diff options
author | Gerald Carter <jerry@samba.org> | 2002-09-25 15:19:00 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2002-09-25 15:19:00 +0000 |
commit | a834a73e341059be154426390304a42e4a011f72 (patch) | |
tree | 7f53b0f7819238e0ee0396daccf5d924cb9b8d29 /source3/libads/ldap.c | |
parent | 115a39775cb923d026dde58633b6ba6aef3a1943 (diff) | |
download | samba-a834a73e341059be154426390304a42e4a011f72.tar.gz samba-a834a73e341059be154426390304a42e4a011f72.tar.xz samba-a834a73e341059be154426390304a42e4a011f72.zip |
sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
Diffstat (limited to 'source3/libads/ldap.c')
-rw-r--r-- | source3/libads/ldap.c | 94 |
1 files changed, 72 insertions, 22 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2672489482..7a0afb1a81 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -63,6 +63,7 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port) ads->ldap_port = port; ads->ldap_ip = *interpret_addr2(srv); free(srv); + return True; } @@ -204,7 +205,6 @@ static BOOL ads_try_netbios(ADS_STRUCT *ads) ADS_STATUS ads_connect(ADS_STRUCT *ads) { int version = LDAP_VERSION3; - int code; ADS_STATUS status; ads->last_attempt = time(NULL); @@ -226,7 +226,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) /* try via DNS */ if (ads_try_dns(ads)) { goto got_connection; - } + } /* try via netbios lookups */ if (!lp_disable_netbios() && ads_try_netbios(ads)) { @@ -274,12 +274,7 @@ got_connection: } #endif - if (ads->auth.password) { - if ((code = ads_kinit_password(ads))) - return ADS_ERROR_KRB5(code); - } - - if (ads->auth.no_bind) { + if (ads->auth.flags & ADS_AUTH_NO_BIND) { return ADS_SUCCESS; } @@ -613,14 +608,17 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, char *utf8_exp, *utf8_path, **search_attrs = NULL; TALLOC_CTX *ctx; - if (!(ctx = talloc_init())) + if (!(ctx = talloc_init())) { + DEBUG(1,("ads_do_search: talloc_init() failed!")); return ADS_ERROR(LDAP_NO_MEMORY); + } /* 0 means the conversion worked but the result was empty so we only fail if it's negative. In any case, it always at least nulls out the dest */ if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) || (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) { + DEBUG(1,("ads_do_search: push_utf8_talloc() failed!")); rc = LDAP_NO_MEMORY; goto done; } @@ -632,6 +630,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ if (!(str_list_copy(&search_attrs, attrs))) { + DEBUG(1,("ads_do_search: str_list_copy() failed!")); rc = LDAP_NO_MEMORY; goto done; } @@ -826,7 +825,11 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val) { - const char *values[2] = {val, NULL}; + const char *values[2]; + + values[0] = val; + values[1] = NULL; + if (!val) return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, @@ -861,7 +864,10 @@ ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const struct berval *val) { - const struct berval *values[2] = {val, NULL}; + const struct berval *values[2]; + + values[0] = val; + values[1] = NULL; if (!val) return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES, @@ -884,7 +890,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) non-existent attribute (but allowable for the object) to run */ LDAPControl PermitModify = { - "1.2.840.113556.1.4.1413", + ADS_PERMIT_MODIFY_OID, {0, NULL}, (char) 1}; LDAPControl *controls[2]; @@ -1410,7 +1416,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, */ asprintf(&principal, "%s$@%s", host, ads->auth.realm); - status = krb5_set_password(ads->auth.kdc_server, principal, password); + status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); free(host); free(principal); @@ -1616,6 +1622,26 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn) return ADS_SUCCESS; } +/* parse a ADS timestring - typical string is + '20020917091222.0Z0' which means 09:12.22 17th September + 2002, timezone 0 */ +static time_t ads_parse_time(const char *str) +{ + struct tm tm; + + ZERO_STRUCT(tm); + + if (sscanf(str, "%4d%2d%2d%2d%2d%2d", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday, + &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { + return 0; + } + tm.tm_year -= 1900; + tm.tm_mon -= 1; + + return timegm(&tm); +} + /** * Find the servers name and realm - this can be done before authentication @@ -1626,22 +1652,37 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn) **/ ADS_STATUS ads_server_info(ADS_STRUCT *ads) { - const char *attrs[] = {"ldapServiceName", NULL}; + const char *attrs[] = {"ldapServiceName", "currentTime", NULL}; ADS_STATUS status; void *res; - char **values; + char *value; char *p; + char *timestr; + TALLOC_CTX *ctx; + + if (!(ctx = talloc_init())) { + return ADS_ERROR(LDAP_NO_MEMORY); + } status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(status)) return status; - values = ldap_get_values(ads->ld, res, "ldapServiceName"); - if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); + value = ads_pull_string(ads, ctx, res, "ldapServiceName"); + if (!value) { + return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); + } + + timestr = ads_pull_string(ads, ctx, res, "currentTime"); + if (!timestr) { + return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); + } + + ldap_msgfree(res); - p = strchr(values[0], ':'); + p = strchr(value, ':'); if (!p) { - ldap_value_free(values); - ldap_msgfree(res); + talloc_destroy(ctx); + DEBUG(1, ("ads_server_info: returned ldap server name did not contain a ':' so was deemed invalid\n")); return ADS_ERROR(LDAP_DECODING_ERROR); } @@ -1650,9 +1691,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads) ads->config.ldap_server_name = strdup(p+1); p = strchr(ads->config.ldap_server_name, '$'); if (!p || p[1] != '@') { - ldap_value_free(values); - ldap_msgfree(res); + talloc_destroy(ctx); SAFE_FREE(ads->config.ldap_server_name); + DEBUG(1, ("ads_server_info: returned ldap server name did not contain '$@' so was deemed invalid\n")); return ADS_ERROR(LDAP_DECODING_ERROR); } @@ -1667,6 +1708,15 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads) DEBUG(3,("got ldap server name %s@%s\n", ads->config.ldap_server_name, ads->config.realm)); + ads->config.current_time = ads_parse_time(timestr); + + if (ads->config.current_time != 0) { + ads->auth.time_offset = ads->config.current_time - time(NULL); + DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset)); + } + + talloc_destroy(ctx); + return ADS_SUCCESS; } |