1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Add ads convenience functions to samba 4. Move gpo_ldap.c to root libgpo.

Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Wilco Baan Hofman 2009-03-01 14:06:36 +01:00 committed by Günther Deschner
parent 7761850b1f
commit c441b7dda8
4 changed files with 314 additions and 2 deletions

View File

@ -18,6 +18,9 @@
*/ */
#include "includes.h" #include "includes.h"
#if _SAMBA_BUILD_ == 4
#include "source4/libgpo/ads_convenience.h"
#endif
/**************************************************************** /****************************************************************
parse the raw extension string into a GP_EXT structure parse the raw extension string into a GP_EXT structure
@ -718,7 +721,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
ZERO_STRUCTP(gpo_list); ZERO_STRUCTP(gpo_list);
if (!dn) { if (!dn) {
return ADS_ERROR(LDAP_PARAM_ERROR); return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
} }
DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn)); DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn));

View File

@ -315,7 +315,7 @@ void dump_gpo(ADS_STRUCT *ads,
DEBUGADD(lvl,("security descriptor:\n")); DEBUGADD(lvl,("security descriptor:\n"));
ads_disp_sd(ads, mem_ctx, gpo->security_descriptor); NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
} }
/**************************************************************** /****************************************************************

View File

@ -0,0 +1,248 @@
/*
Samba CIFS implementation
ADS convenience functions for GPO
Copyright (C) 2001 Andrew Tridgell (from samba3 ads.c)
Copyright (C) 2001 Remus Koos (from samba3 ads.c)
Copyright (C) 2001 Andrew Bartlett (from samba3 ads.c)
Copyright (C) 2008 Jelmer Vernooij, jelmer@samba.org
Copyright (C) 2008 Wilco Baan Hofman, wilco@baanhofman.nl
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libnet/libnet.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libgpo/source/ads_convenience.h"
WERROR ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads)
{
*ads = talloc(netctx, ADS_STRUCT);
*ads->netctx = netctx;
ads_connect(*ads);
return WERR_OK;
}
ADS_STATUS ads_connect(ADS_STRUCT *ads)
{
struct libnet_lookup_DCs *io;
char *url;
io = talloc_zero(ads, struct libnet_lookup_DCs);
/* We are looking for the PDC of the active domain. */
io->in.name_type = NBT_NAME_PDC;
io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx);
libnet_lookupDCs(ads->netctx, ads, io);
url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0]);
ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx,
url, NULL, ads->netctx->cred, 0, NULL);
if (ads->ldbctx == NULL) {
return ADS_STATUS_NT(NT_STATUS_UNSUCCESSFUL);
}
return ADS_STATUS_NT(NT_STATUS_OK);
}
ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
const char *dn, const char **attrs)
{
ADS_STATUS status;
status.err_state = ldb_search(ads->ldbctx, ads, res,
ldb_dn_new(ads, ads->ldbctx, dn),
LDB_SCOPE_BASE,
attrs,
"(objectclass=*)");
status.error_type = ENUM_ADS_ERROR_LDAP;
return status;
}
const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res)
{
return ldb_dn_get_linearized(res->msgs[0]->dn);
}
bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd)
{
struct ldb_val *val;
struct ndr_err_code ndr_err;
val = ldb_msg_find_ldb_val(res->msgs[0], field);
*sd = talloc(ctx, struct security_descriptor);
if (*sd == NULL) {
return -1;
}
/* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
ndr_err = ndr_pull_struct_blob(val, *sd, NULL, *sd,
(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(*sd);
return -1;
}
return 0;
}
ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags,
const char *dn, const char **attrs)
{
return ads_search_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res);
}
static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
const char *filter, const char **attrs,
uint32_t sd_flags, LDAPMessage **res)
{
int count = 3;
int rv;
struct ldb_request *req;
struct ldb_control **controls;
struct ldb_parse_tree *tree;
controls = talloc_zero_array(ads, struct ldb_control *, 2);
controls[0] = talloc(ads, struct ldb_control);
controls[0]->oid = LDB_CONTROL_SD_FLAGS_OID;
controls[0]->data = &sd_flags;
controls[0]->critical = 1;
tree = ldb_parse_tree(ads, filter);
rv = ldb_build_search_req_ex(&req, ads->ldbctx, ads, res, dn, scope, tree, attrs, controls,
res, ldb_search_default_callback, NULL);
if (rv != LDB_SUCCESS) {
talloc_free(*res);
talloc_free(req);
talloc_free(tree);
return ADS_STATUS(irv);
}
rv = ldb_request(ads->ldbctx, req);
if (rv == LDB_SUCCESS) {
rv = ldb_wait(req->handle, LDB_WAIT_ALL);
}
talloc_free(req);
talloc_free(tree);
return ADS_STATUS(rv);
}
const char * ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field)
{
return ldb_msg_find_attr_as_string(res->msgs[0], field, NULL);
}
bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *res, const char *field, uint32_t *ret)
{
if (ldb_msg_find_element(res->msgs[0], field) == NULL) {
return false;
}
*ret = ldb_msg_find_attr_as_uint(res->msgs[0], field, 0);
return true;
}
int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res)
{
return res->count;
}
ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res)
{
talloc_free(res);
}
/*
do a rough conversion between ads error codes and NT status codes
we'll need to fill this in more
*/
NTSTATUS ads_ntstatus(ADS_STATUS status)
{
switch (status.error_type) {
case ENUM_ADS_ERROR_NT:
return status.err.nt_status;
case ENUM_ADS_ERROR_SYSTEM:
return map_nt_error_from_unix(status.err.rc);
case ENUM_ADS_ERROR_LDAP:
if (status.err.rc == LDB_SUCCESS) {
return NT_STATUS_OK;
}
return NT_STATUS_UNSUCCESSFUL;
default:
break;
}
if (ADS_ERR_OK(status)) {
return NT_STATUS_OK;
}
return NT_STATUS_UNSUCCESSFUL;
}
/*
return a string for an error from an ads routine
*/
const char *ads_errstr(ADS_STATUS status)
{
switch (status.error_type) {
case ENUM_ADS_ERROR_SYSTEM:
return strerror(status.err.rc);
case ENUM_ADS_ERROR_LDAP:
return msg;
case ENUM_ADS_ERROR_NT:
return get_friendly_nt_error_msg(ads_ntstatus(status));
default:
return "Unknown ADS error type!? (not compiled in?)";
}
}
ADS_STATUS ads_build_ldap_error(int ldb_error)
{
ADS_STATUS ret;
ret.err.rc = ldb_error;
ret.error_type = ENUM_ADS_ERROR_LDAP;
return ret;
}
ADS_STATUS ads_build_nt_error(NTSTATUS nt_status)
{
ADS_STATUS ret;
ret.err.nt_status = nt_status;
ret.error_type = ENUM_ADS_ERROR_NT;
return ret;
}
/*
FIXME
Stub write functions, these do not do anything, though they should. -- Wilco
*/
ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx)
{
return NULL;
}
ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val)
{
return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED);
}
ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
{
return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED);
}

View File

@ -0,0 +1,61 @@
/*
Samba CIFS implementation
ADS convenience functions for GPO
Copyright (C) 2008 Jelmer Vernooij, jelmer@samba.org
Copyright (C) 2008 Wilco Baan Hofman, wilco@baanhofman.nl
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __ADS_CONVENIENCE_H__
#define __ADS_CONVENIENCE_H__
#define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
#define ADS_ERROR(rc) ads_build_ldap_error(rc)
#define ADS_ERROR_NT(rc) ads_build_nt_error(rc)
#define ADS_ERROR_HAVE_NO_MEMORY(x) do { \
if (!(x)) {\
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);\
}\
} while (0)
#define LDAP_SCOPE_BASE LDB_SCOPE_BASE
#define LDAP_SCOPE_SUBTREE LDB_SCOPE_SUBTREE
#define LDAP_SCOPE_ONELEVEL LDB_SCOPE_ONELEVEL
typedef struct {
struct libnet_context *netctx;
struct ldb_context *ldbctx;
} ADS_STRUCT;
typedef struct ldb_result LDAPMessage;
typedef struct void ** ADS_MODLIST;
/* there are 3 possible types of errors the ads subsystem can produce */
enum ads_error_type { ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT};
typedef struct {
enum ads_error_type error_type;
union err_state{
int rc;
NTSTATUS nt_status;
} err;
int minor_status;
} ADS_STATUS;
#endif