r4840: * Add more generic root-dse inspection function to check for given

controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).

Guenther
(This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index d980d082803a562f9f492e58660e76fce8932ecc..adb51430dc6b4e3068cd9bcae4c7be4238bd8028 100644 (file)
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -145,6 +145,7 @@ struct smbldap_state {
        const char *uri;
        char *bind_dn;
        char *bind_secret;
+       BOOL paged_results;
 
        unsigned int num_failures;
 

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 518bafcc74c5a596e836df481626a9448f2f4c2a..7908bc254dac23ba77bbf4931909e84edc6b6760 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -806,6 +806,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
        int rc;
        char *ldap_dn;
        char *ldap_secret;
+       int version;
 
        /* get the password */
        if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) {
@@ -855,7 +856,14 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
 
        ldap_state->num_failures = 0;
 
+       ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+       if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) {
+               ldap_state->paged_results = True;
+       }
+
        DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+       DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not"));
        return rc;
 }
 
@@ -1431,3 +1439,96 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
        return unix_dn;
 }
 
+/*******************************************************************
+ Check if root-dse has a certain Control or Extension
+********************************************************************/
+
+static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value) 
+{
+       LDAPMessage *msg = NULL;
+       LDAPMessage *entry = NULL;
+       char **values = NULL;
+       int rc, num_result, num_values, i;
+       BOOL result = False;
+
+       if (!attrs[0]) {
+               DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
+               return False;
+       }
+
+       if (!strequal(attrs[0], "supportedExtension") && 
+           !strequal(attrs[0], "supportedControl")) {
+               DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
+               return False;
+       }
+
+       rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, 
+                          "(objectclass=*)", attrs, 0 , &msg);
+
+       if (rc != LDAP_SUCCESS) {
+               DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
+               return False;
+       }
+
+       num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
+
+       if (num_result != 1) {
+               DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
+               goto done;
+       }
+
+       entry = ldap_first_entry(ldap_state->ldap_struct, msg);
+
+       if (entry == NULL) {
+               DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
+               goto done;
+       }
+
+       values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]);
+
+       if (values == NULL) {
+               DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
+               goto done;
+       }
+
+       num_values = ldap_count_values(values);
+
+       if (num_values == 0) {
+               DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
+               goto done;
+       }
+
+       for (i=0; i<num_values; i++) {
+               if (strcmp(values[i], value) == 0)
+                       result = True;
+       }
+
+
+ done:
+       if (values != NULL)
+               ldap_value_free(values);
+       if (msg != NULL)
+               ldap_msgfree(msg);
+
+       return result;
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Control (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_control(struct smbldap_state *ldap_state, const char *control)
+{
+       const char *attrs[] = { "supportedControl", NULL };
+       return smbldap_check_root_dse(ldap_state, attrs, control);
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Extension (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extension)
+{
+       const char *attrs[] = { "supportedExtension", NULL };
+       return smbldap_check_root_dse(ldap_state, attrs, extension);
+}

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6c1d64abce8a25c95b2464244eb95da8358a3ed6..ee0cb260e8bd0f457a17ba45ba02c8259a6b1308 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -782,8 +782,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
        pdb_set_hours_len(sampass, hours_len, PDB_SET);
        pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
 
-/*     pdb_set_munged_dial(sampass, munged_dial, PDB_SET); */
-       
        if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
                        get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
                        /* leave as default */
@@ -1409,62 +1407,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
 
 static BOOL ldapsam_can_pwchange_exop(struct smbldap_state *ldap_state)
 {
-       LDAPMessage *msg = NULL;
-       LDAPMessage *entry = NULL;
-       char **values = NULL;
-       char *attrs[] = { "supportedExtension", NULL };
-       int rc, num_result, num_values, i;
-       BOOL result = False;
-
-       rc = smbldap_search(ldap_state, "", LDAP_SCOPE_BASE, "(objectclass=*)",
-                           attrs, 0, &msg);
-
-       if (rc != LDAP_SUCCESS) {
-               DEBUG(3, ("Could not search rootDSE\n"));
-               return False;
-       }
-
-       num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
-
-       if (num_result != 1) {
-               DEBUG(3, ("Expected one rootDSE, got %d\n", num_result));
-               goto done;
-       }
-
-       entry = ldap_first_entry(ldap_state->ldap_struct, msg);
-
-       if (entry == NULL) {
-               DEBUG(3, ("Could not retrieve rootDSE\n"));
-               goto done;
-       }
-
-       values = ldap_get_values(ldap_state->ldap_struct, entry,
-                                "supportedExtension");
-
-       if (values == NULL) {
-               DEBUG(9, ("LDAP Server does not support any extensions\n"));
-               goto done;
-       }
-
-       num_values = ldap_count_values(values);
-
-       if (num_values == 0) {
-               DEBUG(9, ("LDAP Server does not support any extensions\n"));
-               goto done;
-       }
-
-       for (i=0; i<num_values; i++) {
-               if (strcmp(values[i], LDAP_EXOP_MODIFY_PASSWD) == 0)
-                       result = True;
-       }
-
- done:
-       if (values != NULL)
-               ldap_value_free(values);
-       if (msg != NULL)
-               ldap_msgfree(msg);
-
-       return result;
+       return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD);
 }
 
 /********************************************************************