This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
Search an attribute and return the first value found.
******************************************************************/
- BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
+ bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
const char *attribute, char *value,
int max_len)
{
return True;
}
- BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry,
- const char *attribute, pstring value)
-{
- return smbldap_get_single_attribute(ldap_struct, entry,
- attribute, value,
- sizeof(pstring));
-}
-
char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
const char *attribute,
TALLOC_CTX *mem_ctx)
{
char **values;
char *result;
+ size_t converted_size;
if (attribute == NULL) {
return NULL;
return NULL;
}
- if (pull_utf8_talloc(mem_ctx, &result, values[0]) == (size_t)-1) {
+ if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
DEBUG(10, ("pull_utf8_talloc failed\n"));
ldap_value_free(values);
return NULL;
return result;
}
+ char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+ const char *attribute,
+ TALLOC_CTX *mem_ctx)
+{
+ char **values;
+ char *result;
+ size_t converted_size;
+ int i, num_values;
+
+ if (attribute == NULL) {
+ return NULL;
+ }
+
+ values = ldap_get_values(ldap_struct, entry, attribute);
+
+ if (values == NULL) {
+ DEBUG(10, ("attribute %s does not exist\n", attribute));
+ return NULL;
+ }
+
+ if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ num_values = ldap_count_values(values);
+
+ for (i=1; i<num_values; i++) {
+ char *tmp;
+
+ if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
+ &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ TALLOC_FREE(result);
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ if (StrCaseCmp(tmp, result) < 0) {
+ TALLOC_FREE(result);
+ result = tmp;
+ } else {
+ TALLOC_FREE(tmp);
+ }
+ }
+
+ ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+ DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
+ attribute, result));
+#endif
+ return result;
+}
+
+ bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib,
+ struct dom_sid *sid)
+{
+ struct berval **values;
+ bool ret = False;
+
+ values = ldap_get_values_len(ld, msg, attrib);
+
+ if (!values) {
+ return false;
+ }
+
+ if (values[0] != NULL) {
+ ret = sid_parse(values[0]->bv_val, values[0]->bv_len, sid);
+ }
+
+ ldap_value_free_len(values);
+ return ret;
+}
+
static int ldapmsg_destructor(LDAPMessage **result) {
ldap_msgfree(*result);
return 0;
if (mods == NULL) {
mods = SMB_MALLOC_P(LDAPMod *);
if (mods == NULL) {
- smb_panic("smbldap_set_mod: out of memory!\n");
+ smb_panic("smbldap_set_mod: out of memory!");
/* notreached. */
- abort();
}
mods[0] = NULL;
}
if (mods[i] == NULL) {
mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2);
if (mods == NULL) {
- smb_panic("smbldap_set_mod: out of memory!\n");
+ smb_panic("smbldap_set_mod: out of memory!");
/* notreached. */
- abort();
}
mods[i] = SMB_MALLOC_P(LDAPMod);
if (mods[i] == NULL) {
- smb_panic("smbldap_set_mod: out of memory!\n");
+ smb_panic("smbldap_set_mod: out of memory!");
/* notreached. */
- abort();
}
mods[i]->mod_op = modop;
mods[i]->mod_values = NULL;
if (value != NULL) {
char *utf8_value = NULL;
+ size_t converted_size;
j = 0;
if (mods[i]->mod_values != NULL) {
mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2);
if (mods[i]->mod_values == NULL) {
- smb_panic("smbldap_set_mod: out of memory!\n");
+ smb_panic("smbldap_set_mod: out of memory!");
/* notreached. */
- abort();
}
- if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) {
- smb_panic("smbldap_set_mod: String conversion failure!\n");
+ if (!push_utf8_talloc(talloc_tos(), &utf8_value, value, &converted_size)) {
+ smb_panic("smbldap_set_mod: String conversion failure!");
/* notreached. */
- abort();
}
-
- mods[i]->mod_values[j] = utf8_value;
+
+
+ mods[i]->mod_values[j] = SMB_STRDUP(utf8_value);
+ TALLOC_FREE(utf8_value);
+ SMB_ASSERT(mods[i]->mod_values[j] != NULL);
mods[i]->mod_values[j + 1] = NULL;
}
const char *attribute, const char *newval)
{
char oldval[2048]; /* current largest allowed value is mungeddial */
- BOOL existed;
+ bool existed;
if (attribute == NULL) {
/* This can actually happen for ldapsam_compat where we for
int smb_ldap_start_tls(LDAP *ldap_struct, int version)
{
+#ifdef LDAP_OPT_X_TLS
int rc;
+#endif
if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
return LDAP_SUCCESS;
return LDAP_OPERATIONS_ERROR;
#endif /* LDAP_OPT_X_TLS */
}
-
}
#endif /* HAVE_LDAP_INITIALIZE */
+
+
+ /* now set connection timeout */
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
+ {
+ int ct = lp_ldap_connection_timeout()*1000;
+ rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+ ct, ldap_err2string(rc)));
+ }
+ }
+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
+ {
+ struct timeval ct;
+ ct.tv_usec = 0;
+ ct.tv_sec = lp_ldap_connection_timeout();
+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+ (int)ct.tv_sec, ldap_err2string(rc)));
+ }
+ }
+#endif
+
return LDAP_SUCCESS;
}
ldap_state->paged_results = True;
}
- DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+ DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n"));
DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n",
ldap_state->paged_results ? "does" : "does not"));
return rc;
static void smbldap_idle_fn(struct event_context *event_ctx,
struct timed_event *te,
- const struct timeval *now,
+ struct timeval now,
void *private_data);
/**********************************************************************
static int smbldap_open(struct smbldap_state *ldap_state)
{
int rc, opt_rc;
- BOOL reopen = False;
+ bool reopen = False;
SMB_ASSERT(ldap_state);
-
-#ifndef NO_LDAP_SECURITY
- if (geteuid() != 0) {
- DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
- return LDAP_INSUFFICIENT_ACCESS;
- }
-#endif
if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) {
ldap_state->idle_event = event_add_timed(
ldap_state->event_context, NULL,
timeval_current_ofs(SMBLDAP_IDLE_TIME, 0),
- "smbldap_idle_fn", smbldap_idle_fn, ldap_state);
+ smbldap_idle_fn, ldap_state);
}
- DEBUG(4,("The LDAP server is succesfully connected\n"));
+ DEBUG(4,("The LDAP server is successfully connected\n"));
return LDAP_SUCCESS;
}
return NT_STATUS_OK;
}
-static BOOL got_alarm;
+static bool got_alarm;
static void (*old_handler)(int);
char *utf8_filter;
time_t endtime = time(NULL)+lp_ldap_timeout();
struct timeval timeout;
+ size_t converted_size;
SMB_ASSERT(ldap_state);
if (ldap_state->last_rebind.tv_sec > 0) {
struct timeval tval;
- SMB_BIG_INT tdiff = 0;
+ int64_t tdiff = 0;
int sleep_time = 0;
ZERO_STRUCT(tval);
ZERO_STRUCT(ldap_state->last_rebind);
}
- if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_filter, filter, &converted_size)) {
return LDAP_NO_MEMORY;
}
}
}
- SAFE_FREE(utf8_filter);
+ TALLOC_FREE(utf8_filter);
/* Teardown timeout. */
CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
BerElement *cookie_be = NULL;
struct berval *cookie_bv = NULL;
int tmp = 0, i, rc;
- BOOL critical = True;
+ bool critical = True;
*res = NULL;
int attempts = 0;
char *utf8_dn;
time_t endtime = time(NULL)+lp_ldap_timeout();
+ size_t converted_size;
SMB_ASSERT(ldap_state);
DEBUG(5,("smbldap_modify: dn => [%s]\n", dn ));
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
return LDAP_NO_MEMORY;
}
}
}
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return rc;
}
int attempts = 0;
char *utf8_dn;
time_t endtime = time(NULL)+lp_ldap_timeout();
+ size_t converted_size;
SMB_ASSERT(ldap_state);
DEBUG(5,("smbldap_add: dn => [%s]\n", dn ));
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
return LDAP_NO_MEMORY;
}
}
}
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return rc;
}
int attempts = 0;
char *utf8_dn;
time_t endtime = time(NULL)+lp_ldap_timeout();
+ size_t converted_size;
SMB_ASSERT(ldap_state);
DEBUG(5,("smbldap_delete: dn => [%s]\n", dn ));
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
return LDAP_NO_MEMORY;
}
}
}
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_dn);
return rc;
}
static void smbldap_idle_fn(struct event_context *event_ctx,
struct timed_event *te,
- const struct timeval *now,
+ struct timeval now,
void *private_data)
{
struct smbldap_state *state = (struct smbldap_state *)private_data;
return;
}
- if ((state->last_use+SMBLDAP_IDLE_TIME) > now->tv_sec) {
+ if ((state->last_use+SMBLDAP_IDLE_TIME) > now.tv_sec) {
DEBUG(10,("ldap connection not idle...\n"));
state->idle_event = event_add_timed(
event_ctx, NULL,
- timeval_add(now, SMBLDAP_IDLE_TIME, 0),
- "smbldap_idle_fn", smbldap_idle_fn,
+ timeval_add(&now, SMBLDAP_IDLE_TIME, 0),
+ smbldap_idle_fn,
private_data);
return;
}
return NT_STATUS_OK;
}
-/*******************************************************************
- Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX.
-********************************************************************/
-char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
-{
- char *utf8_dn, *unix_dn;
-
- utf8_dn = ldap_get_dn(ld, entry);
- if (!utf8_dn) {
- DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n"));
- return NULL;
- }
- if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) {
- DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn));
- return NULL;
- }
- ldap_memfree(utf8_dn);
- return unix_dn;
-}
-
- const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
- LDAPMessage *entry)
+ char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
+ LDAPMessage *entry)
{
char *utf8_dn, *unix_dn;
+ size_t converted_size;
utf8_dn = ldap_get_dn(ld, entry);
if (!utf8_dn) {
- DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n"));
+ DEBUG (5, ("smbldap_talloc_dn: ldap_get_dn failed\n"));
return NULL;
}
- if (pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn) == (size_t)-1) {
- DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 "
+ if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) {
+ DEBUG (0, ("smbldap_talloc_dn: String conversion failure utf8 "
"[%s]\n", utf8_dn));
return NULL;
}
Check if root-dse has a certain Control or Extension
********************************************************************/
-static BOOL smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value)
+static bool smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value)
{
LDAPMessage *msg = NULL;
LDAPMessage *entry = NULL;
char **values = NULL;
int rc, num_result, num_values, i;
- BOOL result = False;
+ bool result = False;
if (!attrs[0]) {
DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
Check if LDAP-Server supports a certain Control (OID in string format)
********************************************************************/
-BOOL smbldap_has_control(LDAP *ld, const char *control)
+bool smbldap_has_control(LDAP *ld, const char *control)
{
const char *attrs[] = { "supportedControl", NULL };
return smbldap_check_root_dse(ld, attrs, control);
Check if LDAP-Server supports a certain Extension (OID in string format)
********************************************************************/
-BOOL smbldap_has_extension(LDAP *ld, const char *extension)
+bool smbldap_has_extension(LDAP *ld, const char *extension)
{
const char *attrs[] = { "supportedExtension", NULL };
return smbldap_check_root_dse(ld, attrs, extension);
Check if LDAP-Server holds a given namingContext
********************************************************************/
-BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context)
+bool smbldap_has_naming_context(LDAP *ld, const char *naming_context)
{
const char *attrs[] = { "namingContexts", NULL };
return smbldap_check_root_dse(ld, attrs, naming_context);
}
-BOOL smbldap_set_creds(struct smbldap_state *ldap_state, BOOL anon, const char *dn, const char *secret)
+bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret)
{
ldap_state->anonymous = anon;