*/
#include "includes.h"
+#include "ads.h"
#include "libads/sitename_cache.h"
+#include "libads/cldap.h"
+#include "libads/dns.h"
+#include "../libds/common/flags.h"
+#include "smbldap.h"
+#include "../libcli/security/security.h"
#ifdef HAVE_LDAP
gotalarm = 1;
}
- LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to)
+ LDAP *ldap_open_with_timeout(const char *server,
+ struct sockaddr_storage *ss,
+ int port, unsigned int to)
{
LDAP *ldp = NULL;
-
DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout "
"%u seconds\n", server, port, to));
+#if defined(HAVE_LDAP_INIT_FD) && defined(SOCKET_WRAPPER)
+ /* Only use this private LDAP function if we are in make test,
+ * as this is the best way to get the emulated TCP socket into
+ * OpenLDAP */
+ if (socket_wrapper_dir() != NULL) {
+ int fd, ldap_err;
+ NTSTATUS status;
+ char *uri;
+
+ status = open_socket_out(ss, port, to, &fd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+
+#ifndef LDAP_PROTO_TCP
+#define LDAP_PROTO_TCP 1
+#endif
+ uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port);
+ if (uri == NULL) {
+ return NULL;
+ }
+ ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp);
+ talloc_free(uri);
+
+ if (ldap_err != LDAP_SUCCESS) {
+ return NULL;
+ }
+ return ldp;
+ }
+#endif
+
/* Setup timeout */
gotalarm = 0;
CatchSignal(SIGALRM, gotalarm_sig);
*/
static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
{
- char *srv;
struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
TALLOC_CTX *frame = talloc_stackframe();
bool ret = false;
+ struct sockaddr_storage ss;
+ char addr[INET6_ADDRSTRLEN];
if (!server || !*server) {
TALLOC_FREE(frame);
return False;
}
- if (!is_ipaddress(server)) {
- struct sockaddr_storage ss;
- char addr[INET6_ADDRSTRLEN];
-
- if (!resolve_name(server, &ss, 0x20, true)) {
- DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
- server ));
- TALLOC_FREE(frame);
- return false;
- }
- print_sockaddr(addr, sizeof(addr), &ss);
- srv = talloc_strdup(frame, addr);
- } else {
- /* this copes with inet_ntoa brokenness */
- srv = talloc_strdup(frame, server);
- }
-
- if (!srv) {
+ if (!resolve_name(server, &ss, 0x20, true)) {
+ DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
+ server ));
TALLOC_FREE(frame);
return false;
}
+ print_sockaddr(addr, sizeof(addr), &ss);
DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
- srv, ads->server.realm));
+ addr, ads->server.realm));
ZERO_STRUCT( cldap_reply );
- if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
- DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
+ if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
+ DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
ret = false;
goto out;
}
if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
- srv));
+ addr));
ret = false;
goto out;
}
ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
- if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
- DEBUG(1,("ads_try_connect: unable to convert %s "
- "to an address\n",
- srv));
- ret = false;
- goto out;
- }
+ ads->ldap.ss = ss;
/* Store our site name. */
sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
}
if ( !c_realm || !*c_realm ) {
- DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n"));
+ DEBUG(1, ("ads_find_dc: no realm or workgroup! Don't know "
+ "what to do\n"));
return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
}
TALLOC_CTX *frame = talloc_stackframe();
struct dns_rr_srv *gcs_list;
int num_gcs;
- char *realm = ads->server.realm;
+ const char *realm = ads->server.realm;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
int i;
char addr[INET6_ADDRSTRLEN];
ZERO_STRUCT(ads->ldap);
- ads->ldap.last_attempt = time(NULL);
+ ads->ldap.last_attempt = time_mono(NULL);
ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
/* try with a user specified server */
/* Must use the userPrincipalName value here or sAMAccountName
and not servicePrincipalName; found by Guenther Deschner */
- if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) {
+ if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) {
DEBUG(0,("ads_connect: asprintf fail.\n"));
ads->auth.user_name = NULL;
}
ads->auth.kdc_server = SMB_STRDUP(addr);
}
-#if KRB5_DNS_HACK
- /* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
- to MIT kerberos to work (tridge) */
- {
- char *env = NULL;
- if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) {
- setenv(env, ads->auth.kdc_server, 1);
- free(env);
- }
- }
-#endif
-
/* If the caller() requested no LDAP bind, then we are done */
if (ads->auth.flags & ADS_AUTH_NO_BIND) {
/* Otherwise setup the TCP LDAP session */
ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
+ &ads->ldap.ss,
ads->ldap.port, lp_ldap_timeout());
if (ads->ldap.ld == NULL) {
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
if (!in_val) return NULL;
- value = TALLOC_ZERO_P(ctx, struct berval);
+ value = talloc_zero(ctx, struct berval);
if (value == NULL)
return NULL;
if (in_val->bv_len == 0) return value;
value->bv_len = in_val->bv_len;
- value->bv_val = (char *)TALLOC_MEMDUP(ctx, in_val->bv_val,
+ value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val,
in_val->bv_len);
return value;
}
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1);
+ values = talloc_zero_array(ctx, struct berval *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+ values = talloc_zero_array(ctx, char *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+ values = talloc_zero_array(ctx, char *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0);
}
ber_flatten(cookie_be, &cookie_bv);
- PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID);
+ PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID);
PagedResults.ldctl_iscritical = (char) 1;
PagedResults.ldctl_value.bv_len = cookie_bv->bv_len;
PagedResults.ldctl_value.bv_val = cookie_bv->bv_val;
- NoReferrals.ldctl_oid = CONST_DISCARD(char *, ADS_NO_REFERRALS_OID);
+ NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID);
NoReferrals.ldctl_iscritical = (char) 0;
NoReferrals.ldctl_value.bv_len = 0;
- NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, "");
+ NoReferrals.ldctl_value.bv_val = discard_const_p(char, "");
if (external_control &&
(strequal(external_control->control, ADS_EXTENDED_DN_OID) ||
strequal(external_control->control, ADS_SD_FLAGS_OID))) {
- ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control);
+ ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control);
ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
/* win2k does not accept a ldctl_value beeing passed in */
#define ADS_MODLIST_ALLOC_SIZE 10
LDAPMod **mods;
- if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
+ if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
/* -1 is safety to make sure we don't go over the end.
need to reset it to NULL before doing ldap modify */
mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
curmod++);
if (modlist[curmod] == (LDAPMod *) -1) {
- if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *,
+ if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *,
curmod+ADS_MODLIST_ALLOC_SIZE+1)))
return ADS_ERROR(LDAP_NO_MEMORY);
memset(&modlist[curmod], 0,
*mods = (ADS_MODLIST)modlist;
}
- if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod)))
+ if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod)))
return ADS_ERROR(LDAP_NO_MEMORY);
modlist[curmod]->mod_type = talloc_strdup(ctx, name);
if (mod_op & LDAP_MOD_BVALUES) {
non-existent attribute (but allowable for the object) to run
*/
LDAPControl PermitModify = {
- CONST_DISCARD(char *, ADS_PERMIT_MODIFY_OID),
+ discard_const_p(char, ADS_PERMIT_MODIFY_OID),
{0, NULL},
(char) 1};
LDAPControl *controls[2];
if (!org_unit || !*org_unit) {
- ret = ads_default_ou_string(ads, WELL_KNOWN_GUID_COMPUTERS);
+ ret = ads_default_ou_string(ads, DS_GUID_COMPUTERS_CONTAINER);
/* samba4 might not yet respond to a wellknownobject-query */
return ret ? ret : SMB_STRDUP("cn=Computers");
{
int i;
for (i=0; values[i]; i++) {
+ NTSTATUS status;
+ DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len);
+ struct GUID guid;
- UUID_FLAT guid;
- struct GUID tmp;
-
- memcpy(guid.info, values[i]->bv_val, sizeof(guid.info));
- smb_uuid_unpack(guid, &tmp);
- printf("%s: %s\n", field, GUID_string(talloc_tos(), &tmp));
+ status = GUID_from_ndr_blob(&in, &guid);
+ if (NT_STATUS_IS_OK(status)) {
+ printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid));
+ } else {
+ printf("%s: INVALID GUID\n", field);
+ }
}
}
{
int i;
for (i=0; values[i]; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
fstring tmp;
- sid_parse(values[i]->bv_val, values[i]->bv_len, &sid);
+ if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+ return;
+ }
printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
}
}
}
for (i=0; handlers[i].name; i++) {
- if (StrCaseCmp(handlers[i].name, field) == 0) {
+ if (strcasecmp_m(handlers[i].name, field) == 0) {
if (!values) /* first time, indicate string or not */
return handlers[i].string;
handlers[i].handler(ads, field, (struct berval **) values);
*num_values = ldap_count_values(values);
- ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1);
+ ret = talloc_array(mem_ctx, char *, *num_values + 1);
if (!ret) {
ldap_value_free(values);
return NULL;
return NULL;
}
- strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *,
+ strings = talloc_realloc(mem_ctx, current_strings, char *,
*num_strings + num_new_strings);
if (strings == NULL) {
**/
bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid)
{
- char **values;
- UUID_FLAT flat_guid;
-
- values = ldap_get_values(ads->ldap.ld, msg, "objectGUID");
- if (!values)
- return False;
+ DATA_BLOB blob;
+ NTSTATUS status;
- if (values[0]) {
- memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT));
- smb_uuid_unpack(flat_guid, guid);
- ldap_value_free(values);
- return True;
+ if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID",
+ &blob)) {
+ return false;
}
- ldap_value_free(values);
- return False;
+ status = GUID_from_ndr_blob(&blob, guid);
+ talloc_free(blob.data);
+ return NT_STATUS_IS_OK(status);
}
/**
- * pull a single DOM_SID from a ADS result
+ * pull a single struct dom_sid from a ADS result
* @param ads connection to ads server
* @param msg Results of search
* @param field Attribute to retrieve
* @return boolean inidicating success
*/
bool ads_pull_sid(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
return smbldap_pull_sid(ads->ldap.ld, msg, field, sid);
}
/**
- * pull an array of DOM_SIDs from a ADS result
+ * pull an array of struct dom_sids from a ADS result
* @param ads connection to ads server
* @param mem_ctx TALLOC_CTX for allocating sid array
* @param msg Results of search
* @return the count of SIDs pulled
**/
int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
- LDAPMessage *msg, const char *field, DOM_SID **sids)
+ LDAPMessage *msg, const char *field, struct dom_sid **sids)
{
struct berval **values;
bool ret;
/* nop */ ;
if (i) {
- (*sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, i);
+ (*sids) = talloc_array(mem_ctx, struct dom_sid, i);
if (!(*sids)) {
ldap_value_free_len(values);
return 0;
if (ads->config.current_time != 0) {
ads->auth.time_offset = ads->config.current_time - time(NULL);
- DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
+ DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset));
}
ads_msgfree(ads, res);
* @param sid Pointer to domain sid
* @return status of search
**/
-ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, DOM_SID *sid)
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid)
{
const char *attrs[] = {"objectSid", NULL};
LDAPMessage *res;
/**
- * pull a DOM_SID from an extended dn string
+ * pull a struct dom_sid from an extended dn string
* @param mem_ctx TALLOC_CTX
* @param extended_dn string
* @param flags string type of extended_dn
- * @param sid pointer to a DOM_SID
+ * @param sid pointer to a struct dom_sid
* @return NT_STATUS_OK on success,
* NT_INVALID_PARAMETER on error,
* NT_STATUS_NOT_FOUND if no SID present
ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
const char *extended_dn,
enum ads_extended_dn_flags flags,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
char *p, *q, *dn;
}
/**
- * pull an array of DOM_SIDs from a ADS result
+ * pull an array of struct dom_sids from a ADS result
* @param ads connection to ads server
* @param mem_ctx TALLOC_CTX for allocating sid array
* @param msg Results of search
LDAPMessage *msg,
const char *field,
enum ads_extended_dn_flags flags,
- DOM_SID **sids)
+ struct dom_sid **sids)
{
int i;
ADS_STATUS rc;
return 0;
}
- (*sids) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, dn_count + 1);
+ (*sids) = talloc_zero_array(mem_ctx, struct dom_sid, dn_count + 1);
if (!(*sids)) {
TALLOC_FREE(dn_strings);
return 0;
int count = 0;
char *name = NULL;
- status = ads_find_machine_acct(ads, &res, global_myname());
+ status = ads_find_machine_acct(ads, &res, lp_netbios_name());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
status = ads_find_machine_acct(ads, &res, machine_name);
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_upn: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
int count = 0;
char *name = NULL;
- status = ads_find_machine_acct(ads, &res, global_myname());
+ status = ads_find_machine_acct(ads, &res, lp_netbios_name());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
pldap_control[0] = &ldap_control;
memset(&ldap_control, 0, sizeof(LDAPControl));
- ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID;
+ ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID);
/* hostname must be lowercase */
host = SMB_STRDUP(hostname);
}
hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg);
+ if (hostnameDN == NULL) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(ENOENT);
+ }
rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL);
if (rc) {
* @param ads connection to ads server
* @param mem_ctx TALLOC_CTX for allocating sid array
* @param dn of LDAP object
- * @param user_sid pointer to DOM_SID (objectSid)
- * @param primary_group_sid pointer to DOM_SID (self composed)
+ * @param user_sid pointer to struct dom_sid (objectSid)
+ * @param primary_group_sid pointer to struct dom_sid (self composed)
* @param sids pointer to sid array to allocate
* @param num_sids counter of SIDs pulled
* @return status of token query
ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *dn,
- DOM_SID *user_sid,
- DOM_SID *primary_group_sid,
- DOM_SID **sids,
+ struct dom_sid *user_sid,
+ struct dom_sid *primary_group_sid,
+ struct dom_sid **sids,
size_t *num_sids)
{
ADS_STATUS status;
LDAPMessage *res = NULL;
int count = 0;
size_t tmp_num_sids;
- DOM_SID *tmp_sids;
- DOM_SID tmp_user_sid;
- DOM_SID tmp_primary_group_sid;
+ struct dom_sid *tmp_sids;
+ struct dom_sid tmp_user_sid;
+ struct dom_sid tmp_primary_group_sid;
uint32 pgid;
const char *attrs[] = {
"objectSid",
/* hack to compose the primary group sid without knowing the
* domsid */
- DOM_SID domsid;
- uint32 dummy_rid;
+ struct dom_sid domsid;
sid_copy(&domsid, &tmp_user_sid);
- if (!sid_split_rid(&domsid, &dummy_rid)) {
+ if (!sid_split_rid(&domsid, NULL)) {
ads_msgfree(ads, res);
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}