diff options
Diffstat (limited to 'source3/libads/ldap.c')
| -rw-r--r-- | source3/libads/ldap.c | 145 |
1 files changed, 74 insertions, 71 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 90c645c44a..128c133760 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -59,14 +59,47 @@ static void gotalarm_sig(int signum) gotalarm = 1; } - LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) + LDAP *ldap_open_with_timeout(const char *server, + struct sockaddr_storage *ss, + int port, unsigned int to) { LDAP *ldp = NULL; - DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout " "%u seconds\n", server, port, to)); +#if defined(HAVE_LDAP_INIT_FD) && defined(SOCKET_WRAPPER) + /* Only use this private LDAP function if we are in make test, + * as this is the best way to get the emulated TCP socket into + * OpenLDAP */ + if (socket_wrapper_dir() != NULL) { + int fd, ldap_err; + NTSTATUS status; + char *uri; + + status = open_socket_out(ss, port, to, &fd); + + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + +#ifndef LDAP_PROTO_TCP +#define LDAP_PROTO_TCP 1 +#endif + uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port); + if (uri == NULL) { + return NULL; + } + ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp); + talloc_free(uri); + + if (ldap_err != LDAP_SUCCESS) { + return NULL; + } + return ldp; + } +#endif + /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, gotalarm_sig); @@ -196,45 +229,32 @@ bool ads_closest_dc(ADS_STRUCT *ads) */ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) { - char *srv; struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; TALLOC_CTX *frame = talloc_stackframe(); bool ret = false; + struct sockaddr_storage ss; + char addr[INET6_ADDRSTRLEN]; if (!server || !*server) { TALLOC_FREE(frame); return False; } - if (!is_ipaddress(server)) { - struct sockaddr_storage ss; - char addr[INET6_ADDRSTRLEN]; - - if (!resolve_name(server, &ss, 0x20, true)) { - DEBUG(5,("ads_try_connect: unable to resolve name %s\n", - server )); - TALLOC_FREE(frame); - return false; - } - print_sockaddr(addr, sizeof(addr), &ss); - srv = talloc_strdup(frame, addr); - } else { - /* this copes with inet_ntoa brokenness */ - srv = talloc_strdup(frame, server); - } - - if (!srv) { + if (!resolve_name(server, &ss, 0x20, true)) { + DEBUG(5,("ads_try_connect: unable to resolve name %s\n", + server )); TALLOC_FREE(frame); return false; } + print_sockaddr(addr, sizeof(addr), &ss); DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", - srv, ads->server.realm)); + addr, ads->server.realm)); ZERO_STRUCT( cldap_reply ); - if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) { - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv)); + if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { + DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); ret = false; goto out; } @@ -243,7 +263,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) { DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n", - srv)); + addr)); ret = false; goto out; } @@ -273,13 +293,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; - if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) { - DEBUG(1,("ads_try_connect: unable to convert %s " - "to an address\n", - srv)); - ret = false; - goto out; - } + ads->ldap.ss = ss; /* Store our site name. */ sitename_store( cldap_reply.domain_name, cldap_reply.client_site); @@ -515,7 +529,7 @@ ADS_STATUS ads_connect_gc(ADS_STRUCT *ads) TALLOC_CTX *frame = talloc_stackframe(); struct dns_rr_srv *gcs_list; int num_gcs; - char *realm = ads->server.realm; + const char *realm = ads->server.realm; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); int i; @@ -643,7 +657,7 @@ got_connection: /* Must use the userPrincipalName value here or sAMAccountName and not servicePrincipalName; found by Guenther Deschner */ - if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) { + if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) { DEBUG(0,("ads_connect: asprintf fail.\n")); ads->auth.user_name = NULL; } @@ -658,18 +672,6 @@ got_connection: ads->auth.kdc_server = SMB_STRDUP(addr); } -#if KRB5_DNS_HACK - /* this is a really nasty hack to avoid ADS DNS problems. It needs a patch - to MIT kerberos to work (tridge) */ - { - char *env = NULL; - if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) { - setenv(env, ads->auth.kdc_server, 1); - free(env); - } - } -#endif - /* If the caller() requested no LDAP bind, then we are done */ if (ads->auth.flags & ADS_AUTH_NO_BIND) { @@ -686,6 +688,7 @@ got_connection: /* Otherwise setup the TCP LDAP session */ ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, + &ads->ldap.ss, ads->ldap.port, lp_ldap_timeout()); if (ads->ldap.ld == NULL) { status = ADS_ERROR(LDAP_OPERATIONS_ERROR); @@ -781,13 +784,13 @@ static struct berval *dup_berval(TALLOC_CTX *ctx, const struct berval *in_val) if (!in_val) return NULL; - value = TALLOC_ZERO_P(ctx, struct berval); + value = talloc_zero(ctx, struct berval); if (value == NULL) return NULL; if (in_val->bv_len == 0) return value; value->bv_len = in_val->bv_len; - value->bv_val = (char *)TALLOC_MEMDUP(ctx, in_val->bv_val, + value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val, in_val->bv_len); return value; } @@ -804,7 +807,7 @@ static struct berval **ads_dup_values(TALLOC_CTX *ctx, if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1); + values = talloc_zero_array(ctx, struct berval *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -825,7 +828,7 @@ static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals) if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, char *, i+1); + values = talloc_zero_array(ctx, char *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -849,7 +852,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, char *, i+1); + values = talloc_zero_array(ctx, char *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -937,21 +940,21 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0); } ber_flatten(cookie_be, &cookie_bv); - PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID); + PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID); PagedResults.ldctl_iscritical = (char) 1; PagedResults.ldctl_value.bv_len = cookie_bv->bv_len; PagedResults.ldctl_value.bv_val = cookie_bv->bv_val; - NoReferrals.ldctl_oid = CONST_DISCARD(char *, ADS_NO_REFERRALS_OID); + NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID); NoReferrals.ldctl_iscritical = (char) 0; NoReferrals.ldctl_value.bv_len = 0; - NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, ""); + NoReferrals.ldctl_value.bv_val = discard_const_p(char, ""); if (external_control && (strequal(external_control->control, ADS_EXTENDED_DN_OID) || strequal(external_control->control, ADS_SD_FLAGS_OID))) { - ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control); + ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control); ExternalCtrl.ldctl_iscritical = (char) external_control->critical; /* win2k does not accept a ldctl_value beeing passed in */ @@ -1382,7 +1385,7 @@ ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx) #define ADS_MODLIST_ALLOC_SIZE 10 LDAPMod **mods; - if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1))) + if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1))) /* -1 is safety to make sure we don't go over the end. need to reset it to NULL before doing ldap modify */ mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1; @@ -1419,7 +1422,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1; curmod++); if (modlist[curmod] == (LDAPMod *) -1) { - if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *, + if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *, curmod+ADS_MODLIST_ALLOC_SIZE+1))) return ADS_ERROR(LDAP_NO_MEMORY); memset(&modlist[curmod], 0, @@ -1428,7 +1431,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, *mods = (ADS_MODLIST)modlist; } - if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod))) + if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod))) return ADS_ERROR(LDAP_NO_MEMORY); modlist[curmod]->mod_type = talloc_strdup(ctx, name); if (mod_op & LDAP_MOD_BVALUES) { @@ -1521,7 +1524,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) non-existent attribute (but allowable for the object) to run */ LDAPControl PermitModify = { - CONST_DISCARD(char *, ADS_PERMIT_MODIFY_OID), + discard_const_p(char, ADS_PERMIT_MODIFY_OID), {0, NULL}, (char) 1}; LDAPControl *controls[2]; @@ -2225,7 +2228,7 @@ static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *da } for (i=0; handlers[i].name; i++) { - if (StrCaseCmp(handlers[i].name, field) == 0) { + if (strcasecmp_m(handlers[i].name, field) == 0) { if (!values) /* first time, indicate string or not */ return handlers[i].string; handlers[i].handler(ads, field, (struct berval **) values); @@ -2430,7 +2433,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) *num_values = ldap_count_values(values); - ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1); + ret = talloc_array(mem_ctx, char *, *num_values + 1); if (!ret) { ldap_value_free(values); return NULL; @@ -2543,7 +2546,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) return NULL; } - strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *, + strings = talloc_realloc(mem_ctx, current_strings, char *, *num_strings + num_new_strings); if (strings == NULL) { @@ -2666,7 +2669,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) /* nop */ ; if (i) { - (*sids) = TALLOC_ARRAY(mem_ctx, struct dom_sid, i); + (*sids) = talloc_array(mem_ctx, struct dom_sid, i); if (!(*sids)) { ldap_value_free_len(values); return 0; @@ -2854,7 +2857,7 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads) if (ads->config.current_time != 0) { ads->auth.time_offset = ads->config.current_time - time(NULL); - DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset)); + DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset)); } ads_msgfree(ads, res); @@ -3284,7 +3287,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, return 0; } - (*sids) = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, dn_count + 1); + (*sids) = talloc_zero_array(mem_ctx, struct dom_sid, dn_count + 1); if (!(*sids)) { TALLOC_FREE(dn_strings); return 0; @@ -3322,10 +3325,10 @@ char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine int count = 0; char *name = NULL; - status = ads_find_machine_acct(ads, &res, global_myname()); + status = ads_find_machine_acct(ads, &res, lp_netbios_name()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3357,7 +3360,7 @@ char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ) status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_upn: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3386,10 +3389,10 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach int count = 0; char *name = NULL; - status = ads_find_machine_acct(ads, &res, global_myname()); + status = ads_find_machine_acct(ads, &res, lp_netbios_name()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3482,7 +3485,7 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) pldap_control[0] = &ldap_control; memset(&ldap_control, 0, sizeof(LDAPControl)); - ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID; + ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID); /* hostname must be lowercase */ host = SMB_STRDUP(hostname); |