{ LDAP_ATTR_LIST_END, NULL }
};
-/* attributes used for account policies */
-
-ATTRIB_MAP_ENTRY acctpol_attr_list[] = {
- { LDAP_ATTR_OBJCLASS, "objectClass" },
- { LDAP_ATTR_ACCOUNT_POLICY_NAME,"sambaAccountPolicyName" },
- { LDAP_ATTR_ACCOUNT_POLICY_VAL, "sambaAccountPolicyValue" },
- { LDAP_ATTR_LIST_END, NULL },
-};
-
/**********************************************************************
perform a simple table lookup and return the attribute name
**********************************************************************/
Return the list of attribute names from a mapping table
**********************************************************************/
- char** get_attr_list( ATTRIB_MAP_ENTRY table[] )
+ const char** get_attr_list( ATTRIB_MAP_ENTRY table[] )
{
- char **names;
+ const char **names;
int i = 0;
while ( table[i].attrib != LDAP_ATTR_LIST_END )
i++;
i++;
- names = SMB_MALLOC_ARRAY( char*, i );
+ names = SMB_MALLOC_ARRAY( const char*, i );
if ( !names ) {
DEBUG(0,("get_attr_list: out of memory\n"));
return NULL;
Cleanup
********************************************************************/
- void free_attr_list( char **list )
+ void free_attr_list( const char **list )
{
int i = 0;
*********************************************************************/
static int smbldap_open(struct smbldap_state *ldap_state)
{
- int rc;
- SMB_ASSERT(ldap_state);
+ int rc, opt_rc;
+ BOOL reopen = False;
+ SMB_ASSERT(ldap_state);
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
}
#endif
- if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) {
+ if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) {
+
struct sockaddr_un addr;
socklen_t len = sizeof(addr);
int sd;
- if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
+
+ opt_rc = ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd);
+ if (opt_rc == 0 && (getpeername(sd, (struct sockaddr *) &addr, &len)) < 0 )
+ reopen = True;
+
+#ifdef HAVE_UNIXSOCKET
+ if (opt_rc == 0 && addr.sun_family == AF_UNIX)
+ reopen = True;
+#endif
+ if (reopen) {
/* the other end has died. reopen. */
ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
ldap_state->ldap_struct = NULL;
if (*rc != LDAP_SERVER_DOWN)
goto no_next;
- now = time(NULL);
-
if (now >= endtime) {
smbldap_close(ldap_state);
*rc = LDAP_TIMEOUT;
*attempts += 1;
- smbldap_close(ldap_state);
open_rc = smbldap_open(ldap_state);
if (open_rc == LDAP_SUCCESS) {
int smbldap_search(struct smbldap_state *ldap_state,
const char *base, int scope, const char *filter,
- char *attrs[], int attrsonly,
+ const char *attrs[], int attrsonly,
LDAPMessage **res)
{
int rc = LDAP_SERVER_DOWN;
while (another_ldap_try(ldap_state, &rc, &attempts, endtime))
rc = ldap_search_s(ldap_state->ldap_struct, base, scope,
- utf8_filter, attrs, attrsonly, res);
+ utf8_filter,
+ CONST_DISCARD(char **, attrs),
+ attrsonly, res);
SAFE_FREE(utf8_filter);
return rc;
run the search by name.
******************************************************************/
int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter,
- char **search_attr, LDAPMessage ** result)
+ const char **search_attr, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
return NT_STATUS_OK;
}
-/**********************************************************************
- Add the account-policies below the sambaDomain object to LDAP,
-*********************************************************************/
-static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state,
- const char *domain_name)
-{
- NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- int i, ldap_op, policy_default, rc;
- const char *policy_string = NULL;
- const char *policy_comment = NULL;
- pstring dn;
- fstring policy_default_str;
-
- DEBUG(3,("Adding new account policies for domain\n"));
- ldap_op = LDAP_MOD_ADD;
-
- for (i=1; decode_account_policy_name(i) != NULL; i++) {
- LDAPMod **mods = NULL;
-
- policy_string = decode_account_policy_name(i);
- if (!policy_string) {
- DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n"));
- return ntstatus;
- }
-
- policy_comment = account_policy_get_comment(i);
- if (!policy_comment) {
- DEBUG(0,("add_new_domain_account_policies: no description for policy found\n"));
- return ntstatus;
- }
-
- if (!account_policy_get_default(i, &policy_default)) {
- DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n"));
- return ntstatus;
- }
-
- slprintf(policy_default_str, sizeof(policy_default_str) - 1, "%i", policy_default);
-
- pstr_sprintf(dn, "%s=%s,%s=%s,%s",
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string,
- get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(),
- lp_ldap_suffix());
-
- smbldap_set_mod( &mods, ldap_op, "objectClass", LDAP_OBJ_ACCOUNT_POLICY );
-
- smbldap_set_mod( &mods, ldap_op,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME),
- policy_string);
-
- smbldap_set_mod( &mods, ldap_op,
- get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL),
- policy_default_str);
-
- smbldap_set_mod( &mods, ldap_op, "description", policy_comment);
-
- rc = smbldap_add(ldap_state, dn, mods);
-
- if (rc!=LDAP_SUCCESS) {
- char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
- DEBUG(1,("failed to add account policy dn= %s with: %s\n\t%s\n",
- dn, ldap_err2string(rc),
- ld_error?ld_error:"unknown"));
- SAFE_FREE(ld_error);
-
- ldap_mods_free(mods, True);
- return ntstatus;
- }
-
- DEBUG(2,("added: domain account policy = [%s] in the LDAP database\n", policy_string));
- ldap_mods_free(mods, True);
- }
-
- return NT_STATUS_OK;
-}
-
/**********************************************************************
Add the sambaDomain to LDAP, so we don't have to search for this stuff
again. This is a once-add operation for now.
int ldap_op;
LDAPMessage *result = NULL;
int num_result;
- char **attr_list;
+ const char **attr_list;
uid_t u_low, u_high;
gid_t g_low, g_high;
uint32 rid_low, rid_high;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
pstring filter;
int rc;
- char **attr_list;
+ const char **attr_list;
int count;
pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
DEBUG(3, ("Got no domain info entries for domain\n"));
ldap_msgfree(*result);
*result = NULL;
- if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))
- && NT_STATUS_IS_OK(ret = add_new_domain_account_policies(ldap_state, domain_name))) {
+ if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
return smbldap_search_domain_info(ldap_state, result, domain_name, False);
}
else {
}
rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE,
- "(objectclass=*)", attrs, 0 , &msg);
+ "(objectclass=*)", CONST_DISCARD(char **, attrs),
+ 0 , &msg);
if (rc != LDAP_SUCCESS) {
DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));