
|
||||
/* Do sam synchronisation on the LSA database */
|
||||
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
|
||||
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
@ -56,6 +56,9 @@ static void usage(void)
|
||||
printf(" -e enable user\n");
|
||||
printf(" -n set no password\n");
|
||||
printf(" -m machine trust account\n");
|
||||
#ifdef WITH_LDAP_SAM
|
||||
printf(" -w ldap admin password\n");
|
||||
#endif
|
||||
|
||||
exit(1);
|
||||
}
|
||||
@ -170,6 +173,21 @@ static BOOL password_change(const char *remote_machine, char *user_name,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WITH_LDAP_SAM
|
||||
/*******************************************************************
|
||||
Store the LDAP admin password in secrets.tdb
|
||||
******************************************************************/
|
||||
static BOOL store_ldap_admin_pw (char* pw)
|
||||
{
|
||||
if (!pw)
|
||||
return False;
|
||||
|
||||
if (!secrets_init())
|
||||
return False;
|
||||
|
||||
return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*************************************************************
|
||||
Handle password changing for root.
|
||||
@ -186,13 +204,16 @@ static int process_root(int argc, char *argv[])
|
||||
char *new_passwd = NULL;
|
||||
char *old_passwd = NULL;
|
||||
char *remote_machine = NULL;
|
||||
#ifdef WITH_LDAP_SAM
|
||||
fstring ldap_secret;
|
||||
#endif
|
||||
|
||||
ZERO_STRUCT(user_name);
|
||||
ZERO_STRUCT(user_password);
|
||||
|
||||
user_name[0] = '\0';
|
||||
|
||||
while ((ch = getopt(argc, argv, "axdehmnjr:sR:D:U:L")) != EOF) {
|
||||
while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) {
|
||||
switch(ch) {
|
||||
case 'L':
|
||||
local_mode = True;
|
||||
@ -228,6 +249,15 @@ static int process_root(int argc, char *argv[])
|
||||
set_line_buffering(stderr);
|
||||
stdin_passwd_get = True;
|
||||
break;
|
||||
case 'w':
|
||||
#ifdef WITH_LDAP_SAM
|
||||
local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
|
||||
fstrcpy(ldap_secret, optarg);
|
||||
break;
|
||||
#else
|
||||
printf("-w not available unless configured --with-ldap\n");
|
||||
goto done;
|
||||
#endif
|
||||
case 'R':
|
||||
lp_set_name_resolve_order(optarg);
|
||||
break;
|
||||
@ -259,6 +289,16 @@ static int process_root(int argc, char *argv[])
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
#ifdef WITH_LDAP_SAM
|
||||
if (local_flags & LOCAL_SET_LDAP_ADMIN_PW)
|
||||
{
|
||||
printf("Setting stored password for \"%s\" in secrets.tdb\n",
|
||||
lp_ldap_admin_dn());
|
||||
if (!store_ldap_admin_pw(ldap_secret))
|
||||
DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
|
||||
goto done;
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Ensure both add/delete user are not set
|
||||
* Ensure add/delete user and either remote machine or join domain are
|
||||
|
Loading…
Reference in New Issue
Block a user