From c441b7dda8507b22a94146be0df77e54e623645a Mon Sep 17 00:00:00 2001 From: Wilco Baan Hofman Date: Sun, 1 Mar 2009 14:06:36 +0100 Subject: [PATCH] Add ads convenience functions to samba 4. Move gpo_ldap.c to root libgpo. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- {source3/libgpo => libgpo}/gpo_ldap.c | 5 +- libgpo/gpo_util.c | 2 +- source4/libgpo/ads_convenience.c | 248 ++++++++++++++++++++++++++ source4/libgpo/ads_convenience.h | 61 +++++++ 4 files changed, 314 insertions(+), 2 deletions(-) rename {source3/libgpo => libgpo}/gpo_ldap.c (99%) create mode 100644 source4/libgpo/ads_convenience.c create mode 100644 source4/libgpo/ads_convenience.h diff --git a/source3/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c similarity index 99% rename from source3/libgpo/gpo_ldap.c rename to libgpo/gpo_ldap.c index 716b8729c33..788d6887a3f 100644 --- a/source3/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -18,6 +18,9 @@ */ #include "includes.h" +#if _SAMBA_BUILD_ == 4 +#include "source4/libgpo/ads_convenience.h" +#endif /**************************************************************** parse the raw extension string into a GP_EXT structure @@ -718,7 +721,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, ZERO_STRUCTP(gpo_list); if (!dn) { - return ADS_ERROR(LDAP_PARAM_ERROR); + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn)); diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index 505400be8c9..d5e3f24c8df 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -315,7 +315,7 @@ void dump_gpo(ADS_STRUCT *ads, DEBUGADD(lvl,("security descriptor:\n")); - ads_disp_sd(ads, mem_ctx, gpo->security_descriptor); + NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor); } /**************************************************************** diff --git a/source4/libgpo/ads_convenience.c b/source4/libgpo/ads_convenience.c new file mode 100644 index 00000000000..1c64197b3d7 --- /dev/null +++ b/source4/libgpo/ads_convenience.c @@ -0,0 +1,248 @@ +/* + Samba CIFS implementation + ADS convenience functions for GPO + + Copyright (C) 2001 Andrew Tridgell (from samba3 ads.c) + Copyright (C) 2001 Remus Koos (from samba3 ads.c) + Copyright (C) 2001 Andrew Bartlett (from samba3 ads.c) + Copyright (C) 2008 Jelmer Vernooij, jelmer@samba.org + Copyright (C) 2008 Wilco Baan Hofman, wilco@baanhofman.nl + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "libgpo/source/ads_convenience.h" + +WERROR ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads) +{ + *ads = talloc(netctx, ADS_STRUCT); + *ads->netctx = netctx; + + ads_connect(*ads); + + return WERR_OK; +} + +ADS_STATUS ads_connect(ADS_STRUCT *ads) +{ + struct libnet_lookup_DCs *io; + char *url; + + io = talloc_zero(ads, struct libnet_lookup_DCs); + + /* We are looking for the PDC of the active domain. */ + io->in.name_type = NBT_NAME_PDC; + io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx); + libnet_lookupDCs(ads->netctx, ads, io); + + url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0]); + ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx, + url, NULL, ads->netctx->cred, 0, NULL); + if (ads->ldbctx == NULL) { + return ADS_STATUS_NT(NT_STATUS_UNSUCCESSFUL); + } + + return ADS_STATUS_NT(NT_STATUS_OK); +} + +ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res, + const char *dn, const char **attrs) +{ + ADS_STATUS status; + + status.err_state = ldb_search(ads->ldbctx, ads, res, + ldb_dn_new(ads, ads->ldbctx, dn), + LDB_SCOPE_BASE, + attrs, + "(objectclass=*)"); + + status.error_type = ENUM_ADS_ERROR_LDAP; + return status; +} + +const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res) +{ + return ldb_dn_get_linearized(res->msgs[0]->dn); +} + +bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd) +{ + struct ldb_val *val; + struct ndr_err_code ndr_err; + + val = ldb_msg_find_ldb_val(res->msgs[0], field); + + *sd = talloc(ctx, struct security_descriptor); + if (*sd == NULL) { + return -1; + } + /* We can't use ndr_pull_struct_blob_all because this contains relative pointers */ + ndr_err = ndr_pull_struct_blob(val, *sd, NULL, *sd, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(*sd); + return -1; + } + return 0; +} + +ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags, + const char *dn, const char **attrs) +{ + return ads_search_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res); +} + +static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope, + const char *filter, const char **attrs, + uint32_t sd_flags, LDAPMessage **res) +{ + int count = 3; + int rv; + struct ldb_request *req; + struct ldb_control **controls; + struct ldb_parse_tree *tree; + + controls = talloc_zero_array(ads, struct ldb_control *, 2); + controls[0] = talloc(ads, struct ldb_control); + controls[0]->oid = LDB_CONTROL_SD_FLAGS_OID; + controls[0]->data = &sd_flags; + controls[0]->critical = 1; + + tree = ldb_parse_tree(ads, filter); + + rv = ldb_build_search_req_ex(&req, ads->ldbctx, ads, res, dn, scope, tree, attrs, controls, + res, ldb_search_default_callback, NULL); + if (rv != LDB_SUCCESS) { + talloc_free(*res); + talloc_free(req); + talloc_free(tree); + return ADS_STATUS(irv); + } + rv = ldb_request(ads->ldbctx, req); + if (rv == LDB_SUCCESS) { + rv = ldb_wait(req->handle, LDB_WAIT_ALL); + } + + talloc_free(req); + talloc_free(tree); + return ADS_STATUS(rv); + +} + +const char * ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field) +{ + return ldb_msg_find_attr_as_string(res->msgs[0], field, NULL); +} + +bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *res, const char *field, uint32_t *ret) +{ + if (ldb_msg_find_element(res->msgs[0], field) == NULL) { + return false; + } + *ret = ldb_msg_find_attr_as_uint(res->msgs[0], field, 0); + return true; +} + + +int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res) +{ + return res->count; +} + +ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res) +{ + talloc_free(res); +} + +/* + do a rough conversion between ads error codes and NT status codes + we'll need to fill this in more +*/ +NTSTATUS ads_ntstatus(ADS_STATUS status) +{ + switch (status.error_type) { + case ENUM_ADS_ERROR_NT: + return status.err.nt_status; + case ENUM_ADS_ERROR_SYSTEM: + return map_nt_error_from_unix(status.err.rc); + case ENUM_ADS_ERROR_LDAP: + if (status.err.rc == LDB_SUCCESS) { + return NT_STATUS_OK; + } + return NT_STATUS_UNSUCCESSFUL; + default: + break; + } + + if (ADS_ERR_OK(status)) { + return NT_STATUS_OK; + } + return NT_STATUS_UNSUCCESSFUL; +} + +/* + return a string for an error from an ads routine +*/ +const char *ads_errstr(ADS_STATUS status) +{ + switch (status.error_type) { + case ENUM_ADS_ERROR_SYSTEM: + return strerror(status.err.rc); + case ENUM_ADS_ERROR_LDAP: + return msg; + case ENUM_ADS_ERROR_NT: + return get_friendly_nt_error_msg(ads_ntstatus(status)); + default: + return "Unknown ADS error type!? (not compiled in?)"; + } +} + +ADS_STATUS ads_build_ldap_error(int ldb_error) +{ + ADS_STATUS ret; + ret.err.rc = ldb_error; + ret.error_type = ENUM_ADS_ERROR_LDAP; + return ret; +} + +ADS_STATUS ads_build_nt_error(NTSTATUS nt_status) +{ + ADS_STATUS ret; + ret.err.nt_status = nt_status; + ret.error_type = ENUM_ADS_ERROR_NT; + return ret; +} + +/* + FIXME + Stub write functions, these do not do anything, though they should. -- Wilco +*/ + +ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx) +{ + return NULL; +} + +ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val) +{ + return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED); +} + +ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) +{ + return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED); +} diff --git a/source4/libgpo/ads_convenience.h b/source4/libgpo/ads_convenience.h new file mode 100644 index 00000000000..13bd54b5882 --- /dev/null +++ b/source4/libgpo/ads_convenience.h @@ -0,0 +1,61 @@ +/* + Samba CIFS implementation + ADS convenience functions for GPO + + Copyright (C) 2008 Jelmer Vernooij, jelmer@samba.org + Copyright (C) 2008 Wilco Baan Hofman, wilco@baanhofman.nl + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __ADS_CONVENIENCE_H__ +#define __ADS_CONVENIENCE_H__ + +#define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0)) +#define ADS_ERROR(rc) ads_build_ldap_error(rc) +#define ADS_ERROR_NT(rc) ads_build_nt_error(rc) +#define ADS_ERROR_HAVE_NO_MEMORY(x) do { \ + if (!(x)) {\ + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);\ + }\ +} while (0) + +#define LDAP_SCOPE_BASE LDB_SCOPE_BASE +#define LDAP_SCOPE_SUBTREE LDB_SCOPE_SUBTREE +#define LDAP_SCOPE_ONELEVEL LDB_SCOPE_ONELEVEL + + + + +typedef struct { + struct libnet_context *netctx; + struct ldb_context *ldbctx; +} ADS_STRUCT; + +typedef struct ldb_result LDAPMessage; +typedef struct void ** ADS_MODLIST; + +/* there are 3 possible types of errors the ads subsystem can produce */ +enum ads_error_type { ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT}; + +typedef struct { + enum ads_error_type error_type; + union err_state{ + int rc; + NTSTATUS nt_status; + } err; + int minor_status; +} ADS_STATUS; + +#endif