/*
Unix SMB/Netbios implementation.
- Version 1.9.
+ Version 2.0.
LDAP protocol helper functions for SAMBA
Copyright (C) Jean François Micouleau 1998
+ Copyright (C) Matthew Chapman 1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
-#ifdef USE_LDAP
-
#include "includes.h"
+#ifdef WITH_LDAP
+
+#include <lber.h>
+#include <ldap.h>
+
extern int DEBUGLEVEL;
+/* Internal state */
+LDAP *ldap_struct;
+LDAPMessage *ldap_results;
+LDAPMessage *ldap_entry;
+
+/* LDAP password */
+static pstring ldap_secret;
+
+
/*******************************************************************
- open a connection to the ldap serve.
-******************************************************************/
-BOOL ldap_open_connection(LDAP **ldap_struct)
+ Open connections to the LDAP server.
+ ******************************************************************/
+
+BOOL ldap_connect(void)
{
- if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) )== NULL)
- {
- DEBUG(0,("%s: The LDAP server is not responding !\n",timestring()));
- return(False);
+ int err;
+
+ if (!(ldap_struct = ldap_open(lp_ldap_server(), lp_ldap_port()))) {
+ DEBUG(0, ("open: %s\n", strerror(errno)));
+ return (False);
+ }
+
+ err = ldap_simple_bind_s(ldap_struct, lp_ldap_bind_as(), ldap_secret);
+ if (err != LDAP_SUCCESS) {
+ DEBUG(0, ("bind: %s\n", ldap_err2string(err)));
+ return (False);
}
- DEBUG(2,("ldap_open_connection: connection opened\n"));
+
+ DEBUG(2,("Connected to LDAP server\n"));
return (True);
}
-
/*******************************************************************
- connect anonymously to the ldap server.
- FIXME: later (jfm)
-******************************************************************/
-static BOOL ldap_connect_anonymous(LDAP *ldap_struct)
+ close connections to the LDAP server.
+ ******************************************************************/
+
+void ldap_disconnect(void)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
- {
- DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
- return(False);
- }
- return (True);
+ if(!ldap_struct)
+ return;
+
+ if(ldap_results) {
+ ldap_msgfree(ldap_results);
+ ldap_results = NULL; }
+
+ ldap_unbind(ldap_struct);
+ ldap_struct = NULL;
+
+ DEBUG(2,("Connection closed\n"));
}
/*******************************************************************
- connect to the ldap server under system privileg.
-******************************************************************/
-BOOL ldap_connect_system(LDAP *ldap_struct)
+ Search the directory using a given filter.
+ ******************************************************************/
+
+BOOL ldap_search_for(char *filter)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
- {
- DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
- return(False);
+ int err;
+
+ DEBUG(2,("Searching in [%s] for [%s]\n", lp_ldap_suffix(), filter));
+
+ err = ldap_search_s(ldap_struct, lp_ldap_suffix(), LDAP_SCOPE_ONELEVEL,
+ filter, NULL, 0, &ldap_results);
+
+ if(err != LDAP_SUCCESS) {
+ DEBUG(0, ("search: %s\n", ldap_err2string(err)));
}
- DEBUG(2,("ldap_connect_system: succesfull connection to the LDAP server\n"));
+
+ DEBUG(2, ("%d matching entries found\n",
+ ldap_count_entries(ldap_struct, ldap_results)));
+
+ ldap_entry = ldap_first_entry(ldap_struct, ldap_results);
return (True);
}
-/*******************************************************************
- connect to the ldap server under a particular user.
-******************************************************************/
-static BOOL ldap_connect_user(LDAP *ldap_struct, char *user, char *password)
+BOOL ldap_search_by_name(const char *user)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
- {
- DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
- return(False);
- }
- DEBUG(2,("ldap_connect_user: succesfull connection to the LDAP server\n"));
- return (True);
-}
+ fstring filter;
-/*******************************************************************
- run the search by name.
-******************************************************************/
-static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage **result)
-{
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
-
- DEBUG(2,("ldap_search_one_user: searching for:[%s]\n", filter));
-
- rc=ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, result);
-
- if (rc != LDAP_SUCCESS )
- {
- DEBUG(0,("%s: Problem during the LDAP search\n",timestring()));
- return(False);
- }
- return (True);
+ slprintf(filter, sizeof(filter)-1,
+ "(&(uid=%s)(objectclass=sambaAccount))", user);
+ return ldap_search_for(filter);
}
-/*******************************************************************
- run the search by name.
-******************************************************************/
-BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMessage **result)
-{
- pstring filter;
- /*
- in the filter expression, replace %u with the real name
- so in ldap filter, %u MUST exist :-)
- */
- strcpy(filter,lp_ldap_filter());
- string_sub(filter,"%u",user);
+BOOL ldap_search_by_uid(int uid)
+{
+ fstring filter;
- if ( !ldap_search_one_user(ldap_struct, filter, result) )
- {
- return(False);
- }
- return (True);
+ slprintf(filter, sizeof(filter)-1,
+ "(&(uidNumber=%d)(objectclass=sambaAccount))", uid);
+ return ldap_search_for(filter);
}
+
/*******************************************************************
- run the search by uid.
-******************************************************************/
-BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
-{
- pstring filter;
- /*
- in the filter expression, replace %u with the real name
- so in ldap filter, %u MUST exist :-)
- */
- snprintf(filter, sizeof(pstring), "uidAccount=%d", uid);
+ Get the first value of an attribute.
+ ******************************************************************/
+
+BOOL ldap_get_attribute(char *attribute, char *value)
+{
+ char **values;
+
+ if(!(values = ldap_get_values(ldap_struct, ldap_entry, attribute)))
+ return (False);
+
+ pstrcpy(value, values[0]);
+ ldap_value_free(values);
+ DEBUG(3, ("get: [%s] = [%s]\n", attribute, value));
- if ( !ldap_search_one_user(ldap_struct, filter, result) )
- {
- return(False);
- }
return (True);
}
+
/*******************************************************************
- search an attribute and return the first value found.
-******************************************************************/
-void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *attribute, char *value)
+ Construct an smb_passwd structure
+ ******************************************************************/
+struct smb_passwd *ldap_getpw(void)
{
- char **valeurs;
-
- if ( (valeurs=ldap_get_values(ldap_struct, entry, attribute)) != NULL)
- {
- strcpy(value, valeurs[0]);
- ldap_value_free(valeurs);
- DEBUG(3,("get_single_attribute: [%s]=[%s]\n", attribute, value));
- }
+ static struct smb_passwd smbpw;
+ static pstring unix_name;
+ static pstring nt_name;
+ static unsigned char smblmpwd[16];
+ static unsigned char smbntpwd[16];
+ pstring temp;
+
+ if(!ldap_entry)
+ return NULL;
+
+ if(!ldap_get_attribute("uid", unix_name)) {
+ DEBUG(0,("Missing uid\n"));
+ return NULL; }
+ smbpw.unix_name = unix_name;
+
+ DEBUG(2,("Retrieving account [%s]\n",unix_name));
+
+ if(!ldap_get_attribute("uidNumber", temp)) {
+ DEBUG(0,("Missing uidNumber\n"));
+ return NULL; }
+ smbpw.unix_uid = atoi(temp);
+
+ if(!ldap_get_attribute("ntuid", nt_name)) {
+ DEBUG(0,("Missing ntuid\n"));
+ return NULL; }
+ smbpw.nt_name = nt_name;
+
+ if(!ldap_get_attribute("rid", temp)) {
+ DEBUG(0,("Missing rid\n"));
+ return NULL; }
+ smbpw.user_rid = strtol(temp, NULL, 16);
+
+ if(ldap_get_attribute("acctFlags", temp))
+ smbpw.acct_ctrl = pwdb_decode_acct_ctrl(temp);
else
- {
- value=NULL;
+ smbpw.acct_ctrl = ACB_NORMAL;
+
+ if(ldap_get_attribute("lmPassword", temp)) {
+ pwdb_gethexpwd(temp, smblmpwd);
+ smbpw.smb_passwd = smblmpwd;
+ } else {
+ smbpw.smb_passwd = NULL;
+ smbpw.acct_ctrl |= ACB_DISABLED;
+ }
+
+ if(ldap_get_attribute("ntPassword", temp)) {
+ pwdb_gethexpwd(temp, smbntpwd);
+ smbpw.smb_nt_passwd = smbntpwd;
+ } else {
+ smbpw.smb_nt_passwd = NULL;
}
+
+ if(ldap_get_attribute("pwdLastSet", temp))
+ smbpw.pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ else
+ smbpw.pass_last_set_time = (time_t)(-1);
+
+ return &smbpw;
}
-/*******************************************************************
- check if the returned entry is a sambaAccount objectclass.
-******************************************************************/
-BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
+
+/************************************************************************
+ Adds a modification to a LDAPMod queue.
+ ************************************************************************/
+
+ void ldap_make_mod(LDAPMod ***modlist,int modop, char *attribute, char *value)
{
- BOOL sambaAccount=False;
- char **valeur;
+ LDAPMod **mods;
int i;
+ int j;
- DEBUG(2,("ldap_check_user: "));
- valeur=ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur!=NULL)
- {
- for (i=0;valeur[i]!=NULL;i++)
- {
- if (!strcmp(valeur[i],"sambaAccount")) sambaAccount=True;
+ DEBUG(3, ("set: [%s] = [%s]\n", attribute, value));
+
+ mods = *modlist;
+
+ if (mods == NULL) {
+ mods = (LDAPMod **)malloc(sizeof(LDAPMod *));
+ mods[0] = NULL;
+ }
+
+ for (i = 0; mods[i] != NULL; ++i) {
+ if (mods[i]->mod_op == modop &&
+ !strcasecmp(mods[i]->mod_type, attribute)) {
+ break;
}
}
- DEBUG(2,("%s\n",sambaAccount?"yes":"no"));
- ldap_value_free(valeur);
- return (sambaAccount);
-}
-
-/*******************************************************************
- check if the returned entry is a sambaMachine objectclass.
-******************************************************************/
-BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
-{
- BOOL sambaMachine=False;
- char **valeur;
- int i;
- DEBUG(2,("ldap_check_trust: "));
- valeur=ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur!=NULL)
- {
- for (i=0;valeur[i]!=NULL;i++)
- {
- if (!strcmp(valeur[i],"sambaMachine")) sambaMachine=True;
+ if (mods[i] == NULL) {
+ mods = (LDAPMod **)realloc(mods, (i+2) * sizeof(LDAPMod *));
+ mods[i] = (LDAPMod *)malloc(sizeof(LDAPMod));
+ mods[i]->mod_op = modop;
+ mods[i]->mod_values = NULL;
+ mods[i]->mod_type = strdup(attribute);
+ mods[i+1] = NULL;
+ }
+
+ if (value) {
+ j = 0;
+ if (mods[i]->mod_values) {
+ for (; mods[i]->mod_values[j]; j++);
}
- }
- DEBUG(2,("%s\n",sambaMachine?"yes":"no"));
- ldap_value_free(valeur);
- return (sambaMachine);
-}
+ mods[i]->mod_values = (char **)realloc(mods[i]->mod_values,
+ (j+2) * sizeof(char *));
+ mods[i]->mod_values[j] = strdup(value);
+ mods[i]->mod_values[j+1] = NULL;
+ }
-/*******************************************************************
- retrieve the user's info and contruct a smb_passwd structure.
-******************************************************************/
-static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
- struct sam_passwd *user)
-{
- static pstring user_name;
- static pstring fullname;
- static pstring home_dir;
- static pstring dir_drive;
- static pstring logon_script;
- static pstring profile_path;
- static pstring acct_desc;
- static pstring workstations;
- static pstring temp;
-
- bzero(user, sizeof(*user));
+ *modlist = mods;
+}
- user->logon_time = (time_t)-1;
- user->logoff_time = (time_t)-1;
- user->kickoff_time = (time_t)-1;
- user->pass_last_set_time = (time_t)-1;
- user->pass_can_change_time = (time_t)-1;
- user->pass_must_change_time = (time_t)-1;
- get_single_attribute(ldap_struct, entry, "logonTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+/************************************************************************
+ Queues the necessary modifications to save a smb_passwd structure
+ ************************************************************************/
- get_single_attribute(ldap_struct, entry, "logoffTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ void ldap_smbpwmods(struct smb_passwd *newpwd, LDAPMod ***mods, int operation)
+{
+ fstring temp;
+ int i;
- get_single_attribute(ldap_struct, entry, "kickoffTime", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ *mods = NULL;
+ if(operation == LDAP_MOD_ADD) { /* immutable attributes */
+ ldap_make_mod(mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "uid", newpwd->unix_name);
+ slprintf(temp, sizeof(temp)-1, "%d", newpwd->unix_uid);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "uidNumber", temp);
- get_single_attribute(ldap_struct, entry, "pwdCanChange", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "ntuid", newpwd->nt_name);
+ slprintf(temp, sizeof(temp)-1, "%x", newpwd->user_rid);
+ ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);
+ }
- get_single_attribute(ldap_struct, entry, "pwdMustChange", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ if (newpwd->smb_passwd) {
+ for( i = 0; i < 16; i++) {
+ slprintf(&temp[2*i], 3, "%02X", newpwd->smb_passwd[i]);
+ }
+ ldap_make_mod(mods, operation, "lmPassword", temp);
+ }
- get_single_attribute(ldap_struct, entry, "cn", user_name);
- user->smb_name = user_name;
+ if (newpwd->smb_nt_passwd) {
+ for( i = 0; i < 16; i++) {
+ slprintf(&temp[2*i], 3, "%02X", newpwd->smb_nt_passwd[i]);
+ }
+ ldap_make_mod(mods, operation, "ntPassword", temp);
+ }
- DEBUG(2,("ldap_get_sam_passwd: user: %s\n", user_name));
-
- get_single_attribute(ldap_struct, entry, "userFullName", fullname);
- user->full_name = fullname;
+ newpwd->pass_last_set_time = time(NULL);
+ slprintf(temp, sizeof(temp)-1, "%08X", newpwd->pass_last_set_time);
+ ldap_make_mod(mods, operation, "pwdLastSet", temp);
- get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir);
- user->home_dir = home_dir;
+ ldap_make_mod(mods, operation, "acctFlags",
+ pwdb_encode_acct_ctrl(newpwd->acct_ctrl,
+ NEW_PW_FORMAT_SPACE_PADDED_LEN));
+}
- get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive);
- user->dir_drive = dir_drive;
- get_single_attribute(ldap_struct, entry, "scriptPath", logon_script);
- user->logon_script = logon_script;
+/************************************************************************
+ Commit changes to a directory entry.
+ *************************************************************************/
+ BOOL ldap_makemods(char *attribute, char *value, LDAPMod **mods, BOOL add)
+{
+ pstring filter;
+ char *dn;
+ int entries;
+ int err = 0;
+ BOOL rc;
- get_single_attribute(ldap_struct, entry, "profilePath", profile_path);
- user->profile_path = profile_path;
+ slprintf(filter, sizeof(filter)-1, "%s=%s", attribute, value);
- get_single_attribute(ldap_struct, entry, "comment", acct_desc);
- user->acct_desc = acct_desc;
+ if (!ldap_connect())
+ return (False);
- get_single_attribute(ldap_struct, entry, "userWorkstations", workstations);
- user->workstations = workstations;
+ ldap_search_for(filter);
-
- user->unknown_str = NULL; /* don't know, yet! */
- user->munged_dial = NULL; /* "munged" dial-back telephone number */
-
- get_single_attribute(ldap_struct, entry, "userPassword", temp);
- nt_lm_owf_gen(temp, user->smb_nt_passwd, user->smb_passwd);
- bzero(temp, sizeof(temp)); /* destroy local copy of the password */
-
- get_single_attribute(ldap_struct, entry, "rid", temp);
- user->user_rid=atoi(temp);
-
- get_single_attribute(ldap_struct, entry, "primaryGroupID", temp);
- user->group_rid=atoi(temp);
-
- /* the smb (unix) ids are not stored: they are created */
- user->smb_userid = user_rid_to_uid (user->user_rid);
- user->smb_grpid = group_rid_to_uid(user->group_rid);
-
- get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
- user->acct_ctrl=atoi(temp);
-
- user->unknown_3 = 0xffffff; /* don't know */
- user->logon_divs = 168; /* hours per week */
- user->hours_len = 21; /* 21 times 8 bits = 168 */
- memset(user->hours, 0xff, user->hours_len); /* available at all hours */
- user->unknown_5 = 0x00020000; /* don't know */
- user->unknown_5 = 0x000004ec; /* don't know */
-
- if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
+ if (ldap_entry)
{
- DEBUG(0,("Inconsistency in the LDAP database\n"));
+ dn = ldap_get_dn(ldap_struct, ldap_entry);
+ err = ldap_modify_s(ldap_struct, dn, mods);
+ free(dn);
+ }
+ else if (add)
+ {
+ pstrcat(filter, ", ");
+ pstrcat(filter, lp_ldap_suffix());
+ err = ldap_add_s(ldap_struct, filter, mods);
}
- if (!(user->acct_ctrl & ACB_NORMAL))
+ if (err == LDAP_SUCCESS)
{
- DEBUG(0,("User's acct_ctrl bits not set to ACT_NORMAL in LDAP database\n"));
- return;
+ DEBUG(2,("Updated entry [%s]\n", value));
+ rc = True;
+ } else {
+ DEBUG(0,("update: %s\n", ldap_err2string(err)));
+ rc = False;
}
+ ldap_disconnect();
+ ldap_mods_free(mods, 1);
+ return rc;
}
-/*******************************************************************
- retrieve the user's info and contruct a smb_passwd structure.
-******************************************************************/
-static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
- struct smb_passwd *user)
-{
- static pstring user_name;
- static pstring user_pass;
- static pstring temp;
- static unsigned char smblmpwd[16];
- static unsigned char smbntpwd[16];
- user->smb_name = NULL;
- user->smb_passwd = NULL;
- user->smb_nt_passwd = NULL;
- user->smb_userid = 0;
- user->pass_last_set_time = (time_t)-1;
+/************************************************************************
+ Return next available RID, starting from 1000
+ ************************************************************************/
- get_single_attribute(ldap_struct, entry, "cn", user_name);
- DEBUG(2,("ldap_get_smb_passwd: user: %s\n",user_name));
-
- get_single_attribute(ldap_struct, entry, "userPassword", user_pass);
- nt_lm_owf_gen(user_pass, smbntpwd, smblmpwd);
- bzero(user_pass, sizeof(user_pass)); /* destroy local copy of the password */
-
- get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
- user->acct_ctrl=decode_acct_ctrl(temp);
+BOOL ldap_allocaterid(uint32 *rid)
+{
+ pstring newdn;
+ fstring rid_str;
+ LDAPMod **mods;
+ char *dn;
+ int err;
- get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
- user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+ DEBUG(2, ("Allocating new RID\n"));
- get_single_attribute(ldap_struct, entry, "rid", temp);
+ if (!ldap_connect())
+ return (False);
- /* the smb (unix) ids are not stored: they are created */
- user->smb_userid = user_rid_to_uid (atoi(temp));
+ ldap_search_for("(&(id=root)(objectClass=sambaConfig))");
- if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
- {
- DEBUG(0,("Inconsistency in the LDAP database\n"));
-
- }
- if (user->acct_ctrl & ACB_NORMAL)
+ if (ldap_entry && ldap_get_attribute("nextrid", rid_str))
+ *rid = strtol(rid_str, NULL, 16);
+ else
+ *rid = 1000;
+
+ mods = NULL;
+ if(!ldap_entry)
{
- user->smb_name = user_name;
- user->smb_passwd = smblmpwd;
- user->smb_nt_passwd = smbntpwd;
+ ldap_make_mod(&mods, LDAP_MOD_ADD, "objectClass",
+ "sambaConfig");
+ ldap_make_mod(&mods, LDAP_MOD_ADD, "id", "root");
}
-}
-/*******************************************************************
- retrieve the trust's info and contruct a smb_passwd structure.
-******************************************************************/
-static void ldap_get_trust(LDAP *ldap_struct,LDAPMessage *entry,
- struct smb_passwd *trust)
-{
- static pstring user_name;
- static unsigned char smbntpwd[16];
- static pstring temp;
-
- get_single_attribute(ldap_struct, entry, "cn", user_name);
- DEBUG(2,("ldap_get_trust: trust: %s\n", user_name));
-
- get_single_attribute(ldap_struct, entry, "trustPassword", temp);
- gethexpwd(temp,smbntpwd);
-
- get_single_attribute(ldap_struct, entry, "rid", temp);
+ slprintf(rid_str, sizeof(fstring)-1, "%x", (*rid) + 1);
+ ldap_make_mod(&mods, LDAP_MOD_REPLACE, "nextrid", rid_str);
- /* the smb (unix) ids are not stored: they are created */
- trust->smb_userid = user_rid_to_uid(atoi(temp));
+ if (ldap_entry)
+ {
+ dn = ldap_get_dn(ldap_struct, ldap_entry);
+ err = ldap_modify_s(ldap_struct, dn, mods);
+ free(dn);
+ } else {
+ pstrcpy(newdn, "id=root, ");
+ pstrcat(newdn, lp_ldap_suffix());
+ ldap_add_s(ldap_struct, newdn, mods);
+ }
- get_single_attribute(ldap_struct, entry, "trustAccountControl", temp);
- trust->acct_ctrl=decode_acct_ctrl(temp);
+ ldap_disconnect();
- if (trust->acct_ctrl == 0)
+ if(err != LDAP_SUCCESS)
{
- /* by default it's a workstation (or stand-alone server) */
- trust->acct_ctrl = ACB_WSTRUST;
+ DEBUG(0,("nextrid update: %s\n", ldap_err2string(err)));
+ return (False);
}
- trust->smb_name = user_name;
- trust->smb_passwd = NULL;
- trust->smb_nt_passwd = smbntpwd;
+ return (True);
}
-/************************************************************************
- Routine to add an entry to the ldap passwd file.
- do not call this function directly. use passdb.c instead.
+/***************************************************************
+ Begin/end account enumeration.
+ ****************************************************************/
-*************************************************************************/
-BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
+static void *ldap_enumfirst(BOOL update)
{
- return True;
-}
+ if (!ldap_connect())
+ return NULL;
-/************************************************************************
- Routine to search the ldap passwd file for an entry matching the username.
- and then modify its password entry. We can't use the startldappwent()/
- getldappwent()/endldappwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out password or NO PASS
+ ldap_search_for("objectclass=sambaAccount");
- do not call this function directly. use passdb.c instead.
+ return ldap_struct;
+}
-************************************************************************/
-BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
+static void ldap_enumclose(void *vp)
{
- return False;
+ ldap_disconnect();
}
-/***************************************************************
- Start to enumerate the ldap passwd list. Returns a void pointer
- to ensure no modification outside this module.
- do not call this function directly. use passdb.c instead.
+/*************************************************************************
+ Save/restore the current position in a query
+ *************************************************************************/
- ****************************************************************/
+static SMB_BIG_UINT ldap_getdbpos(void *vp)
+{
+ return (SMB_BIG_UINT)((ulong)ldap_entry);
+}
-struct ldap_enum_info
+static BOOL ldap_setdbpos(void *vp, SMB_BIG_UINT tok)
{
- LDAP *ldap_struct;
- LDAPMessage *result;
- LDAPMessage *entry;
-};
+ ldap_entry = (LDAPMessage *)((ulong)tok);
+ return (True);
+}
-static struct ldap_enum_info ldap_ent;
-void *startldappwent(BOOL update)
-{
- int scope = LDAP_SCOPE_ONELEVEL;
- int rc;
+/*************************************************************************
+ Return smb_passwd information.
+ *************************************************************************/
- char filter[256];
+static struct smb_passwd *ldap_getpwbynam(const char *name)
+{
+ struct smb_passwd *ret;
- if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */
+ if(!ldap_connect())
return NULL;
- if (!ldap_connect_system(ldap_ent.ldap_struct)) /* connect as system account */
- return NULL;
+ ldap_search_by_name(name);
+ ret = ldap_getpw();
- /* when the class is known the search is much faster */
- switch (0)
- {
- case 1:
- {
- strcpy(filter, "objectclass=sambaAccount");
- break;
- }
- case 2:
- {
- strcpy(filter, "objectclass=sambaMachine");
- break;
- }
- default:
- {
- strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
- break;
- }
- }
+ ldap_disconnect();
+ return ret;
+}
- rc=ldap_search_s(ldap_ent.ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &ldap_ent.result);
+static struct smb_passwd *ldap_getpwbyuid(uid_t userid)
+{
+ struct smb_passwd *ret;
- DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_ent.ldap_struct, ldap_ent.result) ));
+ if(!ldap_connect())
+ return NULL;
- ldap_ent.entry = ldap_first_entry(ldap_ent.ldap_struct, ldap_ent.result);
+ ldap_search_by_uid(userid);
+ ret = ldap_getpw();
- return &ldap_ent;
+ ldap_disconnect();
+ return ret;
}
-/*************************************************************************
- Routine to return the next entry in the ldap passwd list.
-
- do not call this function directly. use passdb.c instead.
-
- *************************************************************************/
-struct smb_passwd *getldappwent(void *vp)
+static struct smb_passwd *ldap_getcurrentpw(void *vp)
{
+ struct smb_passwd *ret;
- struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp;
- ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry);
-/*
- make_ldap_sam_user_info_21(ldap_struct, entry, &(pw_buf[(*num_entries)]) );
-*/
- return NULL;
+ ret = ldap_getpw();
+ ldap_entry = ldap_next_entry(ldap_struct, ldap_entry);
+ return ret;
}
-/***************************************************************
- End enumeration of the ldap passwd list.
-
- do not call this function directly. use passdb.c instead.
-****************************************************************/
-void endldappwent(void *vp)
+/************************************************************************
+ Modify user information given an smb_passwd struct.
+ *************************************************************************/
+static BOOL ldap_addpw(struct smb_passwd *newpwd)
{
- struct ldap_enum_info *ldap_vp = (struct ldap_enum_info *)vp;
- ldap_msgfree(ldap_vp->result);
- ldap_unbind(ldap_vp->ldap_struct);
-}
+ LDAPMod **mods;
-/*************************************************************************
- Return the current position in the ldap passwd list as an unsigned long.
- This must be treated as an opaque token.
+ if (!newpwd || !ldap_allocaterid(&newpwd->user_rid))
+ return (False);
- do not call this function directly. use passdb.c instead.
+ ldap_smbpwmods(newpwd, &mods, LDAP_MOD_ADD);
+ return ldap_makemods("uid", newpwd->unix_name, mods, True);
+}
-*************************************************************************/
-unsigned long getldappwpos(void *vp)
+static BOOL ldap_modpw(struct smb_passwd *pwd, BOOL override)
{
- return 0;
+ LDAPMod **mods;
+
+ if (!pwd)
+ return (False);
+
+ ldap_smbpwmods(pwd, &mods, LDAP_MOD_REPLACE);
+ return ldap_makemods("uid", pwd->unix_name, mods, False);
}
-/*************************************************************************
- Set the current position in the ldap passwd list from unsigned long.
- This must be treated as an opaque token.
- do not call this function directly. use passdb.c instead.
+static struct smb_passdb_ops ldap_ops =
+{
+ ldap_enumfirst,
+ ldap_enumclose,
+ ldap_getdbpos,
+ ldap_setdbpos,
+
+ ldap_getpwbynam,
+ ldap_getpwbyuid,
+ ldap_getcurrentpw,
+ ldap_addpw,
+ ldap_modpw
+};
-*************************************************************************/
-BOOL setldappwpos(void *vp, unsigned long tok)
+struct smb_passdb_ops *ldap_initialise_password_db(void)
{
- return False;
+ FILE *pwdfile;
+ char *pwdfilename;
+ char *p;
+
+ pwdfilename = lp_ldap_passwd_file();
+
+ if(pwdfilename[0]) {
+ if(pwdfile = sys_fopen(pwdfilename, "r")) {
+ fgets(ldap_secret, sizeof(ldap_secret), pwdfile);
+ if(p = strchr(ldap_secret, '\n'))
+ *p = 0;
+ fclose(pwdfile);
+ } else {
+ DEBUG(0,("Failed to open LDAP passwd file\n"));
+ }
+ }
+
+ return &ldap_ops;
}
+#else
+ void ldap_dummy_function(void);
+ void ldap_dummy_function(void) { } /* stop some compilers complaining */
#endif
git.samba.org / samba.git / blobdiff