1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

update the ldap support code. it compiles.

Ignacio you can update your howto ;-)

samsync: a small patch to try chaning challenges.

	J.F.
(This used to be commit c99bc30559)
This commit is contained in:
Jean-François Micouleau 2001-12-13 18:09:29 +00:00
parent 037b40f01f
commit 9f59fc64b8
8 changed files with 150 additions and 34 deletions

View File

@ -655,6 +655,7 @@ typedef struct sam_passwd
#define LOCAL_TRUST_ACCOUNT 0x10
#define LOCAL_SET_NO_PASSWORD 0x20
#define LOCAL_SET_PASSWORD 0x40
#define LOCAL_SET_LDAP_ADMIN_PW 0x80
/* key and data in the connections database - used in smbstatus and smbd */
struct connections_key {
@ -1316,6 +1317,12 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
#endif /* DEVELOPER */
};
/* LDAP schema types */
enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
/* LDAP SSL options */
enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
/* Remote architectures we know about. */
enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};

View File

@ -282,7 +282,7 @@ static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
/* Sam synchronisation */
NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
uint32 database_id, uint32 *num_deltas,
SAM_DELTA_HDR **hdr_deltas,
SAM_DELTA_CTR **deltas)
@ -306,7 +306,7 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
gen_next_creds(cli, &clnt_creds);
init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
&clnt_creds, database_id);
&clnt_creds, ret_creds, database_id);
/* Marshall data and send request */
@ -330,6 +330,8 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx,
*hdr_deltas = r.hdr_deltas;
*deltas = r.deltas;
memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
done:
prs_mem_free(&qbuf);
prs_mem_free(&rbuf);

View File

@ -131,11 +131,6 @@ typedef struct
char **szNetbiosAliases;
char *szDomainOtherSIDs;
char *szNameResolveOrder;
char *szLdapServer;
char *szLdapSuffix;
char *szLdapFilter;
char *szLdapRoot;
char *szLdapRootPassword;
char *szPanicAction;
char *szAddUserScript;
char *szDelUserScript;
@ -200,9 +195,14 @@ typedef struct
int min_passwd_length;
int oplock_break_wait_time;
int winbind_cache_time;
#ifdef WITH_LDAP
#ifdef WITH_LDAP_SAM
int ldap_port;
#endif /* WITH_LDAP */
int ldap_ssl;
char *szLdapServer;
char *szLdapSuffix;
char *szLdapFilter;
char *szLdapAdminDn;
#endif /* WITH_LDAP_SAM */
#ifdef WITH_SSL
int sslVersion;
char **sslHostsRequire;
@ -568,6 +568,21 @@ static struct enum_list enum_printing[] = {
{-1, NULL}
};
#ifdef WITH_LDAP_SAM
static struct enum_list enum_ldap_ssl[] = {
{LDAP_SSL_ON, "Yes"},
{LDAP_SSL_ON, "yes"},
{LDAP_SSL_ON, "on"},
{LDAP_SSL_ON, "On"},
{LDAP_SSL_OFF, "no"},
{LDAP_SSL_OFF, "No"},
{LDAP_SSL_OFF, "off"},
{LDAP_SSL_OFF, "Off"},
{LDAP_SSL_START_TLS, "start tls"},
{-1, NULL}
};
#endif /* WITH_LDAP_SAM */
/* Types of machine we can announce as. */
#define ANNOUNCE_AS_NT_SERVER 1
#define ANNOUNCE_AS_WIN95 2
@ -939,16 +954,16 @@ static struct parm_struct parm_table[] = {
{"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
#ifdef WITH_LDAP
#ifdef WITH_LDAP_SAM
{"Ldap Options", P_SEP, P_SEPARATOR},
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
{"ldap root", P_STRING, P_GLOBAL, &Globals.szLdapRoot, NULL, NULL, 0},
{"ldap root passwd", P_STRING, P_GLOBAL, &Globals.szLdapRootPassword, NULL, NULL, 0},
#endif /* WITH_LDAP */
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
#endif /* WITH_LDAP_SAM */
{"Miscellaneous Options", P_SEP, P_SEPARATOR},
{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
@ -1287,11 +1302,14 @@ static void init_globals(void)
a large number of sites (tridge) */
Globals.bHostnameLookups = False;
#ifdef WITH_LDAP
/* default values for ldap */
#ifdef WITH_LDAP_SAM
string_set(&Globals.szLdapServer, "localhost");
string_set(&Globals.szLdapSuffix, "");
string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_port = 389;
#endif /* WITH_LDAP */
Globals.ldap_ssl = LDAP_SSL_OFF;
#endif /* WITH_LDAP_SAM */
#ifdef WITH_SSL
Globals.sslVersion = SMB_SSL_V23;
@ -1492,13 +1510,14 @@ FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
#ifdef WITH_LDAP
#ifdef WITH_LDAP_SAM
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
FN_GLOBAL_STRING(lp_ldap_root, &Globals.szLdapRoot)
FN_GLOBAL_STRING(lp_ldap_rootpasswd, &Globals.szLdapRootPassword)
#endif /* WITH_LDAP */
FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
#endif /* WITH_LDAP_SAM */
FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
@ -1598,9 +1617,6 @@ FN_GLOBAL_INTEGER(lp_stat_cache_size, &Globals.stat_cache_size)
FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
#ifdef WITH_LDAP
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
#endif /* WITH_LDAP */
FN_LOCAL_STRING(lp_preexec, szPreExec)
FN_LOCAL_STRING(lp_postexec, szPostExec)
FN_LOCAL_STRING(lp_rootpreexec, szRootPreExec)

View File

@ -245,3 +245,44 @@ void reset_globals_after_fork(void)
*/
generate_random_buffer( &dummy, 1, True);
}
BOOL secrets_store_ldap_pw(char* dn, char* pw)
{
fstring key;
char *p;
pstrcpy(key, dn);
for (p=key; *p; p++)
if (*p == ',') *p = '/';
return secrets_store(key, pw, strlen(pw));
}
BOOL fetch_ldap_pw(char *dn, char* pw, int len)
{
fstring key;
char *p;
void *data = NULL;
size_t size;
pstrcpy(key, dn);
for (p=key; *p; p++)
if (*p == ',') *p = '/';
data=secrets_fetch(key, &size);
if (!size) {
DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n"));
return False;
}
if (size > len-1)
{
DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1));
return False;
}
memcpy(pw, data, size);
pw[size] = '\0';
return True;
}

View File

@ -1592,18 +1592,21 @@ BOOL net_io_r_sam_logoff(char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps, int
makes a NET_Q_SAM_SYNC structure.
********************************************************************/
BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
const char *cli_name, DOM_CRED * cli_creds,
uint32 database_id)
const char *cli_name, DOM_CRED *cli_creds,
DOM_CRED *ret_creds, uint32 database_id)
{
DEBUG(5, ("init_q_sam_sync\n"));
init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
if (cli_creds) {
if (cli_creds)
memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
}
if (cli_creds)
memcpy(&q_s->ret_creds, ret_creds, sizeof(q_s->ret_creds));
else
memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
q_s->database_id = database_id;
q_s->restart_state = 0;

View File

@ -152,6 +152,7 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli,
uint32 database_id = 0, num_deltas;
SAM_DELTA_HDR *hdr_deltas;
SAM_DELTA_CTR *deltas;
DOM_CRED ret_creds;
if (argc > 2) {
fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
@ -181,9 +182,12 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli,
goto done;
}
/* on first call the returnAuthenticator is empty */
memset(&ret_creds, 0, sizeof(ret_creds));
/* Synchronise sam database */
result = cli_netlogon_sam_sync(cli, mem_ctx, database_id,
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, database_id,
&num_deltas, &hdr_deltas, &deltas);
if (!NT_STATUS_IS_OK(result))

View File

@ -264,6 +264,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
uint32 num_deltas_0, num_deltas_1, num_deltas_2;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_CRED ret_creds;
/* Initialise */
if (!(mem_ctx = talloc_init())) {
@ -283,9 +284,12 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
goto done;
}
/* on first call the returnAuthenticator is empty */
memset(&ret_creds, 0, sizeof(ret_creds));
/* Do sam synchronisation on the SAM database*/
result = cli_netlogon_sam_sync(cli, mem_ctx, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -300,11 +304,10 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
* we must chain the credentials
*/
#if 0
#if 1
/* Do sam synchronisation on the LSA database */
result = cli_netlogon_sam_sync(cli, mem_ctx, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
if (!NT_STATUS_IS_OK(result))
goto done;

View File

@ -56,6 +56,9 @@ static void usage(void)
printf(" -e enable user\n");
printf(" -n set no password\n");
printf(" -m machine trust account\n");
#ifdef WITH_LDAP_SAM
printf(" -w ldap admin password\n");
#endif
exit(1);
}
@ -170,6 +173,21 @@ static BOOL password_change(const char *remote_machine, char *user_name,
return ret;
}
#ifdef WITH_LDAP_SAM
/*******************************************************************
Store the LDAP admin password in secrets.tdb
******************************************************************/
static BOOL store_ldap_admin_pw (char* pw)
{
if (!pw)
return False;
if (!secrets_init())
return False;
return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw);
}
#endif
/*************************************************************
Handle password changing for root.
@ -186,13 +204,16 @@ static int process_root(int argc, char *argv[])
char *new_passwd = NULL;
char *old_passwd = NULL;
char *remote_machine = NULL;
#ifdef WITH_LDAP_SAM
fstring ldap_secret;
#endif
ZERO_STRUCT(user_name);
ZERO_STRUCT(user_password);
user_name[0] = '\0';
while ((ch = getopt(argc, argv, "axdehmnjr:sR:D:U:L")) != EOF) {
while ((ch = getopt(argc, argv, "axdehmnjr:swR:D:U:L")) != EOF) {
switch(ch) {
case 'L':
local_mode = True;
@ -228,6 +249,15 @@ static int process_root(int argc, char *argv[])
set_line_buffering(stderr);
stdin_passwd_get = True;
break;
case 'w':
#ifdef WITH_LDAP_SAM
local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
fstrcpy(ldap_secret, optarg);
break;
#else
printf("-w not available unless configured --with-ldap\n");
goto done;
#endif
case 'R':
lp_set_name_resolve_order(optarg);
break;
@ -259,6 +289,16 @@ static int process_root(int argc, char *argv[])
argc -= optind;
argv += optind;
#ifdef WITH_LDAP_SAM
if (local_flags & LOCAL_SET_LDAP_ADMIN_PW)
{
printf("Setting stored password for \"%s\" in secrets.tdb\n",
lp_ldap_admin_dn());
if (!store_ldap_admin_pw(ldap_secret))
DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
goto done;
}
#endif
/*
* Ensure both add/delete user are not set
* Ensure add/delete user and either remote machine or join domain are