/*
- Unix SMB/CIFS mplementation.
+ Unix SMB/CIFS Implementation.
NDS LDAP helper functions for SAMBA
Copyright (C) Vince Brimhall 2004-2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "passdb.h"
#include <lber.h>
#include <ldap.h>
-#include <wchar.h>
#include "smbldap.h"
+#include "passdb/pdb_ldap.h"
+#include "passdb/pdb_nds.h"
#define NMASLDAP_GET_LOGIN_CONFIG_REQUEST "2.16.840.1.113719.1.39.42.100.3"
#define NMASLDAP_GET_LOGIN_CONFIG_RESPONSE "2.16.840.1.113719.1.39.42.100.4"
err = (ber_printf(requestBer, "}}", 0) < 0) ? LDAP_ENCODING_ERROR : 0;
}
- if(putData)
- {
+ if (!err) {
+ if (putData) {
/* BER Encode the the tag and data */
- err = (ber_printf(requestBer, "oio}", utf8TagPtr, utf8TagSize, putDataLen, putData, putDataLen) < 0) ? LDAP_ENCODING_ERROR : 0;
- }
- else
- {
+ err = (ber_printf(requestBer, "oio}", utf8TagPtr,
+ utf8TagSize, putDataLen, putData,
+ putDataLen) < 0)
+ ? LDAP_ENCODING_ERROR : 0;
+ } else {
/* BER Encode the the tag */
- err = (ber_printf(requestBer, "o}", utf8TagPtr, utf8TagSize) < 0) ? LDAP_ENCODING_ERROR : 0;
+ err = (ber_printf(requestBer, "o}", utf8TagPtr,
+ utf8TagSize) < 0)
+ ? LDAP_ENCODING_ERROR : 0;
+ }
}
if (err)
if(retData)
{
retOctStrLen = *retDataLen + 1;
- retOctStr = SMB_MALLOC(retOctStrLen);
+ retOctStr = SMB_MALLOC_ARRAY(char, retOctStrLen);
if(!retOctStr)
{
err = LDAP_OPERATIONS_ERROR;
size_t pwdBufLen, bufferLen;
bufferLen = pwdBufLen = pwdLen+2;
- pwdBuf = SMB_MALLOC(pwdBufLen); /* digest and null */
+ pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen); /* digest and null */
if(pwdBuf == NULL)
{
return LDAP_NO_MEMORY;
}
bufferLen = pwdBufLen = *pwdSize;
- pwdBuf = SMB_MALLOC(pwdBufLen+2);
+ pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen+2);
if(pwdBuf == NULL)
{
return LDAP_NO_MEMORY;
size_t *pwd_len,
char *pwd )
{
- LDAP *ld = ldap_state->ldap_struct;
+ LDAP *ld = smbldap_get_ldap(ldap_state);
int rc = -1;
rc = nmasldap_get_password(ld, object_dn, pwd_len, (unsigned char *)pwd);
char *object_dn,
const char *pwd )
{
- LDAP *ld = ldap_state->ldap_struct;
+ LDAP *ld = smbldap_get_ldap(ldap_state);
int rc = -1;
LDAPMod **tmpmods = NULL;
*********************************************************************/
static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
- struct samu *sam_acct, BOOL success)
+ struct samu *sam_acct, bool success)
{
struct ldapsam_privates *ldap_state;
char clear_text_pw[512];
LDAP *ld = NULL;
const char *username = pdb_get_username(sam_acct);
- BOOL got_clear_text_pw = False;
+ bool got_clear_text_pw = False;
DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
success ? "Successful" : "Failed", username));
- result = pdb_get_backend_private_data(sam_acct, methods);
+ result = (LDAPMessage *)pdb_get_backend_private_data(sam_acct, methods);
if (!result) {
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
}
pdb_set_backend_private_data(sam_acct, result, NULL,
methods, PDB_CHANGED);
- talloc_autofree_ldapmsg(sam_acct, result);
+ smbldap_talloc_autofree_ldapmsg(sam_acct, result);
}
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
+ if (ldap_count_entries(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ result) == 0) {
DEBUG(0, ("pdb_nds_update_login_attempts: No user to modify!\n"));
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state), result);
+ dn = smbldap_talloc_dn(talloc_tos(),
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ entry);
if (!dn) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
got_clear_text_pw = True;
}
} else {
- generate_random_buffer((unsigned char *)clear_text_pw, 24);
+ /* This is a long term key */
+ generate_secret_buffer((unsigned char *)clear_text_pw, 24);
clear_text_pw[24] = '\0';
DEBUG(5,("pdb_nds_update_login_attempts: using random password %s\n", clear_text_pw));
}
if((success != True) || (got_clear_text_pw == True)) {
- rc = smb_ldap_setup_full_conn(&ld, ldap_state->location);
+ rc = smbldap_setup_full_conn(&ld, ldap_state->location);
if (rc) {
+ TALLOC_FREE(dn);
return NT_STATUS_INVALID_CONNECTION;
}
/* Attempt simple bind with real or bogus password */
rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+ ldap_unbind(ld);
if (rc == LDAP_SUCCESS) {
DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n", username));
- ldap_unbind_ext(ld, NULL, NULL);
} else {
NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
DEBUG(5,("pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n", username));
return nt_status;
}
}
+ TALLOC_FREE(dn);
}
return NT_STATUS_OK;
static NTSTATUS pdb_init_NDS_ldapsam_common(struct pdb_methods **pdb_method, const char *location)
{
- struct ldapsam_privates *ldap_state = (*pdb_method)->private_data;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)((*pdb_method)->private_data);
/* Mark this as eDirectory ldap */
ldap_state->is_nds_ldap = True;
return NT_STATUS_OK;
}
-
-/**********************************************************************
- Initialise the 'nds compat' mode for pdb_ldap
- *********************************************************************/
-
-static NTSTATUS pdb_init_NDS_ldapsam_compat(struct pdb_methods **pdb_method, const char *location)
-{
- NTSTATUS nt_status = pdb_init_ldapsam_compat(pdb_method, location);
-
- (*pdb_method)->name = "NDS_ldapsam_compat";
-
- pdb_init_NDS_ldapsam_common(pdb_method, location);
-
- return nt_status;
-}
-
-
/**********************************************************************
Initialise the 'nds' normal mode for pdb_ldap
*********************************************************************/
static NTSTATUS pdb_init_NDS_ldapsam(struct pdb_methods **pdb_method, const char *location)
{
- NTSTATUS nt_status = pdb_init_ldapsam(pdb_method, location);
+ NTSTATUS nt_status = pdb_ldapsam_init_common(pdb_method, location);
(*pdb_method)->name = "NDS_ldapsam";
return nt_status;
}
-NTSTATUS pdb_nds_init(void)
+NTSTATUS pdb_nds_init(TALLOC_CTX *ctx)
{
NTSTATUS nt_status;
if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "NDS_ldapsam", pdb_init_NDS_ldapsam)))
return nt_status;
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "NDS_ldapsam_compat", pdb_init_NDS_ldapsam_compat)))
- return nt_status;
-
return NT_STATUS_OK;
}
git.samba.org / bbaumbach / samba-autobuild / .git / blobdiff