#include "ads.h"
#include "libads/sitename_cache.h"
#include "libads/cldap.h"
-#include "libads/dns.h"
+#include "../lib/addns/dnsquery.h"
#include "../libds/common/flags.h"
#include "smbldap.h"
#include "../libcli/security/security.h"
+#include "lib/param/loadparm.h"
#ifdef HAVE_LDAP
gotalarm = 1;
}
- LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to)
+ LDAP *ldap_open_with_timeout(const char *server,
+ struct sockaddr_storage *ss,
+ int port, unsigned int to)
{
LDAP *ldp = NULL;
-
+ int ldap_err;
+ char *uri;
DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout "
"%u seconds\n", server, port, to));
- /* Setup timeout */
- gotalarm = 0;
- CatchSignal(SIGALRM, gotalarm_sig);
- alarm(to);
- /* End setup timeout. */
+ if (to) {
+ /* Setup timeout */
+ gotalarm = 0;
+ CatchSignal(SIGALRM, gotalarm_sig);
+ alarm(to);
+ /* End setup timeout. */
+ }
- ldp = ldap_open(server, port);
+ uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port);
+ if (uri == NULL) {
+ return NULL;
+ }
- if (ldp == NULL) {
- DEBUG(2,("Could not open connection to LDAP server %s:%d: %s\n",
- server, port, strerror(errno)));
+#ifdef HAVE_LDAP_INITIALIZE
+ ldap_err = ldap_initialize(&ldp, uri);
+#else
+ ldp = ldap_open(server, port);
+ if (ldp != NULL) {
+ ldap_err = LDAP_SUCCESS;
+ } else {
+ ldap_err = LDAP_OTHER;
+ }
+#endif
+ if (ldap_err != LDAP_SUCCESS) {
+ DEBUG(2,("Could not initialize connection for LDAP server '%s': %s\n",
+ uri, ldap_err2string(ldap_err)));
} else {
- DEBUG(10, ("Connected to LDAP server '%s:%d'\n", server, port));
+ DEBUG(10, ("Initialized connection for LDAP server '%s'\n", uri));
}
- /* Teardown timeout. */
- CatchSignal(SIGALRM, SIG_IGN);
- alarm(0);
+ if (to) {
+ /* Teardown timeout. */
+ alarm(0);
+ CatchSignal(SIGALRM, SIG_IGN);
+ }
return ldp;
}
int sizelimit,
LDAPMessage **res )
{
+ int to = lp_ldap_timeout();
struct timeval timeout;
+ struct timeval *timeout_ptr = NULL;
int result;
/* Setup timeout for the ldap_search_ext_s call - local and remote. */
- timeout.tv_sec = lp_ldap_timeout();
- timeout.tv_usec = 0;
-
- /* Setup alarm timeout.... Do we need both of these ? JRA. */
gotalarm = 0;
- CatchSignal(SIGALRM, gotalarm_sig);
- alarm(lp_ldap_timeout());
- /* End setup timeout. */
+
+ if (to) {
+ timeout.tv_sec = to;
+ timeout.tv_usec = 0;
+ timeout_ptr = &timeout;
+
+ /* Setup alarm timeout. */
+ CatchSignal(SIGALRM, gotalarm_sig);
+ /* Make the alarm time one second beyond
+ the timout we're setting for the
+ remote search timeout, to allow that
+ to fire in preference. */
+ alarm(to+1);
+ /* End setup timeout. */
+ }
+
result = ldap_search_ext_s(ld, base, scope, filter, attrs,
- attrsonly, sctrls, cctrls, &timeout,
+ attrsonly, sctrls, cctrls, timeout_ptr,
sizelimit, res);
- /* Teardown timeout. */
- CatchSignal(SIGALRM, SIG_IGN);
- alarm(0);
+ if (to) {
+ /* Teardown alarm timeout. */
+ CatchSignal(SIGALRM, SIG_IGN);
+ alarm(0);
+ }
if (gotalarm != 0)
return LDAP_TIMELIMIT_EXCEEDED;
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
*/
-static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
+ struct sockaddr_storage *ss)
{
- char *srv;
struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
TALLOC_CTX *frame = talloc_stackframe();
bool ret = false;
+ char addr[INET6_ADDRSTRLEN];
- if (!server || !*server) {
+ if (ss == NULL) {
TALLOC_FREE(frame);
return False;
}
- if (!is_ipaddress(server)) {
- struct sockaddr_storage ss;
- char addr[INET6_ADDRSTRLEN];
-
- if (!resolve_name(server, &ss, 0x20, true)) {
- DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
- server ));
- TALLOC_FREE(frame);
- return false;
- }
- print_sockaddr(addr, sizeof(addr), &ss);
- srv = talloc_strdup(frame, addr);
- } else {
- /* this copes with inet_ntoa brokenness */
- srv = talloc_strdup(frame, server);
- }
-
- if (!srv) {
- TALLOC_FREE(frame);
- return false;
- }
+ print_sockaddr(addr, sizeof(addr), ss);
DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
- srv, ads->server.realm));
+ addr, ads->server.realm));
ZERO_STRUCT( cldap_reply );
- if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
- DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
+ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
+ DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
ret = false;
goto out;
}
if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
- srv));
+ addr));
ret = false;
goto out;
}
ads->config.flags = cldap_reply.server_type;
ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.pdc_dns_name);
ads->config.realm = SMB_STRDUP(cldap_reply.dns_domain);
- strupper_m(ads->config.realm);
+ if (!strupper_m(ads->config.realm)) {
+ ret = false;
+ goto out;
+ }
+
ads->config.bind_path = ads_build_dn(ads->config.realm);
if (*cldap_reply.server_site) {
ads->config.server_site_name =
ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
- if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
- DEBUG(1,("ads_try_connect: unable to convert %s "
- "to an address\n",
- srv));
- ret = false;
- goto out;
- }
+ ads->ldap.ss = *ss;
/* Store our site name. */
sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
bool use_own_domain = False;
char *sitename;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ bool ok = false;
/* if the realm and workgroup are both empty, assume they are ours */
}
if ( !c_realm || !*c_realm ) {
- DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n"));
+ DEBUG(1, ("ads_find_dc: no realm or workgroup! Don't know "
+ "what to do\n"));
return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
}
DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
(got_realm ? "realm" : "domain"), realm));
- if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+ ok = get_dc_name(domain, realm, srv_name, &ip_out);
+ if (ok) {
/*
* we call ads_try_connect() to fill in the
* ads->config details
*/
- if (ads_try_connect(ads, srv_name, false)) {
+ ok = ads_try_connect(ads, false, &ip_out);
+ if (ok) {
return NT_STATUS_OK;
}
}
return NT_STATUS_NO_LOGON_SERVERS;
}
- sitename = sitename_fetch(realm);
+ sitename = sitename_fetch(talloc_tos(), realm);
again:
goto again;
}
- SAFE_FREE(sitename);
+ TALLOC_FREE(sitename);
return status;
}
}
}
- if ( ads_try_connect(ads, server, false) ) {
+ ok = ads_try_connect(ads, false, &ip_list[i].ss);
+ if (ok) {
SAFE_FREE(ip_list);
- SAFE_FREE(sitename);
+ TALLOC_FREE(sitename);
return NT_STATUS_OK;
}
if (sitename) {
DEBUG(1,("ads_find_dc: failed to find a valid DC on our site (%s), "
"trying to find another DC\n", sitename));
- SAFE_FREE(sitename);
+ TALLOC_FREE(sitename);
namecache_delete(realm, 0x1C);
goto again;
}
TALLOC_CTX *frame = talloc_stackframe();
struct dns_rr_srv *gcs_list;
int num_gcs;
- char *realm = ads->server.realm;
+ const char *realm = ads->server.realm;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
int i;
if (!realm)
realm = lp_realm();
- if ((sitename = sitename_fetch(realm)) == NULL) {
+ if ((sitename = sitename_fetch(frame, realm)) == NULL) {
ads_lookup_site();
- sitename = sitename_fetch(realm);
+ sitename = sitename_fetch(frame, realm);
}
do {
if (sitename == NULL)
done = true;
- nt_status = ads_dns_query_gcs(frame, realm, sitename,
- &gcs_list, &num_gcs);
-
- SAFE_FREE(sitename);
+ nt_status = ads_dns_query_gcs(frame,
+ realm,
+ sitename,
+ &gcs_list,
+ &num_gcs);
if (!NT_STATUS_IS_OK(nt_status)) {
ads_status = ADS_ERROR_NT(nt_status);
} while (!done);
done:
- SAFE_FREE(sitename);
talloc_destroy(frame);
return ads_status;
TALLOC_FREE(s);
}
- if (ads->server.ldap_server)
- {
- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
+ if (ads->server.ldap_server) {
+ bool ok = false;
+ struct sockaddr_storage ss;
+
+ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
+ if (!ok) {
+ DEBUG(5,("ads_connect: unable to resolve name %s\n",
+ ads->server.ldap_server));
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
+ ok = ads_try_connect(ads, ads->server.gc, &ss);
+ if (ok) {
goto got_connection;
}
/* Must use the userPrincipalName value here or sAMAccountName
and not servicePrincipalName; found by Guenther Deschner */
- if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) {
+ if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) {
DEBUG(0,("ads_connect: asprintf fail.\n"));
ads->auth.user_name = NULL;
}
ads->auth.kdc_server = SMB_STRDUP(addr);
}
-#if KRB5_DNS_HACK
- /* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
- to MIT kerberos to work (tridge) */
- {
- char *env = NULL;
- if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) {
- setenv(env, ads->auth.kdc_server, 1);
- free(env);
- }
- }
-#endif
-
/* If the caller() requested no LDAP bind, then we are done */
if (ads->auth.flags & ADS_AUTH_NO_BIND) {
/* Otherwise setup the TCP LDAP session */
- ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
+ ads->ldap.ld = ldap_open_with_timeout(addr,
+ &ads->ldap.ss,
ads->ldap.port, lp_ldap_timeout());
if (ads->ldap.ld == NULL) {
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if ( lp_ldap_ssl_ads() ) {
- status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
+ status = ADS_ERROR(smbldap_start_tls(ads->ldap.ld, version));
if (!ADS_ERR_OK(status)) {
goto out;
}
if (!in_val) return NULL;
- value = TALLOC_ZERO_P(ctx, struct berval);
+ value = talloc_zero(ctx, struct berval);
if (value == NULL)
return NULL;
if (in_val->bv_len == 0) return value;
value->bv_len = in_val->bv_len;
- value->bv_val = (char *)TALLOC_MEMDUP(ctx, in_val->bv_val,
+ value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val,
in_val->bv_len);
return value;
}
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1);
+ values = talloc_zero_array(ctx, struct berval *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+ values = talloc_zero_array(ctx, char *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
- values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+ values = talloc_zero_array(ctx, char *, i+1);
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
cookie_be = ber_alloc_t(LBER_USE_DER);
if (*cookie) {
- ber_printf(cookie_be, "{iO}", (ber_int_t) 1000, *cookie);
+ ber_printf(cookie_be, "{iO}", (ber_int_t) ads->config.ldap_page_size, *cookie);
ber_bvfree(*cookie); /* don't need it from last time */
*cookie = NULL;
} else {
- ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0);
+ ber_printf(cookie_be, "{io}", (ber_int_t) ads->config.ldap_page_size, "", 0);
}
ber_flatten(cookie_be, &cookie_bv);
- PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID);
+ PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID);
PagedResults.ldctl_iscritical = (char) 1;
PagedResults.ldctl_value.bv_len = cookie_bv->bv_len;
PagedResults.ldctl_value.bv_val = cookie_bv->bv_val;
- NoReferrals.ldctl_oid = CONST_DISCARD(char *, ADS_NO_REFERRALS_OID);
+ NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID);
NoReferrals.ldctl_iscritical = (char) 0;
NoReferrals.ldctl_value.bv_len = 0;
- NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, "");
+ NoReferrals.ldctl_value.bv_val = discard_const_p(char, "");
if (external_control &&
(strequal(external_control->control, ADS_EXTENDED_DN_OID) ||
strequal(external_control->control, ADS_SD_FLAGS_OID))) {
- ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control);
+ ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control);
ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
/* win2k does not accept a ldctl_value beeing passed in */
if (rc) {
DEBUG(3,("ads_do_paged_search_args: ldap_search_with_timeout(%s) -> %s\n", expr,
ldap_err2string(rc)));
+ if (rc == LDAP_OTHER) {
+ char *ldap_errmsg;
+ int ret;
+
+ ret = ldap_parse_result(ads->ldap.ld,
+ *res,
+ NULL,
+ NULL,
+ &ldap_errmsg,
+ NULL,
+ NULL,
+ 0);
+ if (ret == LDAP_SUCCESS) {
+ DEBUG(3, ("ldap_search_with_timeout(%s) "
+ "error: %s\n", expr, ldap_errmsg));
+ ldap_memfree(ldap_errmsg);
+ }
+ }
goto done;
}
#ifdef HAVE_LDAP_ADD_RESULT_ENTRY
while (cookie) {
LDAPMessage *res2 = NULL;
- ADS_STATUS status2;
LDAPMessage *msg, *next;
- status2 = ads_do_paged_search_args(ads, bind_path, scope, expr,
+ status = ads_do_paged_search_args(ads, bind_path, scope, expr,
attrs, args, &res2, &count, &cookie);
-
- if (!ADS_ERR_OK(status2)) break;
+ if (!ADS_ERR_OK(status)) {
+ /* Ensure we free all collected results */
+ ads_msgfree(ads, *res);
+ *res = NULL;
+ break;
+ }
/* this relies on the way that ldap_add_result_entry() works internally. I hope
that this works on all ldap libs, but I have only tested with openldap */
#define ADS_MODLIST_ALLOC_SIZE 10
LDAPMod **mods;
- if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
+ if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
/* -1 is safety to make sure we don't go over the end.
need to reset it to NULL before doing ldap modify */
mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
int mod_op, const char *name,
const void *_invals)
{
- const void **invals = (const void **)_invals;
int curmod;
LDAPMod **modlist = (LDAPMod **) *mods;
struct berval **ber_values = NULL;
char **char_values = NULL;
- if (!invals) {
+ if (!_invals) {
mod_op = LDAP_MOD_DELETE;
} else {
- if (mod_op & LDAP_MOD_BVALUES)
- ber_values = ads_dup_values(ctx,
- (const struct berval **)invals);
- else
- char_values = ads_push_strvals(ctx,
- (const char **) invals);
+ if (mod_op & LDAP_MOD_BVALUES) {
+ const struct berval **b;
+ b = discard_const_p(const struct berval *, _invals);
+ ber_values = ads_dup_values(ctx, b);
+ } else {
+ const char **c;
+ c = discard_const_p(const char *, _invals);
+ char_values = ads_push_strvals(ctx, c);
+ }
}
/* find the first empty slot */
for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
curmod++);
if (modlist[curmod] == (LDAPMod *) -1) {
- if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *,
+ if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *,
curmod+ADS_MODLIST_ALLOC_SIZE+1)))
return ADS_ERROR(LDAP_NO_MEMORY);
memset(&modlist[curmod], 0,
*mods = (ADS_MODLIST)modlist;
}
- if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod)))
+ if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod)))
return ADS_ERROR(LDAP_NO_MEMORY);
modlist[curmod]->mod_type = talloc_strdup(ctx, name);
if (mod_op & LDAP_MOD_BVALUES) {
non-existent attribute (but allowable for the object) to run
*/
LDAPControl PermitModify = {
- CONST_DISCARD(char *, ADS_PERMIT_MODIFY_OID),
+ discard_const_p(char, ADS_PERMIT_MODIFY_OID),
{0, NULL},
(char) 1};
LDAPControl *controls[2];
return ret;
}
+/**
+ * @brief Search for an element in a string array.
+ *
+ * @param[in] el_array The string array to search.
+ *
+ * @param[in] num_el The number of elements in the string array.
+ *
+ * @param[in] el The string to search.
+ *
+ * @return True if found, false if not.
+ */
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el)
+{
+ size_t i;
+
+ if (el_array == NULL || num_el == 0 || el == NULL) {
+ return false;
+ }
+
+ for (i = 0; i < num_el && el_array[i] != NULL; i++) {
+ int cmp;
+
+ cmp = strcasecmp_m(el_array[i], el);
+ if (cmp == 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/**
+ * @brief This gets the service principal names of an existing computer account.
+ *
+ * @param[in] mem_ctx The memory context to use to allocate the spn array.
+ *
+ * @param[in] ads The ADS context to use.
+ *
+ * @param[in] machine_name The NetBIOS name of the computer, which is used to
+ * identify the computer account.
+ *
+ * @param[in] spn_array A pointer to store the array for SPNs.
+ *
+ * @param[in] num_spns The number of principals stored in the array.
+ *
+ * @return 0 on success, or a ADS error if a failure occured.
+ */
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***spn_array,
+ size_t *num_spns)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ int count;
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+ machine_name));
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count != 1) {
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+ *spn_array = ads_pull_strings(ads,
+ mem_ctx,
+ res,
+ "servicePrincipalName",
+ num_spns);
+
+done:
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
/**
* This adds a service principal name to an existing computer account
* (found by hostname) in AD.
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- strupper_m(psp1);
- strlower_m(&psp1[strlen(spn)]);
+ if (!strlower_m(&psp1[strlen(spn) + 1])) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
servicePrincipalName[0] = psp1;
DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n",
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
}
- strupper_m(psp2);
- strlower_m(&psp2[strlen(spn)]);
+ if (!strlower_m(&psp2[strlen(spn) + 1])) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
servicePrincipalName[1] = psp2;
DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n",
}
for (i=0; handlers[i].name; i++) {
- if (StrCaseCmp(handlers[i].name, field) == 0) {
+ if (strcasecmp_m(handlers[i].name, field) == 0) {
if (!values) /* first time, indicate string or not */
return handlers[i].string;
handlers[i].handler(ads, field, (struct berval **) values);
utf8_field=ldap_next_attribute(ads->ldap.ld,
(LDAPMessage *)msg,b)) {
struct berval **ber_vals;
- char **str_vals, **utf8_vals;
+ char **str_vals;
+ char **utf8_vals;
char *field;
bool string;
string = fn(ads, field, NULL, data_area);
if (string) {
+ const char **p;
+
utf8_vals = ldap_get_values(ads->ldap.ld,
(LDAPMessage *)msg, field);
- str_vals = ads_pull_strvals(ctx,
- (const char **) utf8_vals);
+ p = discard_const_p(const char *, utf8_vals);
+ str_vals = ads_pull_strvals(ctx, p);
fn(ads, field, (void **) str_vals, data_area);
ldap_value_free(utf8_vals);
} else {
*num_values = ldap_count_values(values);
- ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1);
+ ret = talloc_array(mem_ctx, char *, *num_values + 1);
if (!ret) {
ldap_value_free(values);
return NULL;
return NULL;
}
- strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *,
+ strings = talloc_realloc(mem_ctx, current_strings, char *,
*num_strings + num_new_strings);
if (strings == NULL) {
/* nop */ ;
if (i) {
- (*sids) = TALLOC_ARRAY(mem_ctx, struct dom_sid, i);
+ (*sids) = talloc_array(mem_ctx, struct dom_sid, i);
if (!(*sids)) {
ldap_value_free_len(values);
return 0;
if (ads->config.current_time != 0) {
ads->auth.time_offset = ads->config.current_time - time(NULL);
- DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
+ DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset));
}
ads_msgfree(ads, res);
for (msg = ads_first_entry(ads, res); msg;
msg = ads_next_entry(ads, msg)) {
-
+ const char **p = discard_const_p(const char *, *ous);
char *dn = NULL;
dn = ads_get_dn(ads, talloc_tos(), msg);
return ADS_ERROR(LDAP_NO_MEMORY);
}
- if (!add_string_to_array(mem_ctx, dn,
- (const char ***)ous,
- (int *)num_ous)) {
+ if (!add_string_to_array(mem_ctx, dn, &p, num_ous)) {
TALLOC_FREE(dn);
ads_msgfree(ads, res);
return ADS_ERROR(LDAP_NO_MEMORY);
}
TALLOC_FREE(dn);
+ *ous = discard_const_p(char *, p);
}
ads_msgfree(ads, res);
return ADS_ERROR_NT(NT_STATUS_OK);
}
-/**
- * pull an array of struct dom_sids from a ADS result
- * @param ads connection to ads server
- * @param mem_ctx TALLOC_CTX for allocating sid array
- * @param msg Results of search
- * @param field Attribute to retrieve
- * @param flags string type of extended_dn
- * @param sids pointer to sid array to allocate
- * @return the count of SIDs pulled
- **/
- int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- LDAPMessage *msg,
- const char *field,
- enum ads_extended_dn_flags flags,
- struct dom_sid **sids)
-{
- int i;
- ADS_STATUS rc;
- size_t dn_count, ret_count = 0;
- char **dn_strings;
-
- if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field,
- &dn_count)) == NULL) {
- return 0;
- }
-
- (*sids) = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, dn_count + 1);
- if (!(*sids)) {
- TALLOC_FREE(dn_strings);
- return 0;
- }
-
- for (i=0; i<dn_count; i++) {
- rc = ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i],
- flags, &(*sids)[i]);
- if (!ADS_ERR_OK(rc)) {
- if (NT_STATUS_EQUAL(ads_ntstatus(rc),
- NT_STATUS_NOT_FOUND)) {
- continue;
- }
- else {
- TALLOC_FREE(*sids);
- TALLOC_FREE(dn_strings);
- return 0;
- }
- }
- ret_count++;
- }
-
- TALLOC_FREE(dn_strings);
-
- return ret_count;
-}
-
/********************************************************************
********************************************************************/
int count = 0;
char *name = NULL;
- status = ads_find_machine_acct(ads, &res, global_myname());
+ status = ads_find_machine_acct(ads, &res, lp_netbios_name());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
status = ads_find_machine_acct(ads, &res, machine_name);
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_upn: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
int count = 0;
char *name = NULL;
- status = ads_find_machine_acct(ads, &res, global_myname());
+ status = ads_find_machine_acct(ads, &res, lp_netbios_name());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
- global_myname()));
+ lp_netbios_name()));
goto out;
}
pldap_control[0] = &ldap_control;
memset(&ldap_control, 0, sizeof(LDAPControl));
- ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID;
+ ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID);
/* hostname must be lowercase */
host = SMB_STRDUP(hostname);
- strlower_m(host);
+ if (!strlower_m(host)) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(EINVAL);
+ }
status = ads_find_machine_acct(ads, &res, host);
if (!ADS_ERR_OK(status)) {
}
hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg);
+ if (hostnameDN == NULL) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(ENOENT);
+ }
rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL);
if (rc) {