diff options
| author | bubulle <bubulle@alioth.debian.org> | 2010-04-06 18:12:47 +0000 |
|---|---|---|
| committer | bubulle <bubulle@alioth.debian.org> | 2010-04-06 18:12:47 +0000 |
| commit | c038a4e9c09ba4ac77d885ac0afee418f41b8891 (patch) | |
| tree | f5b2444727ff995f46dabbbf94863e9926501444 /source3/libads | |
| parent | 9e2f5a6ab663f7a111832217c527508c75ddae8a (diff) | |
| download | samba-c038a4e9c09ba4ac77d885ac0afee418f41b8891.tar.gz | |
Revert to 3.4.7...for now?
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@3416 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/ads_utils.c | 137 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 14 | ||||
| -rw-r--r-- | source3/libads/cldap.c | 303 | ||||
| -rw-r--r-- | source3/libads/dns.c | 14 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 65 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 206 | ||||
| -rw-r--r-- | source3/libads/ldap_printer.c | 19 | ||||
| -rw-r--r-- | source3/libads/ldap_schema.c | 4 | ||||
| -rw-r--r-- | source3/libads/ldap_user.c | 6 | ||||
| -rw-r--r-- | source3/libads/sasl.c | 1 | ||||
| -rw-r--r-- | source3/libads/util.c | 2 |
11 files changed, 501 insertions, 270 deletions
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 213242c223..68efd69db9 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -1,27 +1,150 @@ -/* +/* Unix SMB/CIFS implementation. ads (active directory) utility library - + Copyright (C) Stefan (metze) Metzmacher 2002 Copyright (C) Andrew Tridgell 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" -const char *ads_get_ldap_server_name(ADS_STRUCT *ads) +/* +translated the ACB_CTRL Flags to UserFlags (userAccountControl) +*/ +uint32 ads_acb2uf(uint32 acb) +{ + uint32 uf = 0x00000000; + + if (acb & ACB_DISABLED) uf |= UF_ACCOUNTDISABLE; + if (acb & ACB_HOMDIRREQ) uf |= UF_HOMEDIR_REQUIRED; + if (acb & ACB_PWNOTREQ) uf |= UF_PASSWD_NOTREQD; + if (acb & ACB_TEMPDUP) uf |= UF_TEMP_DUPLICATE_ACCOUNT; + if (acb & ACB_NORMAL) uf |= UF_NORMAL_ACCOUNT; + if (acb & ACB_MNS) uf |= UF_MNS_LOGON_ACCOUNT; + if (acb & ACB_DOMTRUST) uf |= UF_INTERDOMAIN_TRUST_ACCOUNT; + if (acb & ACB_WSTRUST) uf |= UF_WORKSTATION_TRUST_ACCOUNT; + if (acb & ACB_SVRTRUST) uf |= UF_SERVER_TRUST_ACCOUNT; + if (acb & ACB_PWNOEXP) uf |= UF_DONT_EXPIRE_PASSWD; + if (acb & ACB_AUTOLOCK) uf |= UF_LOCKOUT; + if (acb & ACB_USE_DES_KEY_ONLY) uf |= UF_USE_DES_KEY_ONLY; + if (acb & ACB_SMARTCARD_REQUIRED) uf |= UF_SMARTCARD_REQUIRED; + if (acb & ACB_TRUSTED_FOR_DELEGATION) uf |= UF_TRUSTED_FOR_DELEGATION; + if (acb & ACB_DONT_REQUIRE_PREAUTH) uf |= UF_DONT_REQUIRE_PREAUTH; + if (acb & ACB_NO_AUTH_DATA_REQD) uf |= UF_NO_AUTH_DATA_REQUIRED; + if (acb & ACB_NOT_DELEGATED) uf |= UF_NOT_DELEGATED; + if (acb & ACB_ENC_TXT_PWD_ALLOWED) uf |= UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED; + + return uf; +} + +/* +translated the UserFlags (userAccountControl) to ACB_CTRL Flags +*/ +uint32 ads_uf2acb(uint32 uf) +{ + uint32 acb = 0x00000000; + + if (uf & UF_ACCOUNTDISABLE) acb |= ACB_DISABLED; + if (uf & UF_HOMEDIR_REQUIRED) acb |= ACB_HOMDIRREQ; + if (uf & UF_PASSWD_NOTREQD) acb |= ACB_PWNOTREQ; + if (uf & UF_MNS_LOGON_ACCOUNT) acb |= ACB_MNS; + if (uf & UF_DONT_EXPIRE_PASSWD) acb |= ACB_PWNOEXP; + if (uf & UF_LOCKOUT) acb |= ACB_AUTOLOCK; + if (uf & UF_USE_DES_KEY_ONLY) acb |= ACB_USE_DES_KEY_ONLY; + if (uf & UF_SMARTCARD_REQUIRED) acb |= ACB_SMARTCARD_REQUIRED; + if (uf & UF_TRUSTED_FOR_DELEGATION) acb |= ACB_TRUSTED_FOR_DELEGATION; + if (uf & UF_DONT_REQUIRE_PREAUTH) acb |= ACB_DONT_REQUIRE_PREAUTH; + if (uf & UF_NO_AUTH_DATA_REQUIRED) acb |= ACB_NO_AUTH_DATA_REQD; + if (uf & UF_NOT_DELEGATED) acb |= ACB_NOT_DELEGATED; + if (uf & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) acb |= ACB_ENC_TXT_PWD_ALLOWED; + + switch (uf & UF_ACCOUNT_TYPE_MASK) + { + case UF_TEMP_DUPLICATE_ACCOUNT: acb |= ACB_TEMPDUP;break; + case UF_NORMAL_ACCOUNT: acb |= ACB_NORMAL;break; + case UF_INTERDOMAIN_TRUST_ACCOUNT: acb |= ACB_DOMTRUST;break; + case UF_WORKSTATION_TRUST_ACCOUNT: acb |= ACB_WSTRUST;break; + case UF_SERVER_TRUST_ACCOUNT: acb |= ACB_SVRTRUST;break; + /*Fix Me: what should we do here? */ + default: acb |= ACB_NORMAL;break; + } + + return acb; +} + +/* +get the accountType from the UserFlags +*/ +uint32 ads_uf2atype(uint32 uf) +{ + uint32 atype = 0x00000000; + + if (uf & UF_NORMAL_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; + else if (uf & UF_TEMP_DUPLICATE_ACCOUNT) atype = ATYPE_NORMAL_ACCOUNT; + else if (uf & UF_SERVER_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; + else if (uf & UF_WORKSTATION_TRUST_ACCOUNT) atype = ATYPE_WORKSTATION_TRUST; + else if (uf & UF_INTERDOMAIN_TRUST_ACCOUNT) atype = ATYPE_INTERDOMAIN_TRUST; + + return atype; +} + +/* +get the accountType from the groupType +*/ +uint32 ads_gtype2atype(uint32 gtype) +{ + uint32 atype = 0x00000000; + + switch(gtype) { + case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: + atype = ATYPE_SECURITY_LOCAL_GROUP; + break; + case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: + atype = ATYPE_SECURITY_LOCAL_GROUP; + break; + case GTYPE_SECURITY_GLOBAL_GROUP: + atype = ATYPE_SECURITY_GLOBAL_GROUP; + break; + + case GTYPE_DISTRIBUTION_GLOBAL_GROUP: + atype = ATYPE_DISTRIBUTION_GLOBAL_GROUP; + break; + case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: + atype = ATYPE_DISTRIBUTION_UNIVERSAL_GROUP; + break; + case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: + atype = ATYPE_DISTRIBUTION_LOCAL_GROUP; + break; + } + + return atype; +} + +/* turn a sAMAccountType into a SID_NAME_USE */ +enum lsa_SidType ads_atype_map(uint32 atype) { - return ads->config.ldap_server_name; + switch (atype & 0xF0000000) { + case ATYPE_GLOBAL_GROUP: + return SID_NAME_DOM_GRP; + case ATYPE_SECURITY_LOCAL_GROUP: + return SID_NAME_ALIAS; + case ATYPE_ACCOUNT: + return SID_NAME_USER; + default: + DEBUG(1,("hmm, need to map account type 0x%x\n", atype)); + } + return SID_NAME_UNKNOWN; } diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index ed158ee2d8..d242919f04 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -350,7 +350,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, bool request_pac, bool add_netbios_addr, time_t renewable_time, - const char *impersonate_princ_s, struct PAC_DATA **pac_ret) { krb5_error_code ret; @@ -424,24 +423,21 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_LOGON_TYPE; } + ret = cli_krb5_get_ticket(local_service, time_offset, &tkt, &sesskey1, 0, cc, - NULL, - impersonate_princ_s); + NULL); if (ret) { DEBUG(1,("failed to get ticket for %s: %s\n", local_service, error_message(ret))); - if (impersonate_princ_s) { - DEBUGADD(1,("tried S4U2SELF impersonation as: %s\n", - impersonate_princ_s)); - } status = krb5_to_nt_status(ret); goto out; } + status = ads_verify_ticket(mem_ctx, lp_realm(), time_offset, @@ -493,7 +489,6 @@ static NTSTATUS kerberos_return_pac_logon_info(TALLOC_CTX *mem_ctx, bool request_pac, bool add_netbios_addr, time_t renewable_time, - const char *impersonate_princ_s, struct PAC_LOGON_INFO **logon_info) { NTSTATUS status; @@ -510,7 +505,6 @@ static NTSTATUS kerberos_return_pac_logon_info(TALLOC_CTX *mem_ctx, request_pac, add_netbios_addr, renewable_time, - impersonate_princ_s, &pac_data); if (!NT_STATUS_IS_OK(status)) { return status; @@ -545,7 +539,6 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx, bool request_pac, bool add_netbios_addr, time_t renewable_time, - const char *impersonate_princ_s, struct netr_SamInfo3 **info3) { NTSTATUS status; @@ -561,7 +554,6 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx, request_pac, add_netbios_addr, renewable_time, - impersonate_princ_s, &logon_info); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 5cefd6ccc1..ae087d976c 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -4,7 +4,6 @@ Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com) Copyright (C) 2008 Guenther Deschner (gd@samba.org) - Copyright (C) 2009 Stefan Metzmacher (metze@samba.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,8 +20,226 @@ */ #include "includes.h" -#include "../libcli/cldap/cldap.h" -#include "../lib/tsocket/tsocket.h" + +/* + do a cldap netlogon query +*/ +static int send_cldap_netlogon(TALLOC_CTX *mem_ctx, int sock, const char *domain, + const char *hostname, unsigned ntversion) +{ + ASN1_DATA *data; + char ntver[4]; +#ifdef CLDAP_USER_QUERY + char aac[4]; + + SIVAL(aac, 0, 0x00000180); +#endif + SIVAL(ntver, 0, ntversion); + + data = asn1_init(mem_ctx); + if (data == NULL) { + return -1; + } + + asn1_push_tag(data,ASN1_SEQUENCE(0)); + asn1_write_Integer(data, 4); + asn1_push_tag(data, ASN1_APPLICATION(3)); + asn1_write_OctetString(data, NULL, 0); + asn1_write_enumerated(data, 0); + asn1_write_enumerated(data, 0); + asn1_write_Integer(data, 0); + asn1_write_Integer(data, 0); + asn1_write_BOOLEAN(data, False); + asn1_push_tag(data, ASN1_CONTEXT(0)); + + if (domain) { + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, "DnsDomain", 9); + asn1_write_OctetString(data, domain, strlen(domain)); + asn1_pop_tag(data); + } + + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, "Host", 4); + asn1_write_OctetString(data, hostname, strlen(hostname)); + asn1_pop_tag(data); + +#ifdef CLDAP_USER_QUERY + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, "User", 4); + asn1_write_OctetString(data, "SAMBA$", 6); + asn1_pop_tag(data); + + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, "AAC", 4); + asn1_write_OctetString(data, aac, 4); + asn1_pop_tag(data); +#endif + + asn1_push_tag(data, ASN1_CONTEXT(3)); + asn1_write_OctetString(data, "NtVer", 5); + asn1_write_OctetString(data, ntver, 4); + asn1_pop_tag(data); + + asn1_pop_tag(data); + + asn1_push_tag(data,ASN1_SEQUENCE(0)); + asn1_write_OctetString(data, "NetLogon", 8); + asn1_pop_tag(data); + asn1_pop_tag(data); + asn1_pop_tag(data); + + if (data->has_error) { + DEBUG(2,("Failed to build cldap netlogon at offset %d\n", (int)data->ofs)); + asn1_free(data); + return -1; + } + + if (write(sock, data->data, data->length) != (ssize_t)data->length) { + DEBUG(2,("failed to send cldap query (%s)\n", strerror(errno))); + asn1_free(data); + return -1; + } + + asn1_free(data); + + return 0; +} + +/* + receive a cldap netlogon reply +*/ +static int recv_cldap_netlogon(TALLOC_CTX *mem_ctx, + int sock, + uint32_t nt_version, + struct netlogon_samlogon_response **reply) +{ + int ret; + ASN1_DATA *data; + DATA_BLOB blob = data_blob_null; + DATA_BLOB os1 = data_blob_null; + DATA_BLOB os2 = data_blob_null; + DATA_BLOB os3 = data_blob_null; + int i1; + struct netlogon_samlogon_response *r = NULL; + NTSTATUS status; + + fd_set r_fds; + struct timeval timeout; + + blob = data_blob(NULL, 8192); + if (blob.data == NULL) { + DEBUG(1, ("data_blob failed\n")); + errno = ENOMEM; + return -1; + } + + FD_ZERO(&r_fds); + FD_SET(sock, &r_fds); + + /* + * half the time of a regular ldap timeout, not less than 3 seconds. + */ + timeout.tv_sec = MAX(3,lp_ldap_timeout()/2); + timeout.tv_usec = 0; + + ret = sys_select(sock+1, &r_fds, NULL, NULL, &timeout); + if (ret == -1) { + DEBUG(10, ("select failed: %s\n", strerror(errno))); + data_blob_free(&blob); + return -1; + } + + if (ret == 0) { + DEBUG(1,("no reply received to cldap netlogon " + "(select timeout %u sec)\n", + (unsigned int)timeout.tv_sec)); + data_blob_free(&blob); + return -1; + } + + ret = read(sock, blob.data, blob.length); + if (ret <= 0) { + DEBUG(1,("no reply received to cldap netlogon " + "(ret = %d: Error = %s)\n", + ret, + ret == -1 ? strerror(errno) : "" )); + data_blob_free(&blob); + return -1; + } + blob.length = ret; + + data = asn1_init(mem_ctx); + if (data == NULL) { + data_blob_free(&blob); + return -1; + } + + asn1_load(data, blob); + asn1_start_tag(data, ASN1_SEQUENCE(0)); + asn1_read_Integer(data, &i1); + asn1_start_tag(data, ASN1_APPLICATION(4)); + asn1_read_OctetString(data, NULL, &os1); + asn1_start_tag(data, ASN1_SEQUENCE(0)); + asn1_start_tag(data, ASN1_SEQUENCE(0)); + asn1_read_OctetString(data, NULL, &os2); + asn1_start_tag(data, ASN1_SET); + asn1_read_OctetString(data, NULL, &os3); + asn1_end_tag(data); + asn1_end_tag(data); + asn1_end_tag(data); + asn1_end_tag(data); + asn1_end_tag(data); + + if (data->has_error) { + data_blob_free(&blob); + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + asn1_free(data); + DEBUG(1,("Failed to parse cldap reply\n")); + return -1; + } + + r = TALLOC_ZERO_P(mem_ctx, struct netlogon_samlogon_response); + if (!r) { + errno = ENOMEM; + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); + asn1_free(data); + return -1; + } + + status = pull_netlogon_samlogon_response(&os3, mem_ctx, NULL, r); + if (!NT_STATUS_IS_OK(status)) { + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); + asn1_free(data); + TALLOC_FREE(r); + return -1; + } + + map_netlogon_samlogon_response(r); + + data_blob_free(&os1); + data_blob_free(&os2); + data_blob_free(&os3); + data_blob_free(&blob); + + asn1_free(data); + + if (reply) { + *reply = r; + } else { + TALLOC_FREE(r); + } + + return 0; +} /******************************************************************* do a cldap netlogon query. Always 389/udp @@ -32,79 +249,33 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *server, const char *realm, uint32_t nt_version, - struct netlogon_samlogon_response **_reply) + struct netlogon_samlogon_response **reply) { - struct cldap_socket *cldap; - struct cldap_netlogon io; - struct netlogon_samlogon_response *reply; - NTSTATUS status; - struct sockaddr_storage ss; - char addrstr[INET6_ADDRSTRLEN]; - const char *dest_str; + int sock; int ret; - struct tsocket_address *dest_addr; - if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) { - DEBUG(2,("Failed to resolve[%s] into an address for cldap\n", - server)); - return false; + sock = open_udp_socket(server, LDAP_PORT ); + if (sock == -1) { + DEBUG(2,("ads_cldap_netlogon: Failed to open udp socket to %s. " + "Error %s\n", + server, + strerror(errno) )); + return False; } - dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss); - ret = tsocket_address_inet_from_strings(mem_ctx, "ip", - dest_str, LDAP_PORT, - &dest_addr); + ret = send_cldap_netlogon(mem_ctx, sock, realm, global_myname(), nt_version); if (ret != 0) { - status = map_nt_error_from_unix(errno); - DEBUG(2,("Failed to create cldap tsocket_address for %s - %s\n", - dest_str, nt_errstr(status))); - return false; - } - - /* - * as we use a connected udp socket - */ - status = cldap_socket_init(mem_ctx, NULL, NULL, dest_addr, &cldap); - TALLOC_FREE(dest_addr); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("Failed to create cldap socket to %s: %s\n", - dest_str, nt_errstr(status))); - return false; + close(sock); + return False; } + ret = recv_cldap_netlogon(mem_ctx, sock, nt_version, reply); + close(sock); - reply = talloc(cldap, struct netlogon_samlogon_response); - if (!reply) { - goto failed; + if (ret == -1) { + return False; } - /* - * as we use a connected socket, so we don't need to specify the - * destination - */ - io.in.dest_address = NULL; - io.in.dest_port = 0; - io.in.realm = realm; - io.in.host = NULL; - io.in.user = NULL; - io.in.domain_guid = NULL; - io.in.domain_sid = NULL; - io.in.acct_control = 0; - io.in.version = nt_version; - io.in.map_response = false; - - status = cldap_netlogon(cldap, NULL, reply, &io); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("cldap_netlogon() failed: %s\n", nt_errstr(status))); - goto failed; - } - - *reply = io.out.netlogon; - *_reply = talloc_move(mem_ctx, &reply); - TALLOC_FREE(cldap); - return true; -failed: - TALLOC_FREE(cldap); - return false; + return True; } /******************************************************************* diff --git a/source3/libads/dns.c b/source3/libads/dns.c index 1765f95ca0..3a9e849668 100644 --- a/source3/libads/dns.c +++ b/source3/libads/dns.c @@ -506,10 +506,9 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, if (rr.type != T_A || rr.rdatalen != 4) { #if defined(HAVE_IPV6) - /* RFC2874 defines A6 records. This + /* FIXME. RFC2874 defines A6 records. This * requires recusive and horribly complex lookups. * Bastards. Ignore this for now.... JRA. - * Luckily RFC3363 reprecates A6 records. */ if (rr.type != T_AAAA || rr.rdatalen != 16) #endif @@ -755,6 +754,10 @@ bool sitename_store(const char *realm, const char *sitename) bool ret = False; char *key; + if (!gencache_init()) { + return False; + } + if (!realm || (strlen(realm) == 0)) { DEBUG(0,("sitename_store: no realm\n")); return False; @@ -792,6 +795,10 @@ char *sitename_fetch(const char *realm) const char *query_realm; char *key; + if (!gencache_init()) { + return NULL; + } + if (!realm || (strlen(realm) == 0)) { query_realm = lp_realm(); } else { @@ -986,7 +993,7 @@ NTSTATUS ads_dns_query_dcs_guid(TALLOC_CTX *ctx, /*_ldap._tcp.DomainGuid.domains._msdcs.DnsForestName */ const char *domains; - char *guid_string; + const char *guid_string; guid_string = GUID_string(ctx, domain_guid); if (!guid_string) { @@ -998,7 +1005,6 @@ NTSTATUS ads_dns_query_dcs_guid(TALLOC_CTX *ctx, if (!domains) { return NT_STATUS_NO_MEMORY; } - TALLOC_FREE(guid_string); return ads_dns_query_internal(ctx, "_ldap", domains, dns_forest_name, NULL, dclist, numdcs); diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 7fb4ec33e4..f5f7f3d2e6 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -47,9 +47,9 @@ kerb_prompter(krb5_context ctx, void *data, memset(prompts[0].reply->data, '\0', prompts[0].reply->length); if (prompts[0].reply->length > 0) { if (data) { - strncpy((char *)prompts[0].reply->data, (const char *)data, + strncpy(prompts[0].reply->data, (const char *)data, prompts[0].reply->length-1); - prompts[0].reply->length = strlen((const char *)prompts[0].reply->data); + prompts[0].reply->length = strlen(prompts[0].reply->data); } else { prompts[0].reply->length = 0; } @@ -525,58 +525,6 @@ char *kerberos_get_default_realm_from_ccache( void ) return realm; } -/************************************************************************ - Routine to get the realm from a given DNS name. Returns malloc'ed memory. - Caller must free() if the return value is not NULL. -************************************************************************/ - -char *kerberos_get_realm_from_hostname(const char *hostname) -{ -#if defined(HAVE_KRB5_GET_HOST_REALM) && defined(HAVE_KRB5_FREE_HOST_REALM) -#if defined(HAVE_KRB5_REALM_TYPE) - /* Heimdal. */ - krb5_realm *realm_list = NULL; -#else - /* MIT */ - char **realm_list = NULL; -#endif - char *realm = NULL; - krb5_error_code kerr; - krb5_context ctx = NULL; - - initialize_krb5_error_table(); - if (krb5_init_context(&ctx)) { - return NULL; - } - - kerr = krb5_get_host_realm(ctx, hostname, &realm_list); - if (kerr != 0) { - DEBUG(3,("kerberos_get_realm_from_hostname %s: " - "failed %s\n", - hostname ? hostname : "(NULL)", - error_message(kerr) )); - goto out; - } - - if (realm_list && realm_list[0]) { - realm = SMB_STRDUP(realm_list[0]); - } - - out: - - if (ctx) { - if (realm_list) { - krb5_free_host_realm(ctx, realm_list); - realm_list = NULL; - } - krb5_free_context(ctx); - ctx = NULL; - } - return realm; -#else - return NULL; -#endif -} /************************************************************************ Routine to get the salting principal for this service. This is @@ -870,7 +818,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, const char *sitename, struct sockaddr_storage *pss) { - char *dname; + char *dname = lock_path("smb_krb5"); char *tmpname = NULL; char *fname = NULL; char *file_contents = NULL; @@ -881,11 +829,6 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, char *realm_upper = NULL; bool result = false; - if (!lp_create_krb5_conf()) { - return false; - } - - dname = lock_path("smb_krb5"); if (!dname) { return false; } @@ -932,7 +875,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, flen = strlen(file_contents); - fd = mkstemp(tmpname); + fd = smb_mkstemp(tmpname); if (fd == -1) { DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed," " for file %s. Errno %s\n", diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 4005ed6600..1fb541d4e6 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -6,23 +6,23 @@ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 Copyright (C) Guenther Deschner 2005 Copyright (C) Gerald Carter 2006 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" -#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/includes.h" #ifdef HAVE_LDAP @@ -192,42 +192,29 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) { char *srv; struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; - TALLOC_CTX *frame = talloc_stackframe(); + TALLOC_CTX *mem_ctx = NULL; bool ret = false; if (!server || !*server) { - TALLOC_FREE(frame); return False; } + + DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", + server, ads->server.realm)); - if (!is_ipaddress(server)) { - struct sockaddr_storage ss; - char addr[INET6_ADDRSTRLEN]; - - if (!resolve_name(server, &ss, 0x20, true)) { - DEBUG(5,("ads_try_connect: unable to resolve name %s\n", - server )); - TALLOC_FREE(frame); - return false; - } - print_sockaddr(addr, sizeof(addr), &ss); - srv = talloc_strdup(frame, addr); - } else { - /* this copes with inet_ntoa brokenness */ - srv = talloc_strdup(frame, server); - } - - if (!srv) { - TALLOC_FREE(frame); + mem_ctx = talloc_init("ads_try_connect"); + if (!mem_ctx) { + DEBUG(0,("out of memory\n")); return false; } - DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", - srv, ads->server.realm)); + /* this copes with inet_ntoa brokenness */ + + srv = SMB_STRDUP(server); ZERO_STRUCT( cldap_reply ); - if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) { + if ( !ads_cldap_netlogon_5(mem_ctx, srv, ads->server.realm, &cldap_reply ) ) { DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv)); ret = false; goto out; @@ -280,10 +267,10 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) sitename_store( cldap_reply.dns_domain, cldap_reply.client_site); ret = true; - out: + SAFE_FREE(srv); + TALLOC_FREE(mem_ctx); - TALLOC_FREE(frame); return ret; } @@ -424,7 +411,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) SAFE_FREE(sitename); return NT_STATUS_OK; } - + /* keep track of failures */ add_failed_connection_entry( realm, server, NT_STATUS_UNSUCCESSFUL ); } @@ -665,7 +652,7 @@ got_connection: #endif /* If the caller() requested no LDAP bind, then we are done */ - + if (ads->auth.flags & ADS_AUTH_NO_BIND) { status = ADS_SUCCESS; goto out; @@ -676,7 +663,7 @@ got_connection: status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); goto out; } - + /* Otherwise setup the TCP LDAP session */ ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, @@ -703,14 +690,14 @@ got_connection: } /* fill in the current time and offsets */ - + status = ads_current_time( ads ); if ( !ADS_ERR_OK(status) ) { goto out; } /* Now do the bind */ - + if (ads->auth.flags & ADS_AUTH_ANON_BIND) { status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL)); goto out; @@ -794,7 +781,7 @@ static struct berval **ads_dup_values(TALLOC_CTX *ctx, { struct berval **values; int i; - + if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ @@ -839,7 +826,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) char **values; int i; size_t converted_size; - + if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ @@ -914,7 +901,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, goto done; } } - + /* Paged results only available on ldap v3 or later */ ldap_get_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); if (version < LDAP_VERSION3) { @@ -989,7 +976,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, handle them and paged results at the same time. Using them together results in the result record containing the server page control being removed from the result list (tridge/jmcd) - + leaving this in despite the control that says don't generate referrals, in case the server doesn't support it (jmcd) */ @@ -1044,7 +1031,7 @@ done: if (ext_bv) { ber_bvfree(ext_bv); } - + /* if/when we decide to utf8-encode attrs, take out this next line */ TALLOC_FREE(search_attrs); @@ -1172,7 +1159,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, &res, &count, &cookie); if (!ADS_ERR_OK(status)) break; - + ads_process_results(ads, res, fn, data_area); ads_msgfree(ads, res); } @@ -1360,7 +1347,7 @@ char *ads_parent_dn(const char *dn) DEBUG(1, ("asprintf failed!\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - + status = ads_search(ads, res, expr, attrs); SAFE_FREE(expr); return status; @@ -1375,12 +1362,12 @@ ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx) { #define ADS_MODLIST_ALLOC_SIZE 10 LDAPMod **mods; - + if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1))) /* -1 is safety to make sure we don't go over the end. need to reset it to NULL before doing ldap modify */ mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1; - + return (ADS_MODLIST)mods; } @@ -1421,7 +1408,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, modlist[curmod+ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1; *mods = (ADS_MODLIST)modlist; } - + if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod))) return ADS_ERROR(LDAP_NO_MEMORY); modlist[curmod]->mod_type = talloc_strdup(ctx, name); @@ -1523,7 +1510,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) controls[0] = &PermitModify; controls[1] = NULL; - if (!push_utf8_talloc(talloc_tos(), &utf8_dn, mod_dn, &converted_size)) { + if (!push_utf8_allocate(&utf8_dn, mod_dn, &converted_size)) { return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -1533,7 +1520,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) mods[i] = NULL; ret = ldap_modify_ext_s(ads->ldap.ld, utf8_dn, (LDAPMod **) mods, controls, NULL); - TALLOC_FREE(utf8_dn); + SAFE_FREE(utf8_dn); return ADS_ERROR(ret); } @@ -1550,18 +1537,18 @@ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods) char *utf8_dn = NULL; size_t converted_size; - if (!push_utf8_talloc(talloc_tos(), &utf8_dn, new_dn, &converted_size)) { - DEBUG(1, ("ads_gen_add: push_utf8_talloc failed!")); + if (!push_utf8_allocate(&utf8_dn, new_dn, &converted_size)) { + DEBUG(1, ("ads_gen_add: push_utf8_allocate failed!")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - + /* find the end of the list, marked by NULL or -1 */ for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++); /* make sure the end of the list is NULL */ mods[i] = NULL; ret = ldap_add_s(ads->ldap.ld, utf8_dn, (LDAPMod**)mods); - TALLOC_FREE(utf8_dn); + SAFE_FREE(utf8_dn); return ADS_ERROR(ret); } @@ -1576,13 +1563,13 @@ ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn) int ret; char *utf8_dn = NULL; size_t converted_size; - if (!push_utf8_talloc(talloc_tos(), &utf8_dn, del_dn, &converted_size)) { - DEBUG(1, ("ads_del_dn: push_utf8_talloc failed!")); + if (!push_utf8_allocate(&utf8_dn, del_dn, &converted_size)) { + DEBUG(1, ("ads_del_dn: push_utf8_allocate failed!")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - + ret = ldap_delete_s(ads->ldap.ld, utf8_dn); - TALLOC_FREE(utf8_dn); + SAFE_FREE(utf8_dn); return ADS_ERROR(ret); } @@ -1606,7 +1593,7 @@ char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit) /* samba4 might not yet respond to a wellknownobject-query */ return ret ? ret : SMB_STRDUP("cn=Computers"); } - + if (strequal(org_unit, "Computers")) { return SMB_STRDUP("cn=Computers"); } @@ -1681,7 +1668,7 @@ char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid) for (i=1; i < new_ln; i++) { char *s = NULL; - + if (asprintf(&s, "%s,%s", ret, wkn_dn_exp[i]) == -1) { SAFE_FREE(ret); goto out; @@ -1908,7 +1895,7 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n } /* add short name spn */ - + if ( (psp1 = talloc_asprintf(ctx, "%s/%s", spn, machine_name)) == NULL ) { talloc_destroy(ctx); ads_msgfree(ads, res); @@ -1917,13 +1904,13 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n strupper_m(psp1); strlower_m(&psp1[strlen(spn)]); servicePrincipalName[0] = psp1; - + DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n", psp1, machine_name)); /* add fully qualified spn */ - + if ( (psp2 = talloc_asprintf(ctx, "%s/%s", spn, my_fqdn)) == NULL ) { ret = ADS_ERROR(LDAP_NO_MEMORY); goto out; @@ -1939,18 +1926,18 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n ret = ADS_ERROR(LDAP_NO_MEMORY); goto out; } - + ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName); if (!ADS_ERR_OK(ret)) { DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n")); goto out; } - + if ( (dn_string = ads_get_dn(ads, ctx, res)) == NULL ) { ret = ADS_ERROR(LDAP_NO_MEMORY); goto out; } - + ret = ads_gen_mod(ads, dn_string, mods); if (!ADS_ERR_OK(ret)) { DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n")); @@ -1987,7 +1974,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, uint32 acct_control = ( UF_WORKSTATION_TRUST_ACCOUNT |\ UF_DONT_EXPIRE_PASSWD |\ UF_ACCOUNTDISABLE ); - + if (!(ctx = talloc_init("ads_add_machine_acct"))) return ADS_ERROR(LDAP_NO_MEMORY); @@ -2004,7 +1991,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, if ( !new_dn || !samAccountName ) { goto done; } - + #ifndef ENCTYPE_ARCFOUR_HMAC acct_control |= UF_USE_DES_KEY_ONLY; #endif @@ -2016,7 +2003,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, if (!(mods = ads_init_mods(ctx))) { goto done; } - + ads_mod_str(ctx, &mods, "cn", machine_name); ads_mod_str(ctx, &mods, "sAMAccountName", samAccountName); ads_mod_strlist(ctx, &mods, "objectClass", objectClass); @@ -2028,7 +2015,7 @@ done: SAFE_FREE(machine_escaped); ads_msgfree(ads, res); talloc_destroy(ctx); - + return ret; } @@ -2267,7 +2254,7 @@ static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *da msg = ads_next_entry(ads, msg)) { char *utf8_field; BerElement *b; - + for (utf8_field=ldap_first_attribute(ads->ldap.ld, (LDAPMessage *)msg,&b); utf8_field; @@ -2386,7 +2373,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) values = ldap_get_values(ads->ldap.ld, msg, field); if (!values) return NULL; - + if (values[0] && pull_utf8_talloc(mem_ctx, &ux_string, values[0], &converted_size)) { @@ -2468,7 +2455,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) size_t num_new_strings; unsigned long int range_start; unsigned long int range_end; - + /* we might have been given the whole lot anyway */ if ((strings = ads_pull_strings(ads, mem_ctx, msg, field, num_strings))) { *more_strings = False; @@ -2494,7 +2481,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) *more_strings = False; return NULL; } - + if (sscanf(&range_attr[strlen(expected_range_attrib)], "%lu-%lu", &range_start, &range_end) == 2) { *more_strings = True; @@ -2521,7 +2508,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) } new_strings = ads_pull_strings(ads, mem_ctx, msg, range_attr, &num_new_strings); - + if (*more_strings && ((*num_strings + num_new_strings) != (range_end + 1))) { DEBUG(1, ("ads_pull_strings_range: Range attribute (%s) tells us we have %lu " "strings in this bunch, but we only got %lu - aborting range retreival\n", @@ -2534,13 +2521,13 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *, *num_strings + num_new_strings); - + if (strings == NULL) { ldap_memfree(range_attr); *more_strings = False; return NULL; } - + if (new_strings && num_new_strings) { memcpy(&strings[*num_strings], new_strings, sizeof(*new_strings) * num_new_strings); @@ -2553,7 +2540,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) "%s;range=%d-*", field, (int)*num_strings); - + if (!*next_attribute) { DEBUG(1, ("talloc_asprintf for next attribute failed!\n")); ldap_memfree(range_attr); @@ -2608,7 +2595,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) values = ldap_get_values(ads->ldap.ld, msg, "objectGUID"); if (!values) return False; - + if (values[0]) { memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); smb_uuid_unpack(flat_guid, guid); @@ -2632,7 +2619,19 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) bool ads_pull_sid(ADS_STRUCT *ads, LDAPMessage *msg, const char *field, DOM_SID *sid) { - return smbldap_pull_sid(ads->ldap.ld, msg, field, sid); + struct berval **values; + bool ret = False; + + values = ldap_get_values_len(ads->ldap.ld, msg, field); + + if (!values) + return False; + + if (values[0]) + ret = sid_parse(values[0]->bv_val, values[0]->bv_len, sid); + + ldap_value_free_len(values); + return ret; } /** @@ -2678,7 +2677,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) count++; } } - + ldap_value_free_len(values); return count; } @@ -2713,7 +2712,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) ret = false; } } - + ldap_value_free_len(values); return ret; } @@ -2842,7 +2841,7 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads) } /* but save the time and offset in the original ADS_STRUCT */ - + ads->config.current_time = ads_parse_time(timestr); if (ads->config.current_time != 0) { @@ -2873,7 +2872,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val) ADS_STATUS status; LDAPMessage *res; ADS_STRUCT *ads_s = ads; - + *val = DS_DOMAIN_FUNCTION_2000; /* establish a new ldap tcp session if necessary */ @@ -2893,7 +2892,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val) /* If the attribute does not exist assume it is a Windows 2000 functional domain */ - + status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(status)) { if ( status.err.rc == LDAP_NO_SUCH_ATTRIBUTE ) { @@ -2907,7 +2906,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val) } DEBUG(3,("ads_domain_func_level: %d\n", *val)); - + ads_msgfree(ads, res); done: @@ -2939,7 +2938,7 @@ ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, DOM_SID *sid) return ADS_ERROR_SYSTEM(ENOENT); } ads_msgfree(ads, res); - + return ADS_SUCCESS; } @@ -3314,26 +3313,26 @@ char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine ADS_STATUS status; int count = 0; char *name = NULL; - + status = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", global_myname())); goto out; } - + if ( (count = ads_count_replies(ads, res)) != 1 ) { DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count)); goto out; } - + if ( (name = ads_pull_string(ads, ctx, res, "dNSHostName")) == NULL ) { DEBUG(0,("ads_get_dnshostname: No dNSHostName attribute!\n")); } out: ads_msgfree(ads, res); - + return name; } @@ -3378,26 +3377,26 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach ADS_STATUS status; int count = 0; char *name = NULL; - + status = ads_find_machine_acct(ads, &res, global_myname()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", global_myname())); goto out; } - + if ( (count = ads_count_replies(ads, res)) != 1 ) { DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count)); goto out; } - + if ( (name = ads_pull_string(ads, ctx, res, "sAMAccountName")) == NULL ) { DEBUG(0,("ads_get_dnshostname: No sAMAccountName attribute!\n")); } out: ads_msgfree(ads, res); - + return name; } @@ -3713,7 +3712,7 @@ ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads, status = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, filter, attrs, &res); - + if (!ADS_ERR_OK(status)) { goto out; } @@ -3841,6 +3840,7 @@ const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads, done: ads_msgfree(ads, res); return result; + } /** @@ -3858,36 +3858,34 @@ ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, struct ldb_dn *name_dn = NULL; const char *name = NULL; char *ou_string = NULL; - struct ldb_context *ldb = ldb_init(mem_ctx, NULL); - name_dn = ldb_dn_new(mem_ctx, ldb, *account_ou); - if (name_dn && ldb_dn_validate(name_dn)) { - talloc_free(ldb); + name_dn = ldb_dn_explode(mem_ctx, *account_ou); + if (name_dn) { return ADS_SUCCESS; } ou_string = ads_ou_string(ads, *account_ou); if (!ou_string) { - talloc_free(ldb); return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } - name_dn = ldb_dn_new_fmt(mem_ctx, ldb, "%s,%s", ou_string, - ads->config.bind_path); + name = talloc_asprintf(mem_ctx, "%s,%s", ou_string, + ads->config.bind_path); SAFE_FREE(ou_string); + if (!name) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } - if (!name_dn || !ldb_dn_validate(name_dn)) { - talloc_free(ldb); + name_dn = ldb_dn_explode(mem_ctx, name); + if (!name_dn) { return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } *account_ou = talloc_strdup(mem_ctx, name); if (!*account_ou) { - talloc_free(ldb); return ADS_ERROR_LDAP(LDAP_NO_MEMORY); } - talloc_free(ldb); return ADS_SUCCESS; } diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c index b5a3e6ba43..7fec58c7eb 100644 --- a/source3/libads/ldap_printer.c +++ b/source3/libads/ldap_printer.c @@ -18,7 +18,6 @@ */ #include "includes.h" -#include "../librpc/gen_ndr/cli_spoolss.h" #ifdef HAVE_ADS @@ -119,7 +118,7 @@ ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn, map a REG_SZ to an ldap mod */ static bool map_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const struct regval_blob *value) + const REGISTRY_VALUE *value) { char *str_value = NULL; size_t converted_size; @@ -146,7 +145,7 @@ static bool map_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, map a REG_DWORD to an ldap mod */ static bool map_dword(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const struct regval_blob *value) + const REGISTRY_VALUE *value) { char *str_value = NULL; ADS_STATUS status; @@ -165,7 +164,7 @@ static bool map_dword(TALLOC_CTX *ctx, ADS_MODLIST *mods, map a boolean REG_BINARY to an ldap mod */ static bool map_bool(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const struct regval_blob *value) + const REGISTRY_VALUE *value) { char *str_value; ADS_STATUS status; @@ -185,7 +184,7 @@ static bool map_bool(TALLOC_CTX *ctx, ADS_MODLIST *mods, map a REG_MULTI_SZ to an ldap mod */ static bool map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const struct regval_blob *value) + const REGISTRY_VALUE *value) { char **str_values = NULL; size_t converted_size; @@ -226,14 +225,14 @@ static bool map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, struct valmap_to_ads { const char *valname; - bool (*fn)(TALLOC_CTX *, ADS_MODLIST *, const struct regval_blob *); + bool (*fn)(TALLOC_CTX *, ADS_MODLIST *, const REGISTRY_VALUE *); }; /* map a REG_SZ to an ldap mod */ static void map_regval_to_ads(TALLOC_CTX *ctx, ADS_MODLIST *mods, - struct regval_blob *value) + REGISTRY_VALUE *value) { const struct valmap_to_ads map[] = { {SPOOL_REG_ASSETNUMBER, map_sz}, @@ -345,7 +344,7 @@ WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli, } else { /* Have the data we need now, so start building */ for (i=0; i < count; i++) { - struct regval_blob v; + REGISTRY_VALUE v; DATA_BLOB blob; result = push_spoolss_PrinterData(mem_ctx, &blob, @@ -372,7 +371,7 @@ WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli, printername, win_errstr(result))); } else { for (i=0; i < count; i++) { - struct regval_blob v; + REGISTRY_VALUE v; DATA_BLOB blob = data_blob_null; result = push_spoolss_PrinterData(mem_ctx, &blob, @@ -404,7 +403,7 @@ bool get_local_printer_publishing_data(TALLOC_CTX *mem_ctx, uint32 key,val; for (key=0; key < data->num_keys; key++) { - struct regval_ctr *ctr = data->keys[key].values; + REGVAL_CTR *ctr = data->keys[key].values; for (val=0; val < ctr->num_values; val++) map_regval_to_ads(mem_ctx, mods, ctr->values[val]); } diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index a841fbdca8..b5d2d35889 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -122,7 +122,7 @@ const char *ads_get_attrname_by_guid(ADS_STRUCT *ads, goto done; } - guid_bin = guid_binstring(mem_ctx, schema_guid); + guid_bin = guid_binstring(schema_guid); if (!guid_bin) { goto done; } @@ -145,7 +145,7 @@ const char *ads_get_attrname_by_guid(ADS_STRUCT *ads, result = ads_pull_string(ads, mem_ctx, res, "lDAPDisplayName"); done: - TALLOC_FREE(guid_bin); + SAFE_FREE(guid_bin); ads_msgfree(ads, res); return result; diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c index 69dc05335e..eecd9045e5 100644 --- a/source3/libads/ldap_user.c +++ b/source3/libads/ldap_user.c @@ -30,18 +30,18 @@ ADS_STATUS status; char *ldap_exp; const char *attrs[] = {"*", NULL}; - char *escaped_user = escape_ldap_string(talloc_tos(), user); + char *escaped_user = escape_ldap_string_alloc(user); if (!escaped_user) { return ADS_ERROR(LDAP_NO_MEMORY); } if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) { - TALLOC_FREE(escaped_user); + SAFE_FREE(escaped_user); return ADS_ERROR(LDAP_NO_MEMORY); } status = ads_search(ads, res, ldap_exp, attrs); SAFE_FREE(ldap_exp); - TALLOC_FREE(escaped_user); + SAFE_FREE(escaped_user); return status; } diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 9b4d8bd2d4..3182b936e0 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -18,7 +18,6 @@ */ #include "includes.h" -#include "../libcli/auth/spnego.h" #ifdef HAVE_LDAP diff --git a/source3/libads/util.c b/source3/libads/util.c index 9dcb906a37..2c7ccfebd6 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -26,7 +26,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip char *password; char *new_password; ADS_STATUS ret; - enum netr_SchannelType sec_channel_type; + uint32 sec_channel_type; if ((password = secrets_fetch_machine_password(lp_workgroup(), NULL, &sec_channel_type)) == NULL) { DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal)); |