ads (active directory) utility library
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett 2001
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "ads.h"
/* return a ldap dn path from a string, given separators and field name
caller must free
int numbits = 0;
char *ret;
int len;
-
- r = strdup(realm);
+ char *saveptr;
- if (!r || !*r) return r;
+ r = SMB_STRDUP(realm);
+
+ if (!r || !*r) {
+ return r;
+ }
for (p=r; *p; p++) {
- if (strchr(sep, *p)) numbits++;
+ if (strchr(sep, *p)) {
+ numbits++;
+ }
}
len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
- ret = malloc(len);
- strlcpy(ret,field, len);
- p=strtok(r,sep);
- strlcat(ret, p, len);
-
- while ((p=strtok(NULL,sep))) {
- char *s;
- if (reverse) {
- asprintf(&s, "%s%s,%s", field, p, ret);
- } else {
- asprintf(&s, "%s,%s%s", ret, field, p);
- }
+ ret = (char *)SMB_MALLOC(len);
+ if (!ret) {
+ free(r);
+ return NULL;
+ }
+
+ if (strlcpy(ret,field, len) >= len) {
+ /* Truncate ! */
+ free(r);
free(ret);
- ret = s;
+ return NULL;
}
+ p=strtok_r(r, sep, &saveptr);
+ if (p) {
+ if (strlcat(ret, p, len) >= len) {
+ free(r);
+ free(ret);
+ return NULL;
+ }
- free(r);
+ while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
+ int retval;
+ char *s = NULL;
+ if (reverse)
+ retval = asprintf(&s, "%s%s,%s", field, p, ret);
+ else
+ retval = asprintf(&s, "%s,%s%s", ret, field, p);
+ free(ret);
+ if (retval == -1) {
+ free(r);
+ return NULL;
+ }
+ ret = SMB_STRDUP(s);
+ free(s);
+ }
+ }
+ free(r);
return ret;
}
return ads_build_path(realm, ".", "dc=", 0);
}
-
-#ifdef HAVE_LDAP
-/*
- find the ldap server from DNS
+/* return a DNS name in the for aa.bb.cc from the DN
+ "dc=AA,dc=BB,dc=CC". caller must free
*/
-static char *find_ldap_server(ADS_STRUCT *ads)
+char *ads_build_domain(const char *dn)
{
- char *list = NULL;
- struct in_addr ip;
-
- if (ads->realm &&
- ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) {
- char *p;
- p = strchr(list, ':');
- if (p) *p = 0;
- return list;
- }
+ char *dnsdomain = NULL;
- /* get desperate, find the domain controller IP */
- if (resolve_name(lp_workgroup(), &ip, 0x1B)) {
- return strdup(inet_ntoa(ip));
- }
+ /* result should always be shorter than the DN */
- return NULL;
-}
+ if ( (dnsdomain = SMB_STRDUP( dn )) == NULL ) {
+ DEBUG(0,("ads_build_domain: malloc() failed!\n"));
+ return NULL;
+ }
-#else
+ if (!strlower_m( dnsdomain )) {
+ SAFE_FREE(dnsdomain);
+ return NULL;
+ }
-static char *find_ldap_server(ADS_STRUCT *ads)
-{
- /* Without LDAP this doesn't make much sense */
- return NULL;
+ all_string_sub( dnsdomain, "dc=", "", 0);
+ all_string_sub( dnsdomain, ",", ".", 0 );
+
+ return dnsdomain;
}
-#endif
+
#ifndef LDAP_PORT
#define LDAP_PORT 389
initialise a ADS_STRUCT, ready for some ads_ ops
*/
ADS_STRUCT *ads_init(const char *realm,
- const char *ldap_server,
- const char *bind_path,
- const char *password)
+ const char *workgroup,
+ const char *ldap_server)
{
ADS_STRUCT *ads;
-
- ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads));
+ int wrap_flags;
+
+ ads = SMB_XMALLOC_P(ADS_STRUCT);
ZERO_STRUCTP(ads);
-
- ads->realm = realm? strdup(realm) : NULL;
- ads->ldap_server = ldap_server? strdup(ldap_server) : NULL;
- ads->bind_path = bind_path? strdup(bind_path) : NULL;
- ads->ldap_port = LDAP_PORT;
- if (password) ads->password = strdup(password);
-
- if (!ads->realm) {
- ads->realm = strdup(lp_realm());
- if (!ads->realm[0]) {
- SAFE_FREE(ads->realm);
- }
- }
- if (!ads->bind_path && ads->realm) {
- ads->bind_path = ads_build_dn(ads->realm);
- }
- if (!ads->ldap_server) {
- ads->ldap_server = strdup(lp_ads_server());
- if (!ads->ldap_server[0]) {
- ads->ldap_server = find_ldap_server(ads);
- }
- }
- if (!ads->kdc_server) {
- /* assume its the same as LDAP */
- ads->kdc_server = ads->ldap_server? strdup(ads->ldap_server) : NULL;
+
+ ads->server.realm = realm? SMB_STRDUP(realm) : NULL;
+ ads->server.workgroup = workgroup ? SMB_STRDUP(workgroup) : NULL;
+ ads->server.ldap_server = ldap_server? SMB_STRDUP(ldap_server) : NULL;
+
+ /* the caller will own the memory by default */
+ ads->is_mine = 1;
+
+ wrap_flags = lp_client_ldap_sasl_wrapping();
+ if (wrap_flags == -1) {
+ wrap_flags = 0;
}
+ ads->auth.flags = wrap_flags;
+
+ /* Start with a page size of 1000 when the connection is new,
+ * we will drop it by half we get a timeout. */
+ ads->config.ldap_page_size = 1000;
+
return ads;
}
+/****************************************************************
+****************************************************************/
+
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags)
+{
+ if (!ads) {
+ return false;
+ }
+
+ ads->auth.flags = flags;
+
+ return true;
+}
+
/*
free the memory used by the ADS structure initialized with 'ads_init(...)'
*/
void ads_destroy(ADS_STRUCT **ads)
{
if (ads && *ads) {
+ bool is_mine;
+
+ is_mine = (*ads)->is_mine;
#if HAVE_LDAP
- if ((*ads)->ld) ldap_unbind((*ads)->ld);
+ ads_disconnect(*ads);
#endif
- SAFE_FREE((*ads)->realm);
- SAFE_FREE((*ads)->ldap_server);
- SAFE_FREE((*ads)->ldap_server_name);
- SAFE_FREE((*ads)->kdc_server);
- SAFE_FREE((*ads)->bind_path);
- SAFE_FREE((*ads)->password);
- SAFE_FREE((*ads)->user_name);
+ SAFE_FREE((*ads)->server.realm);
+ SAFE_FREE((*ads)->server.workgroup);
+ SAFE_FREE((*ads)->server.ldap_server);
+
+ SAFE_FREE((*ads)->auth.realm);
+ SAFE_FREE((*ads)->auth.password);
+ SAFE_FREE((*ads)->auth.user_name);
+ SAFE_FREE((*ads)->auth.kdc_server);
+ SAFE_FREE((*ads)->auth.ccache_name);
+
+ SAFE_FREE((*ads)->config.realm);
+ SAFE_FREE((*ads)->config.bind_path);
+ SAFE_FREE((*ads)->config.ldap_server_name);
+ SAFE_FREE((*ads)->config.server_site_name);
+ SAFE_FREE((*ads)->config.client_site_name);
+ SAFE_FREE((*ads)->config.schema_path);
+ SAFE_FREE((*ads)->config.config_path);
+
ZERO_STRUCTP(*ads);
- SAFE_FREE(*ads);
+
+ if ( is_mine )
+ SAFE_FREE(*ads);
}
}