From 240391be5345aef88a25c1221942202ba33588b8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 22:47:03 +0100 Subject: Make use of [un]marshall_sec_desc (This used to be commit 54576733d6c0511dc7379f964b1cb035913b7c8d) --- source3/libads/ldap.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 348ccacaee..953693ce48 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2384,20 +2384,22 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) LDAPMessage *msg, const char *field, SEC_DESC **sd) { struct berval **values; - bool ret = False; + bool ret = true; values = ldap_get_values_len(ads->ldap.ld, msg, field); - if (!values) return False; + if (!values) return false; if (values[0]) { - prs_struct ps; - prs_init(&ps, values[0]->bv_len, mem_ctx, UNMARSHALL); - prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len); - prs_set_offset(&ps,0); - - ret = sec_io_desc("sd", sd, &ps, 1); - prs_mem_free(&ps); + NTSTATUS status; + status = unmarshall_sec_desc(mem_ctx, + (uint8 *)values[0]->bv_val, + values[0]->bv_len, sd); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("unmarshall_sec_desc failed: %s\n", + nt_errstr(status))); + ret = false; + } } ldap_value_free_len(values); -- cgit From b076a7e802a89bdc5b369e98c7d69d8f970d8265 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 17:28:09 +0100 Subject: Add ads_get_joinable_ous(). Guenther (This used to be commit 5bbceac88159ef6ff83d9cc62c77c7af2116967d) --- source3/libads/ldap.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 953693ce48..843d57988c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2790,6 +2790,66 @@ ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffix return status; } +/** + * get the joinable ous for a domain + * @param ads connection to ads server + * @param mem_ctx Pointer to talloc context + * @param ous Pointer to an array of ous + * @param num_ous Pointer to the number of ous + * @return status of search + **/ +ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + char ***ous, + size_t *num_ous) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + LDAPMessage *msg = NULL; + const char *attrs[] = { "dn", NULL }; + int count = 0; + + status = ads_search(ads, &res, + "(|(objectClass=domain)(objectclass=organizationalUnit))", + attrs); + if (!ADS_ERR_OK(status)) { + return status; + } + + count = ads_count_replies(ads, res); + if (count < 1) { + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); + } + + for (msg = ads_first_entry(ads, res); msg; + msg = ads_next_entry(ads, msg)) { + + char *dn = NULL; + + dn = ads_get_dn(ads, msg); + if (!dn) { + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if (!add_string_to_array(mem_ctx, dn, + (const char ***)ous, + (int *)num_ous)) { + ads_memfree(ads, dn); + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + ads_memfree(ads, dn); + } + + ads_msgfree(ads, res); + + return status; +} + + /** * pull a DOM_SID from an extended dn string * @param mem_ctx TALLOC_CTX -- cgit From 3f42428f9bca5b8473501adc932405cae3c247bb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 21:45:28 +0100 Subject: Fix a misleading DEBUG message. At this stage, the (tcp) connection to the LDAP server has not been established, this is what is about to be attempted. What has been succesfully done, is a CLDAP netlogon query. Michael (This used to be commit 71c3c8ad4c92c5f6267b84ee1d207e5e49e9a4ec) --- source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 843d57988c..138dfe9015 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -400,7 +400,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) got_connection: print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - DEBUG(3,("Connected to LDAP server %s\n", addr)); + DEBUG(3,("Successfully contacted LDAP server %s\n", addr)); if (!ads->auth.user_name) { /* Must use the userPrincipalName value here or sAMAccountName -- cgit From 4ad3464fb94c7088e7fd731113c682aa7756ef01 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 21:53:25 +0100 Subject: Unindent function header. Michael (This used to be commit cafda34783f0961c9b463803c19cfcb69f836e3f) --- source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 138dfe9015..712e7e2889 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -52,7 +52,7 @@ static void gotalarm_sig(void) gotalarm = 1; } - LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) +LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) { LDAP *ldp = NULL; -- cgit From 34e579fce5a6cc9ffa60fbe6e797b2e6b35c879e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 21:54:02 +0100 Subject: Enhance DEBUG-verbosity of ldap_open_with_timeout(). Michael (This used to be commit 9e70d1f24dd304c363a1bde97b5af618b46edc49) --- source3/libads/ldap.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 712e7e2889..8a2b82a61d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -56,6 +56,10 @@ LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) { LDAP *ldp = NULL; + + DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout " + "%u seconds\n", server, port, to)); + /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); @@ -65,8 +69,10 @@ LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) ldp = ldap_open(server, port); if (ldp == NULL) { - DEBUG(2,("Could not open LDAP connection to %s:%d: %s\n", + DEBUG(2,("Could not open connection to LDAP server %s:%d: %s\n", server, port, strerror(errno))); + } else { + DEBUG(10, ("Connected to LDAP server '%s:%d'\n", server, port)); } /* Teardown timeout. */ -- cgit From 2cb68e3898046ea0dd2ddcf1e32dc7dffca79be8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 21:56:57 +0100 Subject: Untangle assignment and result check. Michael (This used to be commit 465a3b356cffb855e26569d3752f15cac07208c0) --- source3/libads/ldap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 8a2b82a61d..ae8e1e4d4d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -448,9 +448,9 @@ got_connection: /* Otherwise setup the TCP LDAP session */ - if ( (ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, - LDAP_PORT, lp_ldap_timeout())) == NULL ) - { + ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, + LDAP_PORT, lp_ldap_timeout()); + if (ads->ldap.ld == NULL) { return ADS_ERROR(LDAP_OPERATIONS_ERROR); } -- cgit From b54310cbaa9584a46decfa2a5bc4bb2a72381a98 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 22:06:15 +0100 Subject: Add a debug message (when the LDAP server has really been connected). Michael (This used to be commit 7d9d2de39072b3291b95ac3965df0d19f83792b9) --- source3/libads/ldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index ae8e1e4d4d..44560c852d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -453,6 +453,7 @@ got_connection: if (ads->ldap.ld == NULL) { return ADS_ERROR(LDAP_OPERATIONS_ERROR); } + DEBUG(3,("Connected to LDAP server %s\n", ads->config.ldap_server_name)); /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { -- cgit From 4aba7475effff485f265fb975cf467fffd6c7db0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 4 Jan 2008 22:56:10 +0100 Subject: Re-Indent function ldap_open_with_timeout(). This reverts commit #cafda34783f0961c9b463803c19cfcb69f836e3f . I just learned (the hard way) that these indeted functions are not indented by accident but that the intention of this is to not include the prototype into proto.h. Michael (This used to be commit 2e5d01b2146bb9e057b2779d9fe7691ed46d9f45) --- source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 44560c852d..975e926864 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -52,7 +52,7 @@ static void gotalarm_sig(void) gotalarm = 1; } -LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) + LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) { LDAP *ldp = NULL; -- cgit From f89fa0a6f85b74469519ba97752f45db8b879689 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 13:46:54 +0100 Subject: Do not ignore provided machine_name in ads_get_upn(). Guenther (This used to be commit ddc1307844379f99b3dde48fc351d0326d22a7ce) --- source3/libads/ldap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 975e926864..28bc7793d7 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3026,26 +3026,26 @@ char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ) ADS_STATUS status; int count = 0; char *name = NULL; - - status = ads_find_machine_acct(ads, &res, global_myname()); + + status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_upn: Failed to find account for %s\n", global_myname())); goto out; } - + if ( (count = ads_count_replies(ads, res)) != 1 ) { DEBUG(1,("ads_get_upn: %d entries returned!\n", count)); goto out; } - + if ( (name = ads_pull_string(ads, ctx, res, "userPrincipalName")) == NULL ) { DEBUG(2,("ads_get_upn: No userPrincipalName attribute!\n")); } out: ads_msgfree(ads, res); - + return name; } -- cgit From 6c764172e541decc0fa4b0314f4d26ea859c0dfe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 31 Jan 2008 01:50:49 +0100 Subject: When running with debug level > 10, dump ads_struct in ads_connect(). Guenther (This used to be commit 2dd7c64fa8845fe502789068b877f5eaf060afc7) --- source3/libads/ldap.c | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 28bc7793d7..7b0adc2fc3 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -391,6 +391,13 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) /* try with a user specified server */ + if (DEBUGLEVEL >= 11) { + char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads); + DEBUG(11,("ads_connect: entering\n")); + DEBUGADD(11,("%s\n", s)); + TALLOC_FREE(s); + } + if (ads->server.ldap_server && ads_try_connect(ads, ads->server.ldap_server)) { goto got_connection; @@ -401,7 +408,8 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) goto got_connection; } - return ADS_ERROR_NT(ntstatus); + status = ADS_ERROR_NT(ntstatus); + goto out; got_connection: @@ -438,12 +446,14 @@ got_connection: /* If the caller() requested no LDAP bind, then we are done */ if (ads->auth.flags & ADS_AUTH_NO_BIND) { - return ADS_SUCCESS; + status = ADS_SUCCESS; + goto out; } ads->ldap.mem_ctx = talloc_init("ads LDAP connection memory"); if (!ads->ldap.mem_ctx) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + goto out; } /* Otherwise setup the TCP LDAP session */ @@ -451,7 +461,8 @@ got_connection: ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, LDAP_PORT, lp_ldap_timeout()); if (ads->ldap.ld == NULL) { - return ADS_ERROR(LDAP_OPERATIONS_ERROR); + status = ADS_ERROR(LDAP_OPERATIONS_ERROR); + goto out; } DEBUG(3,("Connected to LDAP server %s\n", ads->config.ldap_server_name)); @@ -466,27 +477,40 @@ got_connection: status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); if (!ADS_ERR_OK(status)) { - return status; + goto out; } /* fill in the current time and offsets */ status = ads_current_time( ads ); if ( !ADS_ERR_OK(status) ) { - return status; + goto out; } /* Now do the bind */ if (ads->auth.flags & ADS_AUTH_ANON_BIND) { - return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, NULL, NULL)); + status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL)); + goto out; } if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) { - return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, ads->auth.user_name, ads->auth.password)); + status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth.user_name, ads->auth.password)); + goto out; + } + + status = ads_sasl_bind(ads); + + out: + if (DEBUGLEVEL >= 11) { + char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads); + DEBUG(11,("ads_connect: leaving with: %s\n", + ads_errstr(status))); + DEBUGADD(11,("%s\n", s)); + TALLOC_FREE(s); } - return ads_sasl_bind(ads); + return status; } /** -- cgit