Copyright (C) Remus Koos 2001
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
Copyright (C) Guenther Deschner 2005
+ Copyright (C) Gerald Carter 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
-
+
static void gotalarm_sig(void)
{
gotalarm = 1;
}
-
+
LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to)
{
LDAP *ldp = NULL;
-
+
/* Setup timeout */
gotalarm = 0;
CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
alarm(to);
/* End setup timeout. */
-
+
ldp = ldap_open(server, port);
-
+
+ if (ldp == NULL) {
+ DEBUG(2,("Could not open LDAP connection to %s:%d: %s\n",
+ server, port, strerror(errno)));
+ }
+
/* Teardown timeout. */
CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
alarm(0);
-
+
return ldp;
}
return False;
}
- DEBUG(5,("ads_try_connect: sending CLDAP request to %s\n", server));
+ DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
+ server, ads->server.realm));
/* this copes with inet_ntoa brokenness */
srv = SMB_STRDUP(server);
ZERO_STRUCT( cldap_reply );
-
+
if ( !ads_cldap_netlogon( srv, ads->server.realm, &cldap_reply ) ) {
DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
+ SAFE_FREE( srv );
return False;
}
SAFE_FREE(ads->config.realm);
SAFE_FREE(ads->config.bind_path);
SAFE_FREE(ads->config.ldap_server_name);
+ SAFE_FREE(ads->server.workgroup);
+ ads->config.flags = cldap_reply.flags;
ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.hostname);
strupper_m(cldap_reply.domain);
ads->config.realm = SMB_STRDUP(cldap_reply.domain);
ads->config.bind_path = ads_build_dn(ads->config.realm);
+ ads->server.workgroup = SMB_STRDUP(cldap_reply.netbios_domain);
ads->ldap_port = LDAP_PORT;
ads->ldap_ip = *interpret_addr2(srv);
SAFE_FREE(srv);
- /* cache the successful connection */
-
- saf_store( ads->server.workgroup, server );
+ /* Store our site name. */
+ sitename_store( cldap_reply.client_site_name );
return True;
}
disabled
**********************************************************************/
-static BOOL ads_find_dc(ADS_STRUCT *ads)
+static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
{
const char *c_realm;
int count, i=0;
pstring realm;
BOOL got_realm = False;
BOOL use_own_domain = False;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
/* if the realm and workgroup are both empty, assume they are ours */
if ( !c_realm || !*c_realm ) {
DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n"));
- return False;
+ return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
}
}
DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
(got_realm ? "realm" : "domain"), realm));
- if ( !get_sorted_dc_list(realm, &ip_list, &count, got_realm) ) {
+ status = get_sorted_dc_list(realm, &ip_list, &count, got_realm);
+ if (!NT_STATUS_IS_OK(status)) {
/* fall back to netbios if we can */
if ( got_realm && !lp_disable_netbios() ) {
got_realm = False;
goto again;
}
- return False;
+ return status;
}
-
+
/* if we fail this loop, then giveup since all the IP addresses returned were dead */
for ( i=0; i<count; i++ ) {
fstring server;
if ( ads_try_connect(ads, server) ) {
SAFE_FREE(ip_list);
- return True;
+ return NT_STATUS_OK;
}
/* keep track of failures */
SAFE_FREE(ip_list);
- return False;
+ return NT_STATUS_NO_LOGON_SERVERS;
}
{
int version = LDAP_VERSION3;
ADS_STATUS status;
+ NTSTATUS ntstatus;
ads->last_attempt = time(NULL);
ads->ld = NULL;
goto got_connection;
}
- if (ads_find_dc(ads)) {
+ ntstatus = ads_find_dc(ads);
+ if (NT_STATUS_IS_OK(ntstatus)) {
goto got_connection;
}
- return ADS_ERROR_SYSTEM(errno?errno:ENOENT);
+ return ADS_ERROR_NT(ntstatus);
got_connection:
DEBUG(3,("Connected to LDAP server %s\n", inet_ntoa(ads->ldap_ip)));
if (!ads->auth.user_name) {
- /* have to use the userPrincipalName value here and
- not servicePrincipalName; found by Guenther Deschner @ Sernet.
+ /* Must use the userPrincipalName value here or sAMAccountName
+ and not servicePrincipalName; found by Guenther Deschner */
- Is this still correct? The comment does not match
- the code. --jerry */
-
- asprintf(&ads->auth.user_name, "host/%s", global_myname() );
+ asprintf(&ads->auth.user_name, "%s$", global_myname() );
}
if (!ads->auth.realm) {
{
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
}
+
+ /* cache the successful connection */
+ saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version));
}
cookie_be = ber_alloc_t(LBER_USE_DER);
- if (cookie && *cookie) {
+ if (*cookie) {
ber_printf(cookie_be, "{iO}", (ber_int_t) 1000, *cookie);
ber_bvfree(*cookie); /* don't need it from last time */
*cookie = NULL;
} else {
ExtendedDn.ldctl_value.bv_len = 0;
- ExtendedDn.ldctl_value.bv_val = CONST_DISCARD(char *, "");
+ ExtendedDn.ldctl_value.bv_val = NULL;
}
controls[0] = &NoReferrals;
* @param attrs Attributes to retrieve
* @return status of search
**/
-ADS_STATUS ads_search_dn(ADS_STRUCT *ads, void **res,
+ADS_STATUS ads_search_dn(ADS_STRUCT *ads, void *_res,
const char *dn,
const char **attrs)
{
+ void **res = (void **)_res;
return ads_do_search(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, res);
}
**/
char *ads_parent_dn(const char *dn)
{
- char *p = strchr(dn, ',');
+ char *p;
+
+ if (dn == NULL) {
+ return NULL;
+ }
+
+ p = strchr(dn, ',');
if (p == NULL) {
return NULL;
*/
static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
int mod_op, const char *name,
- const void **invals)
+ const void *_invals)
{
+ const void **invals = (const void **)_invals;
int curmod;
LDAPMod **modlist = (LDAPMod **) *mods;
struct berval **ber_values = NULL;
if (!val)
return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
- return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name,
- (const void **) values);
+ return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, values);
}
/**
status = ads_search_dn(ads, &res, base, attrs);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("Failed while searching for: %s\n", base));
+ SAFE_FREE(base);
return NULL;
}
- free(base);
+ SAFE_FREE(base);
if (ads_count_replies(ads, res) != 1) {
return NULL;
free(s);
}
+ ads_memfree(ads, wkn_dn);
+ ldap_value_free(wkn_dn_exp);
+ ldap_value_free(bind_dn_exp);
+
return ret;
}
* (found by hostname) in AD.
* @param ads An initialized ADS_STRUCT
* @param machine_name the NetBIOS name of the computer, which is used to identify the computer account.
+ * @param my_fqdn The fully qualified DNS name of the machine
* @param spn A string of the service principal to add, i.e. 'host'
* @return 0 upon sucess, or non-zero if a failure occurs
**/
-ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, const char *spn)
+ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
+ const char *my_fqdn, const char *spn)
{
ADS_STATUS ret;
TALLOC_CTX *ctx;
LDAPMessage *res = NULL;
- char *host_spn, *psp1, *psp2, *psp3;
+ char *psp1, *psp2;
ADS_MODLIST mods;
- fstring my_fqdn;
char *dn_string = NULL;
- const char *servicePrincipalName[4] = {NULL, NULL, NULL, NULL};
+ const char *servicePrincipalName[3] = {NULL, NULL, NULL};
ret = ads_find_machine_acct(ads, (void **)(void *)&res, machine_name);
if (!ADS_ERR_OK(ret) || ads_count_replies(ads, res) != 1) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
- name_to_fqdn(my_fqdn, machine_name);
- strlower_m(my_fqdn);
-
- if (!(host_spn = talloc_asprintf(ctx, "HOST/%s", my_fqdn))) {
+ /* add short name spn */
+
+ if ( (psp1 = talloc_asprintf(ctx, "%s/%s", spn, machine_name)) == NULL ) {
talloc_destroy(ctx);
ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ return ADS_ERROR(LDAP_NO_MEMORY);
}
-
- /* Add the extra principal */
- psp1 = talloc_asprintf(ctx, "%s/%s", spn, machine_name);
strupper_m(psp1);
strlower_m(&psp1[strlen(spn)]);
- DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n", psp1, machine_name));
servicePrincipalName[0] = psp1;
- psp2 = talloc_asprintf(ctx, "%s/%s.%s", spn, machine_name, ads->config.realm);
+
+ DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n",
+ psp1, machine_name));
+
+
+ /* add fully qualified spn */
+
+ if ( (psp2 = talloc_asprintf(ctx, "%s/%s", spn, my_fqdn)) == NULL ) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
strupper_m(psp2);
strlower_m(&psp2[strlen(spn)]);
- DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n", psp2, machine_name));
servicePrincipalName[1] = psp2;
- /* Add another principal in case the realm != the DNS domain, so that
- * the KDC doesn't send "server principal unknown" errors to clients
- * which use the DNS name in determining service principal names. */
- psp3 = talloc_asprintf(ctx, "%s/%s", spn, my_fqdn);
- strupper_m(psp3);
- strlower_m(&psp3[strlen(spn)]);
- if (strcmp(psp2, psp3) != 0) {
- DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n", psp3, machine_name));
- servicePrincipalName[2] = psp3;
- }
+ DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n",
+ psp2, machine_name));
- if (!(mods = ads_init_mods(ctx))) {
- talloc_destroy(ctx);
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ if ( (mods = ads_init_mods(ctx)) == NULL ) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
}
+
ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
- talloc_destroy(ctx);
- ads_msgfree(ads, res);
- return ret;
+ goto out;
}
- dn_string = ads_get_dn(ads, res);
- if (!dn_string) {
- talloc_destroy(ctx);
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_MEMORY);
+
+ if ( (dn_string = ads_get_dn(ads, res)) == NULL ) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
}
+
ret = ads_gen_mod(ads, dn_string, mods);
ads_memfree(ads,dn_string);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
- talloc_destroy(ctx);
- ads_msgfree(ads, res);
- return ret;
+ goto out;
}
- talloc_destroy(ctx);
+ out:
+ TALLOC_FREE( ctx );
ads_msgfree(ads, res);
return ret;
}
return ldap_count_entries(ads->ld, (LDAPMessage *)res);
}
-/**
- * Delete a machine from the realm
- * @param ads connection to ads server
- * @param hostname Machine to remove
- * @return status of delete
- **/
-ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname)
-{
- ADS_STATUS status;
- void *res, *msg;
- char *hostnameDN, *host;
- int rc;
- LDAPControl ldap_control;
- LDAPControl * pldap_control[2] = {NULL, NULL};
-
- pldap_control[0] = &ldap_control;
- memset(&ldap_control, 0, sizeof(LDAPControl));
- ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID;
-
- /* hostname must be lowercase */
- host = SMB_STRDUP(hostname);
- strlower_m(host);
-
- status = ads_find_machine_acct(ads, &res, host);
- if (!ADS_ERR_OK(status)) {
- DEBUG(0, ("Host account for %s does not exist.\n", host));
- return status;
- }
-
- msg = ads_first_entry(ads, res);
- if (!msg) {
- return ADS_ERROR_SYSTEM(ENOENT);
- }
-
- hostnameDN = ads_get_dn(ads, (LDAPMessage *)msg);
-
-
- rc = ldap_delete_ext_s(ads->ld, hostnameDN, pldap_control, NULL);
- if (rc) {
- DEBUG(3,("ldap_delete_ext_s failed with error code %d\n", rc));
- }else {
- DEBUG(3,("ldap_delete_ext_s succeeded with error code %d\n", rc));
- }
-
- ads_memfree(ads, hostnameDN);
- if (rc != LDAP_SUCCESS) {
- return ADS_ERROR(rc);
- }
-
- status = ads_find_machine_acct(ads, &res, host);
- if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
- DEBUG(0, ("Failed to remove host account.\n"));
- return status;
- }
-
- free(host);
-
- return status;
-}
-
-#if 0
-/**
- * add machine account to existing security descriptor
- * @param ads connection to ads server
- * @param hostname machine to add
- * @param dn DN of security descriptor
- * @return status
- **/
-static ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
-{
- const char *attrs[] = {"nTSecurityDescriptor", "objectSid", 0};
- char *expr = 0;
- size_t sd_size = 0;
- struct berval bval = {0, NULL};
- prs_struct ps_wire;
- char *escaped_hostname = escape_ldap_string_alloc(hostname);
-
- LDAPMessage *res = 0;
- LDAPMessage *msg = 0;
- ADS_MODLIST mods = 0;
-
- NTSTATUS status;
- ADS_STATUS ret;
- DOM_SID sid;
- SEC_DESC *psd = NULL;
- TALLOC_CTX *ctx = NULL;
-
- /* Avoid segmentation fault in prs_mem_free if
- * we have to bail out before prs_init */
- ps_wire.is_dynamic = False;
-
- if (!ads) {
- SAFE_FREE(escaped_hostname);
- return ADS_ERROR(LDAP_SERVER_DOWN);
- }
-
- ret = ADS_ERROR(LDAP_SUCCESS);
-
- if (!escaped_hostname) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- if (asprintf(&expr, "(samAccountName=%s$)", escaped_hostname) == -1) {
- DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n"));
- SAFE_FREE(escaped_hostname);
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- SAFE_FREE(escaped_hostname);
-
- ret = ads_search(ads, (void *) &res, expr, attrs);
-
- SAFE_FREE(expr);
-
- if (!ADS_ERR_OK(ret)) return ret;
-
- if ( !(msg = ads_first_entry(ads, res) )) {
- ret = ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- goto ads_set_sd_error;
- }
-
- if (!ads_pull_sid(ads, msg, attrs[1], &sid)) {
- ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- goto ads_set_sd_error;
- }
-
- if (!(ctx = talloc_init("sec_io_desc"))) {
- ret = ADS_ERROR(LDAP_NO_MEMORY);
- goto ads_set_sd_error;
- }
-
- if (!ads_pull_sd(ads, ctx, msg, attrs[0], &psd)) {
- ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- goto ads_set_sd_error;
- }
-
- status = sec_desc_add_sid(ctx, &psd, &sid, SEC_RIGHTS_FULL_CTRL, &sd_size);
-
- if (!NT_STATUS_IS_OK(status)) {
- ret = ADS_ERROR_NT(status);
- goto ads_set_sd_error;
- }
-
- if (!prs_init(&ps_wire, sd_size, ctx, MARSHALL)) {
- ret = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- if (!sec_io_desc("sd_wire", &psd, &ps_wire, 1)) {
- ret = ADS_ERROR(LDAP_NO_MEMORY);
- goto ads_set_sd_error;
- }
-
-#if 0
- file_save("/tmp/sec_desc.new", ps_wire.data_p, sd_size);
-#endif
- if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
-
- bval.bv_len = prs_offset(&ps_wire);
- bval.bv_val = TALLOC(ctx, bval.bv_len);
- if (!bval.bv_val) {
- ret = ADS_ERROR(LDAP_NO_MEMORY);
- goto ads_set_sd_error;
- }
-
- prs_set_offset(&ps_wire, 0);
-
- if (!prs_copy_data_out(bval.bv_val, &ps_wire, bval.bv_len)) {
- ret = ADS_ERROR(LDAP_NO_MEMORY);
- goto ads_set_sd_error;
- }
-
- ret = ads_mod_ber(ctx, &mods, attrs[0], &bval);
- if (ADS_ERR_OK(ret)) {
- ret = ads_gen_mod(ads, dn, mods);
- }
-
-ads_set_sd_error:
- ads_msgfree(ads, res);
- prs_mem_free(&ps_wire);
- talloc_destroy(ctx);
- return ret;
-}
-#endif
-
/**
* pull the first entry from a ADS result
* @param ads connection to ads server
return NULL;
}
- memcpy(&strings[*num_strings], new_strings,
- sizeof(*new_strings) * num_new_strings);
+ if (new_strings && num_new_strings) {
+ memcpy(&strings[*num_strings], new_strings,
+ sizeof(*new_strings) * num_new_strings);
+ }
(*num_strings) += num_new_strings;
return timegm(&tm);
}
-/**
- * Find the servers name and realm - this can be done before authentication
- * The ldapServiceName field on w2k looks like this:
- * vnet3.home.samba.org:win2000-vnet3$@VNET3.HOME.SAMBA.ORG
- * @param ads connection to ads server
- * @return status of search
- **/
+/********************************************************************
+********************************************************************/
+
ADS_STATUS ads_current_time(ADS_STRUCT *ads)
{
const char *attrs[] = {"currentTime", NULL};
TALLOC_CTX *ctx;
ADS_STRUCT *ads_s = ads;
- if (!(ctx = talloc_init("ads_server_info"))) {
+ if (!(ctx = talloc_init("ads_current_time"))) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) {
- talloc_destroy(ctx);
goto done;
}
timestr = ads_pull_string(ads_s, ctx, res, "currentTime");
if (!timestr) {
ads_msgfree(ads, res);
- talloc_destroy(ctx);
status = ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
goto done;
}
return status;
}
+/********************************************************************
+********************************************************************/
+
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val)
+{
+ const char *attrs[] = {"domainFunctionality", NULL};
+ ADS_STATUS status;
+ void *res;
+ ADS_STRUCT *ads_s = ads;
+
+ *val = DS_DOMAIN_FUNCTION_2000;
+
+ /* establish a new ldap tcp session if necessary */
+
+ if ( !ads->ld ) {
+ if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup,
+ ads->server.ldap_server )) == NULL )
+ {
+ goto done;
+ }
+ ads_s->auth.flags = ADS_AUTH_ANON_BIND;
+ status = ads_connect( ads_s );
+ if ( !ADS_ERR_OK(status))
+ goto done;
+ }
+
+ /* If the attribute does not exist assume it is a Windows 2000
+ functional domain */
+
+ status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ if ( status.err.rc == LDAP_NO_SUCH_ATTRIBUTE ) {
+ status = ADS_SUCCESS;
+ }
+ goto done;
+ }
+
+ if ( !ads_pull_uint32(ads_s, res, "domainFunctionality", val) ) {
+ DEBUG(5,("ads_domain_func_level: Failed to pull the domainFunctionality attribute.\n"));
+ }
+ DEBUG(3,("ads_domain_func_level: %d\n", *val));
+
+
+ ads_msgfree(ads, res);
+
+done:
+ /* free any temporary ads connections */
+ if ( ads_s != ads ) {
+ ads_destroy( &ads_s );
+ }
+
+ return status;
+}
+
/**
* find the domain sid for our domain
* @param ads connection to ads server
return dn_count;
}
+/********************************************************************
+********************************************************************/
+
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+
+ status = ads_find_machine_acct(ads, (void **)(void *)&res, global_myname());
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
+ global_myname()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "dNSHostName")) == NULL ) {
+ DEBUG(0,("ads_get_dnshostname: No dNSHostName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+
+ return name;
+}
+
+/********************************************************************
+********************************************************************/
+
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+
+ status = ads_find_machine_acct(ads, (void **)(void *)&res, global_myname());
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_get_upn: Failed to find account for %s\n",
+ global_myname()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_get_upn: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "userPrincipalName")) == NULL ) {
+ DEBUG(2,("ads_get_upn: No userPrincipalName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+
+ return name;
+}
+
+/********************************************************************
+********************************************************************/
+
+char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+
+ status = ads_find_machine_acct(ads, (void **)(void *)&res, global_myname());
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
+ global_myname()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "sAMAccountName")) == NULL ) {
+ DEBUG(0,("ads_get_dnshostname: No sAMAccountName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+
+ return name;
+}
+
#endif