sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1

Browse Source 
(This used to be commit 9727d05241)
This commit is contained in:
Gerald Carter
2005-05-31 13:46:45 +00:00
committed by Gerald (Jerry) Carter
parent 450e8d5749
commit f24d88cf9d
39 changed files with 1327 additions and 4911 deletions
Download Patch File Download Diff File Expand all files Collapse all files

263
source3/lib/smbldap.c
View File

@ -1,7 +1,7 @@
/*
Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Jean Fran<EFBFBD>ois Micouleau 1998
Copyright (C) Jean François Micouleau 1998
Copyright (C) Gerald Carter 2001-2003
Copyright (C) Shahms King 2001
Copyright (C) Andrew Bartlett 2002-2003
@ -274,71 +274,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
SAFE_FREE( list );
}
/*******************************************************************
find the ldap password
******************************************************************/
static BOOL fetch_ldap_pw(char **dn, char** pw)
{
char *key = NULL;
size_t size;
*dn = smb_xstrdup(lp_ldap_admin_dn());
if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
SAFE_FREE(*dn);
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
}
*pw=secrets_fetch(key, &size);
SAFE_FREE(key);
if (!size) {
/* Upgrade 2.2 style entry */
char *p;
char* old_style_key = SMB_STRDUP(*dn);
char *data;
fstring old_style_pw;
if (!old_style_key) {
DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
return False;
}
for (p=old_style_key; *p; p++)
if (*p == ',') *p = '/';
data=secrets_fetch(old_style_key, &size);
if (!size && size < sizeof(old_style_pw)) {
DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
SAFE_FREE(old_style_key);
SAFE_FREE(*dn);
return False;
}
size = MIN(size, sizeof(fstring)-1);
strncpy(old_style_pw, data, size);
old_style_pw[size] = 0;
SAFE_FREE(data);
if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n"));
SAFE_FREE(old_style_key);
SAFE_FREE(*dn);
return False;
}
if (!secrets_delete(old_style_key)) {
DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n"));
}
SAFE_FREE(old_style_key);
*pw = smb_xstrdup(old_style_pw);
}
return True;
}
/*******************************************************************
Search an attribute and return the first value found.
******************************************************************/
@ -402,7 +337,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw)
}
#if 0 /* commented out after discussion with abartlet. Do not reenable.
left here so other so re-add similar code --jerry */
left here so other do not re-add similar code --jerry */
if (value == NULL || *value == '\0')
return;
#endif
@ -877,8 +812,8 @@ static int smbldap_open(struct smbldap_state *ldap_state)
{
int rc, opt_rc;
BOOL reopen = False;
SMB_ASSERT(ldap_state);
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
@ -1383,181 +1318,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_
return NT_STATUS_OK;
}
/**********************************************************************
Add the sambaDomain to LDAP, so we don't have to search for this stuff
again. This is a once-add operation for now.
TODO: Add other attributes, and allow modification.
*********************************************************************/
static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
const char *domain_name)
{
fstring sid_string;
fstring algorithmic_rid_base_string;
pstring filter, dn;
LDAPMod **mods = NULL;
int rc;
int ldap_op;
LDAPMessage *result = NULL;
int num_result;
const char **attr_list;
uid_t u_low, u_high;
gid_t g_low, g_high;
uint32 rid_low, rid_high;
slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
domain_name, LDAP_OBJ_DOMINFO);
attr_list = get_attr_list( dominfo_attr_list );
rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
num_result = ldap_count_entries(ldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
/* Check if we need to add an entry */
DEBUG(3,("Adding new domain\n"));
ldap_op = LDAP_MOD_ADD;
pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
domain_name, lp_ldap_suffix());
/* Free original search */
ldap_msgfree(result);
/* make the changes - the entry *must* not already have samba attributes */
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
domain_name);
/* If we don't have an entry, then ask secrets.tdb for what it thinks.
It may choose to make it up */
sid_to_string(sid_string, get_global_sam_sid());
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string);
slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base());
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
algorithmic_rid_base_string);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
/* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
TODO: fix all the places where the line between idmap and normal operations
needed by smbd gets fuzzy --jerry 2003-08-11 */
if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
&& get_free_rid_range(&rid_low, &rid_high) )
{
fstring rid_str;
fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
DEBUG(10,("setting next available user rid [%s]\n", rid_str));
smbldap_set_mod(&mods, LDAP_MOD_ADD,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
rid_str);
fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
DEBUG(10,("setting next available group rid [%s]\n", rid_str));
smbldap_set_mod(&mods, LDAP_MOD_ADD,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
rid_str);
}
switch(ldap_op)
{
case LDAP_MOD_ADD:
rc = smbldap_add(ldap_state, dn, mods);
break;
case LDAP_MOD_REPLACE:
rc = smbldap_modify(ldap_state, dn, mods);
break;
default:
DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
return NT_STATUS_INVALID_PARAMETER;
}
if (rc!=LDAP_SUCCESS) {
char *ld_error = NULL;
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n",
ldap_op == LDAP_MOD_ADD ? "add" : "modify",
dn, ldap_err2string(rc),
ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ldap_mods_free(mods, True);
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name));
ldap_mods_free(mods, True);
return NT_STATUS_OK;
}
/**********************************************************************
Search for the domain info entry
*********************************************************************/
NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
LDAPMessage ** result, const char *domain_name,
BOOL try_add)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
pstring filter;
int rc;
const char **attr_list;
int count;
pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_DOMINFO,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
domain_name);
DEBUG(2, ("Searching for:[%s]\n", filter));
attr_list = get_attr_list( dominfo_attr_list );
rc = smbldap_search_suffix(ldap_state, filter, attr_list , result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
} else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) {
DEBUG(3, ("Got no domain info entries for domain\n"));
ldap_msgfree(*result);
*result = NULL;
if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
return smbldap_search_domain_info(ldap_state, result, domain_name, False);
}
else {
DEBUG(0, ("Adding domain info for %s failed with %s\n",
domain_name, nt_errstr(ret)));
return ret;
}
} else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) {
DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
count, domain_name));
ldap_msgfree(*result);
*result = NULL;
return ret;
} else {
return NT_STATUS_OK;
}
return ret;
}
/*******************************************************************
Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX.
********************************************************************/
@ -1597,14 +1357,14 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char
}
if (!strequal(attrs[0], "supportedExtension") &&
!strequal(attrs[0], "supportedControl")) {
!strequal(attrs[0], "supportedControl") &&
!strequal(attrs[0], "namingContexts")) {
DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
return False;
}
rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE,
"(objectclass=*)", CONST_DISCARD(char **, attrs),
0 , &msg);
"(objectclass=*)", attrs, 0 , &msg);
if (rc != LDAP_SUCCESS) {
DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
@ -1652,6 +1412,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char
ldap_msgfree(msg);
return result;
}
/*******************************************************************
@ -1673,3 +1434,13 @@ BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extensi
const char *attrs[] = { "supportedExtension", NULL };
return smbldap_check_root_dse(ldap_state, attrs, extension);
}
/*******************************************************************
Check if LDAP-Server holds a given namingContext
********************************************************************/
BOOL smbldap_has_naming_context(struct smbldap_state *ldap_state, const char *naming_context)
{
const char *attrs[] = { "namingContexts", NULL };
return smbldap_check_root_dse(ldap_state, attrs, naming_context);
}