summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-11-20 08:54:15 +0000
committerAndrew Tridgell <tridge@samba.org>2001-11-20 08:54:15 +0000
commit6464bb0ae5d2cb774ccd5187f65a6ff83c051ed9 (patch)
tree870841ead9af4ffb6885c0ace99cd4b7fc401836
parentb1a2ba890aec9463110513ba2ce7ed1e81537cce (diff)
downloadsamba-6464bb0ae5d2cb774ccd5187f65a6ff83c051ed9.tar.gz
samba-6464bb0ae5d2cb774ccd5187f65a6ff83c051ed9.tar.bz2
samba-6464bb0ae5d2cb774ccd5187f65a6ff83c051ed9.zip
added the beginnings of ADS support in smbd
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
-rw-r--r--source3/Makefile.in5
-rw-r--r--source3/acconfig.h1
-rwxr-xr-xsource3/configure270
-rw-r--r--source3/configure.in20
-rw-r--r--source3/include/config.h.in13
-rw-r--r--source3/include/includes.h22
-rw-r--r--source3/libads/ldap.c324
7 files changed, 538 insertions, 117 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f0f873bc7b..d69941bed3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -131,6 +131,8 @@ UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o
+LIBADS_OBJ = libads/ldap.o
+
LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \
libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
@@ -140,7 +142,8 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o \
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
- libsmb/passchange.o libsmb/unexpected.o $(RPC_PARSE_OBJ1)
+ libsmb/passchange.o libsmb/unexpected.o $(RPC_PARSE_OBJ1) \
+ $(LIBADS_OBJ)
LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_dfs.o \
diff --git a/source3/acconfig.h b/source3/acconfig.h
index 5cab86419f..cfd259d46f 100644
--- a/source3/acconfig.h
+++ b/source3/acconfig.h
@@ -182,3 +182,4 @@
#undef I18N_DEFAULT_PREF_LANG
#undef HAVE_KRB5
#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
+#undef HAVE_LDAP
diff --git a/source3/configure b/source3/configure
index 18aec12b80..adddf05108 100755
--- a/source3/configure
+++ b/source3/configure
@@ -2154,7 +2154,7 @@ else
fi
done
-for ac_hdr in security/pam_modules.h security/_pam_macros.h
+for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h sasl.h
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
@@ -5134,7 +5134,7 @@ else
fi
done
-for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset
+for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:5141: checking for $ac_func" >&5
@@ -11280,31 +11280,29 @@ else
fi
-
-########################################################
-# now see if we can find the krb5 libs in standard paths
-if test x$have_krb5 != xyes; then
-echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6
-echo "configure:11289: checking for krb5_mk_req_extended in -lkrb5" >&5
-ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'`
+##################################################################
+# we might need the k5crypto and com_err libraries on some systems
+echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6
+echo "configure:11287: checking for _et_list in -lcom_err" >&5
+ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
-LIBS="-lkrb5 $LIBS"
+LIBS="-lcom_err $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 11297 "configure"
+#line 11295 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
-char krb5_mk_req_extended();
+char _et_list();
int main() {
-krb5_mk_req_extended()
+_et_list()
; return 0; }
EOF
-if { (eval echo configure:11308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11306: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -11319,40 +11317,77 @@ LIBS="$ac_save_LIBS"
fi
if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
echo "$ac_t""yes" 1>&6
- LIBS="$LIBS -lkrb5";
- cat >> confdefs.h <<\EOF
-#define HAVE_KRB5 1
+ LIBS="$LIBS -lcom_err"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6
+echo "configure:11327: checking for krb5_encrypt_data in -lk5crypto" >&5
+ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lk5crypto $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11335 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char krb5_encrypt_data();
+
+int main() {
+krb5_encrypt_data()
+; return 0; }
EOF
+if { (eval echo configure:11346: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ LIBS="$LIBS -lk5crypto"
else
echo "$ac_t""no" 1>&6
fi
-fi
-##################################################################
-# we might need the k5crypto and com_err libraries on some systems
-echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6
-echo "configure:11337: checking for _et_list in -lcom_err" >&5
-ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'`
+
+########################################################
+# now see if we can find the krb5 libs in standard paths
+if test x$have_krb5 != xyes; then
+echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6
+echo "configure:11372: checking for krb5_mk_req_extended in -lkrb5" >&5
+ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
-LIBS="-lcom_err $LIBS"
+LIBS="-lkrb5 $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 11345 "configure"
+#line 11380 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
-char _et_list();
+char krb5_mk_req_extended();
int main() {
-_et_list()
+krb5_mk_req_extended()
; return 0; }
EOF
-if { (eval echo configure:11356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -11367,32 +11402,41 @@ LIBS="$ac_save_LIBS"
fi
if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
echo "$ac_t""yes" 1>&6
- LIBS="$LIBS -lcom_err"
+ LIBS="$LIBS -lkrb5";
+ cat >> confdefs.h <<\EOF
+#define HAVE_KRB5 1
+EOF
+
else
echo "$ac_t""no" 1>&6
fi
-echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6
-echo "configure:11377: checking for krb5_encrypt_data in -lk5crypto" >&5
-ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'`
+fi
+
+########################################################
+# now see if we can find the ldap libs in standard paths
+if test x$have_ldap != xyes; then
+echo $ac_n "checking for ldap_open in -lldap""... $ac_c" 1>&6
+echo "configure:11421: checking for ldap_open in -lldap" >&5
+ac_lib_var=`echo ldap'_'ldap_open | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
-LIBS="-lk5crypto $LIBS"
+LIBS="-lldap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 11385 "configure"
+#line 11429 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
-char krb5_encrypt_data();
+char ldap_open();
int main() {
-krb5_encrypt_data()
+ldap_open()
; return 0; }
EOF
-if { (eval echo configure:11396: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -11407,16 +11451,22 @@ LIBS="$ac_save_LIBS"
fi
if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
echo "$ac_t""yes" 1>&6
- LIBS="$LIBS -lk5crypto"
+ LIBS="$LIBS -lldap -llber";
+ cat >> confdefs.h <<\EOF
+#define HAVE_LDAP 1
+EOF
+
else
echo "$ac_t""no" 1>&6
fi
+fi
+
#################################################
# check for automount support
echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6
-echo "configure:11420: checking whether to use AUTOMOUNT" >&5
+echo "configure:11470: checking whether to use AUTOMOUNT" >&5
# Check whether --with-automount or --without-automount was given.
if test "${with_automount+set}" = set; then
withval="$with_automount"
@@ -11441,7 +11491,7 @@ fi
#################################################
# check for smbmount support
echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6
-echo "configure:11445: checking whether to use SMBMOUNT" >&5
+echo "configure:11495: checking whether to use SMBMOUNT" >&5
# Check whether --with-smbmount or --without-smbmount was given.
if test "${with_smbmount+set}" = set; then
withval="$with_smbmount"
@@ -11478,7 +11528,7 @@ fi
# check for a PAM clear-text auth, accounts, password and session support
with_pam_for_crypt=no
echo $ac_n "checking whether to use PAM""... $ac_c" 1>&6
-echo "configure:11482: checking whether to use PAM" >&5
+echo "configure:11532: checking whether to use PAM" >&5
# Check whether --with-pam or --without-pam was given.
if test "${with_pam+set}" = set; then
withval="$with_pam"
@@ -11504,7 +11554,7 @@ fi
# we can't build a pam module if we don't have pam.
echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6
-echo "configure:11508: checking for pam_get_data in -lpam" >&5
+echo "configure:11558: checking for pam_get_data in -lpam" >&5
ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -11512,7 +11562,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpam $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 11516 "configure"
+#line 11566 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -11523,7 +11573,7 @@ int main() {
pam_get_data()
; return 0; }
EOF
-if { (eval echo configure:11527: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -11550,7 +11600,7 @@ fi
#################################################
# check for pam_smbpass support
echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
-echo "configure:11554: checking whether to use pam_smbpass" >&5
+echo "configure:11604: checking whether to use pam_smbpass" >&5
# Check whether --with-pam_smbpass or --without-pam_smbpass was given.
if test "${with_pam_smbpass+set}" = set; then
withval="$with_pam_smbpass"
@@ -11588,12 +11638,12 @@ if test $with_pam_for_crypt = no; then
for ac_func in crypt
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:11592: checking for $ac_func" >&5
+echo "configure:11642: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 11597 "configure"
+#line 11647 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -11616,7 +11666,7 @@ $ac_func();
; return 0; }
EOF
-if { (eval echo configure:11620: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11670: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -11642,7 +11692,7 @@ done
if test x"$ac_cv_func_crypt" = x"no"; then
echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:11646: checking for crypt in -lcrypt" >&5
+echo "configure:11696: checking for crypt in -lcrypt" >&5
ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -11650,7 +11700,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lcrypt $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 11654 "configure"
+#line 11704 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -11661,7 +11711,7 @@ int main() {
crypt()
; return 0; }
EOF
-if { (eval echo configure:11665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -11696,7 +11746,7 @@ fi
##
if test $with_pam_for_crypt = no; then
echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6
-echo "configure:11700: checking for a crypt that needs truncated salt" >&5
+echo "configure:11750: checking for a crypt that needs truncated salt" >&5
if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -11705,11 +11755,11 @@ if test "$cross_compiling" = yes; then
samba_cv_HAVE_TRUNCATED_SALT=cross
else
cat > conftest.$ac_ext <<EOF
-#line 11709 "configure"
+#line 11759 "configure"
#include "confdefs.h"
#include "${srcdir-.}/tests/crypttest.c"
EOF
-if { (eval echo configure:11713: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:11763: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
samba_cv_HAVE_TRUNCATED_SALT=no
else
@@ -11747,7 +11797,7 @@ with_smbpasswd_sam=yes
#################################################
# check for a TDB password database
echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6
-echo "configure:11751: checking whether to use TDB SAM database" >&5
+echo "configure:11801: checking whether to use TDB SAM database" >&5
# Check whether --with-tdbsam or --without-tdbsam was given.
if test "${with_tdbsam+set}" = set; then
withval="$with_tdbsam"
@@ -11773,7 +11823,7 @@ fi
#################################################
# check for a LDAP password database
echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6
-echo "configure:11777: checking whether to use LDAP SAM database" >&5
+echo "configure:11827: checking whether to use LDAP SAM database" >&5
# Check whether --with-ldapsam or --without-ldapsam was given.
if test "${with_ldapsam+set}" = set; then
withval="$with_ldapsam"
@@ -11800,7 +11850,7 @@ fi
#################################################
# check for a NISPLUS password database
echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6
-echo "configure:11804: checking whether to use NISPLUS SAM database" >&5
+echo "configure:11854: checking whether to use NISPLUS SAM database" >&5
# Check whether --with-nisplussam or --without-nisplussam was given.
if test "${with_nisplussam+set}" = set; then
withval="$with_nisplussam"
@@ -11828,7 +11878,7 @@ fi
# smbpasswd SAM is only used if another format
# has not been defined
echo $ac_n "checking whether to use traditional smbpasswd file""... $ac_c" 1>&6
-echo "configure:11832: checking whether to use traditional smbpasswd file" >&5
+echo "configure:11882: checking whether to use traditional smbpasswd file" >&5
if test $with_smbpasswd_sam = yes; then
echo "$ac_t""yes" 1>&6
cat >> confdefs.h <<\EOF
@@ -11848,7 +11898,7 @@ fi
#################################################
# check for a NISPLUS_HOME support
echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6
-echo "configure:11852: checking whether to use NISPLUS_HOME" >&5
+echo "configure:11902: checking whether to use NISPLUS_HOME" >&5
# Check whether --with-nisplus-home or --without-nisplus-home was given.
if test "${with_nisplus_home+set}" = set; then
withval="$with_nisplus_home"
@@ -11873,7 +11923,7 @@ fi
#################################################
# check for the secure socket layer
echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6
-echo "configure:11877: checking whether to use SSL" >&5
+echo "configure:11927: checking whether to use SSL" >&5
# Check whether --with-ssl or --without-ssl was given.
if test "${with_ssl+set}" = set; then
withval="$with_ssl"
@@ -11947,7 +11997,7 @@ fi
#################################################
# check for syslog logging
echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6
-echo "configure:11951: checking whether to use syslog logging" >&5
+echo "configure:12001: checking whether to use syslog logging" >&5
# Check whether --with-syslog or --without-syslog was given.
if test "${with_syslog+set}" = set; then
withval="$with_syslog"
@@ -11972,7 +12022,7 @@ fi
#################################################
# check for a shared memory profiling support
echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6
-echo "configure:11976: checking whether to use profiling" >&5
+echo "configure:12026: checking whether to use profiling" >&5
# Check whether --with-profiling-data or --without-profiling-data was given.
if test "${with_profiling_data+set}" = set; then
withval="$with_profiling_data"
@@ -12000,7 +12050,7 @@ fi
QUOTAOBJS=smbd/noquotas.o
echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6
-echo "configure:12004: checking whether to support disk-quotas" >&5
+echo "configure:12054: checking whether to support disk-quotas" >&5
# Check whether --with-quotas or --without-quotas was given.
if test "${with_quotas+set}" = set; then
withval="$with_quotas"
@@ -12011,13 +12061,13 @@ if test "${with_quotas+set}" = set; then
*linux*)
# Check for kernel 2.4.x quota braindamage...
echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6
-echo "configure:12015: checking for linux 2.4.x quota braindamage.." >&5
+echo "configure:12065: checking for linux 2.4.x quota braindamage.." >&5
if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 12021 "configure"
+#line 12071 "configure"
#include "confdefs.h"
#include <stdio.h>
#include <sys/types.h>
@@ -12029,7 +12079,7 @@ int main() {
struct mem_dqblk D;
; return 0; }
EOF
-if { (eval echo configure:12033: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:12083: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
samba_cv_linux_2_4_quota_braindamage=yes
else
@@ -12078,7 +12128,7 @@ fi
# check for experimental utmp accounting
echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6
-echo "configure:12082: checking whether to support utmp accounting" >&5
+echo "configure:12132: checking whether to support utmp accounting" >&5
# Check whether --with-utmp or --without-utmp was given.
if test "${with_utmp+set}" = set; then
withval="$with_utmp"
@@ -12178,7 +12228,7 @@ fi
#################################################
# choose native language(s) of man pages
echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6
-echo "configure:12182: checking chosen man pages' language(s)" >&5
+echo "configure:12232: checking chosen man pages' language(s)" >&5
# Check whether --with-manpages-langs or --without-manpages-langs was given.
if test "${with_manpages_langs+set}" = set; then
withval="$with_manpages_langs"
@@ -12206,14 +12256,14 @@ fi
#################################################
# these tests are taken from the GNU fileutils package
echo "checking how to get filesystem space usage" 1>&6
-echo "configure:12210: checking how to get filesystem space usage" >&5
+echo "configure:12260: checking how to get filesystem space usage" >&5
space=no
# Test for statvfs64.
if test $space = no; then
# SVR4
echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6
-echo "configure:12217: checking statvfs64 function (SVR4)" >&5
+echo "configure:12267: checking statvfs64 function (SVR4)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12221,7 +12271,7 @@ else
fu_cv_sys_stat_statvfs64=cross
else
cat > conftest.$ac_ext <<EOF
-#line 12225 "configure"
+#line 12275 "configure"
#include "confdefs.h"
#if defined(HAVE_UNISTD_H)
@@ -12235,7 +12285,7 @@ else
exit (statvfs64 (".", &fsd));
}
EOF
-if { (eval echo configure:12239: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12289: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_statvfs64=yes
else
@@ -12268,12 +12318,12 @@ fi
if test $space = no; then
# SVR4
echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6
-echo "configure:12272: checking statvfs function (SVR4)" >&5
+echo "configure:12322: checking statvfs function (SVR4)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 12277 "configure"
+#line 12327 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/statvfs.h>
@@ -12281,7 +12331,7 @@ int main() {
struct statvfs fsd; statvfs (0, &fsd);
; return 0; }
EOF
-if { (eval echo configure:12285: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12335: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
fu_cv_sys_stat_statvfs=yes
else
@@ -12306,7 +12356,7 @@ fi
if test $space = no; then
# DEC Alpha running OSF/1
echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6
-echo "configure:12310: checking for 3-argument statfs function (DEC OSF/1)" >&5
+echo "configure:12360: checking for 3-argument statfs function (DEC OSF/1)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12314,7 +12364,7 @@ else
fu_cv_sys_stat_statfs3_osf1=no
else
cat > conftest.$ac_ext <<EOF
-#line 12318 "configure"
+#line 12368 "configure"
#include "confdefs.h"
#include <sys/param.h>
@@ -12327,7 +12377,7 @@ else
exit (statfs (".", &fsd, sizeof (struct statfs)));
}
EOF
-if { (eval echo configure:12331: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12381: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_statfs3_osf1=yes
else
@@ -12354,7 +12404,7 @@ fi
if test $space = no; then
# AIX
echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6
-echo "configure:12358: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5
+echo "configure:12408: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12362,7 +12412,7 @@ else
fu_cv_sys_stat_statfs2_bsize=no
else
cat > conftest.$ac_ext <<EOF
-#line 12366 "configure"
+#line 12416 "configure"
#include "confdefs.h"
#ifdef HAVE_SYS_PARAM_H
@@ -12381,7 +12431,7 @@ else
exit (statfs (".", &fsd));
}
EOF
-if { (eval echo configure:12385: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_statfs2_bsize=yes
else
@@ -12408,7 +12458,7 @@ fi
if test $space = no; then
# SVR3
echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6
-echo "configure:12412: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5
+echo "configure:12462: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12416,7 +12466,7 @@ else
fu_cv_sys_stat_statfs4=no
else
cat > conftest.$ac_ext <<EOF
-#line 12420 "configure"
+#line 12470 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/statfs.h>
@@ -12426,7 +12476,7 @@ else
exit (statfs (".", &fsd, sizeof fsd, 0));
}
EOF
-if { (eval echo configure:12430: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_statfs4=yes
else
@@ -12453,7 +12503,7 @@ fi
if test $space = no; then
# 4.4BSD and NetBSD
echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6
-echo "configure:12457: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5
+echo "configure:12507: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12461,7 +12511,7 @@ else
fu_cv_sys_stat_statfs2_fsize=no
else
cat > conftest.$ac_ext <<EOF
-#line 12465 "configure"
+#line 12515 "configure"
#include "confdefs.h"
#include <sys/types.h>
#ifdef HAVE_SYS_PARAM_H
@@ -12477,7 +12527,7 @@ else
exit (statfs (".", &fsd));
}
EOF
-if { (eval echo configure:12481: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_statfs2_fsize=yes
else
@@ -12504,7 +12554,7 @@ fi
if test $space = no; then
# Ultrix
echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6
-echo "configure:12508: checking for two-argument statfs with struct fs_data (Ultrix)" >&5
+echo "configure:12558: checking for two-argument statfs with struct fs_data (Ultrix)" >&5
if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -12512,7 +12562,7 @@ else
fu_cv_sys_stat_fs_data=no
else
cat > conftest.$ac_ext <<EOF
-#line 12516 "configure"
+#line 12566 "configure"
#include "confdefs.h"
#include <sys/types.h>
#ifdef HAVE_SYS_PARAM_H
@@ -12532,7 +12582,7 @@ else
exit (statfs (".", &fsd) != 1);
}
EOF
-if { (eval echo configure:12536: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12586: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
fu_cv_sys_stat_fs_data=yes
else
@@ -12565,9 +12615,9 @@ fi
# file support.
#
echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6
-echo "configure:12569: checking if large file support can be enabled" >&5
+echo "configure:12619: checking if large file support can be enabled" >&5
cat > conftest.$ac_ext <<EOF
-#line 12571 "configure"
+#line 12621 "configure"
#include "confdefs.h"
#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
@@ -12580,7 +12630,7 @@ int main() {
int i
; return 0; }
EOF
-if { (eval echo configure:12584: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:12634: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes
else
@@ -12645,7 +12695,7 @@ fi
# check for ACL support
echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6
-echo "configure:12649: checking whether to support ACLs" >&5
+echo "configure:12699: checking whether to support ACLs" >&5
# Check whether --with-acl-support or --without-acl-support was given.
if test "${with_acl_support+set}" = set; then
withval="$with_acl_support"
@@ -12691,7 +12741,7 @@ EOF
;;
*)
echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6
-echo "configure:12695: checking for acl_get_file in -lacl" >&5
+echo "configure:12745: checking for acl_get_file in -lacl" >&5
ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -12699,7 +12749,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lacl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 12703 "configure"
+#line 12753 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -12710,7 +12760,7 @@ int main() {
acl_get_file()
; return 0; }
EOF
-if { (eval echo configure:12714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -12738,13 +12788,13 @@ else
fi
echo $ac_n "checking for ACL support""... $ac_c" 1>&6
-echo "configure:12742: checking for ACL support" >&5
+echo "configure:12792: checking for ACL support" >&5
if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 12748 "configure"
+#line 12798 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/acl.h>
@@ -12752,7 +12802,7 @@ int main() {
acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);
; return 0; }
EOF
-if { (eval echo configure:12756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
samba_cv_HAVE_POSIX_ACLS=yes
else
@@ -12772,13 +12822,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6
EOF
echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6
-echo "configure:12776: checking for acl_get_perm_np" >&5
+echo "configure:12826: checking for acl_get_perm_np" >&5
if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 12782 "configure"
+#line 12832 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <sys/acl.h>
@@ -12786,7 +12836,7 @@ int main() {
acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);
; return 0; }
EOF
-if { (eval echo configure:12790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12840: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
samba_cv_HAVE_ACL_GET_PERM_NP=yes
else
@@ -12833,7 +12883,7 @@ fi
# (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS).
echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6
-echo "configure:12837: checking whether to build winbind" >&5
+echo "configure:12887: checking whether to build winbind" >&5
# Initially, the value of $host_os decides whether winbind is supported
@@ -12923,7 +12973,7 @@ fi
if test x"$INCLUDED_POPT" != x"yes"; then
echo $ac_n "checking for poptGetContext in -lpopt""... $ac_c" 1>&6
-echo "configure:12927: checking for poptGetContext in -lpopt" >&5
+echo "configure:12977: checking for poptGetContext in -lpopt" >&5
ac_lib_var=`echo popt'_'poptGetContext | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -12931,7 +12981,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpopt $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 12935 "configure"
+#line 12985 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -12942,7 +12992,7 @@ int main() {
poptGetContext()
; return 0; }
EOF
-if { (eval echo configure:12946: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12996: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -12966,7 +13016,7 @@ fi
fi
echo $ac_n "checking whether to use included popt""... $ac_c" 1>&6
-echo "configure:12970: checking whether to use included popt" >&5
+echo "configure:13020: checking whether to use included popt" >&5
if test x"$INCLUDED_POPT" = x"yes"; then
echo "$ac_t""$srcdir/popt" 1>&6
BUILD_POPT='$(POPT_OBJS)'
@@ -12985,11 +13035,11 @@ if test "$cross_compiling" = yes; then
:
else
cat > conftest.$ac_ext <<EOF
-#line 12989 "configure"
+#line 13039 "configure"
#include "confdefs.h"
#include "${srcdir-.}/tests/summary.c"
EOF
-if { (eval echo configure:12993: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:13043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
echo "configure OK";
else
diff --git a/source3/configure.in b/source3/configure.in
index 506a34d941..534be53dc9 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -249,7 +249,7 @@ AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/i
AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h)
AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
-AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h)
+AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h sasl.h)
#
# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
@@ -543,7 +543,7 @@ else
fi
AC_CHECK_FUNCS(waitpid getcwd strdup strtoul strerror chown fchown chmod fchmod chroot)
-AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset)
+AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat)
AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid)
AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent)
AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf)
@@ -1626,6 +1626,11 @@ AC_ARG_WITH(krb5,
AC_MSG_RESULT(no)
)
+##################################################################
+# we might need the k5crypto and com_err libraries on some systems
+AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"])
+AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"])
+
########################################################
# now see if we can find the krb5 libs in standard paths
@@ -1634,10 +1639,13 @@ AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5";
AC_DEFINE(HAVE_KRB5)])
fi
-##################################################################
-# we might need the k5crypto and com_err libraries on some systems
-AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"])
-AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"])
+########################################################
+# now see if we can find the ldap libs in standard paths
+if test x$have_ldap != xyes; then
+AC_CHECK_LIB(ldap, ldap_open, [LIBS="$LIBS -lldap -llber";
+ AC_DEFINE(HAVE_LDAP)])
+fi
+
#################################################
# check for automount support
diff --git a/source3/include/config.h.in b/source3/include/config.h.in
index c54190e29a..6280c793eb 100644
--- a/source3/include/config.h.in
+++ b/source3/include/config.h.in
@@ -248,6 +248,7 @@
#undef I18N_DEFAULT_PREF_LANG
#undef HAVE_KRB5
#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
+#undef HAVE_LDAP
/* The number of bytes in a int. */
#undef SIZEOF_INT
@@ -741,6 +742,12 @@
/* Define if you have the strftime function. */
#undef HAVE_STRFTIME
+/* Define if you have the strlcat function. */
+#undef HAVE_STRLCAT
+
+/* Define if you have the strlcpy function. */
+#undef HAVE_STRLCPY
+
/* Define if you have the strpbrk function. */
#undef HAVE_STRPBRK
@@ -816,6 +823,9 @@
/* Define if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H
+/* Define if you have the <ldap.h> header file. */
+#undef HAVE_LDAP_H
+
/* Define if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
@@ -870,6 +880,9 @@
/* Define if you have the <rpcsvc/ypclnt.h> header file. */
#undef HAVE_RPCSVC_YPCLNT_H
+/* Define if you have the <sasl.h> header file. */
+#undef HAVE_SASL_H
+
/* Define if you have the <security/_pam_macros.h> header file. */
#undef HAVE_SECURITY__PAM_MACROS_H
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 17c95eb6f7..8b61bc573c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -381,6 +381,19 @@
#include <krb5.h>
#endif
+#if HAVE_LDAP
+#include <ldap.h>
+#endif
+
+#if HAVE_SASL_H
+#include <sasl.h>
+#endif
+
+/* we support ADS if we have krb5 and ldap libs */
+#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_SASL_H)
+#define HAVE_ADS
+#endif
+
/*
* Define VOLATILE if needed.
*/
@@ -650,6 +663,7 @@ extern int errno;
#include "../tdb/tdb.h"
#include "../tdb/spinlock.h"
#include "talloc.h"
+#include "ads.h"
#include "interfaces.h"
#include "hash.h"
#include "trans2.h"
@@ -871,6 +885,14 @@ int rename(const char *zfrom, const char *zto);
time_t mktime(struct tm *t);
#endif
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *d, const char *s, size_t bufsize);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *d, const char *s, size_t bufsize);
+#endif
+
#ifndef HAVE_FTRUNCATE
int ftruncate(int f,long l);
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
new file mode 100644
index 0000000000..2853dbbaa3
--- /dev/null
+++ b/source3/libads/ldap.c
@@ -0,0 +1,324 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a
+ realm of the form AA.BB.CC
+ caller must free
+*/
+static char *ads_build_dn(const char *realm)
+{
+ char *p, *r;
+ int numdots = 0;
+ char *ret;
+ int len;
+
+ r = strdup(realm);
+
+ if (!r || !*r) return r;
+
+ for (p=r; *p; p++) {
+ if (*p == '.') numdots++;
+ }
+
+ len = (numdots+1)*4 + strlen(r) + 1;
+
+ret = malloc(len);
+ strlcpy(ret,"dc=", len);
+ p=strtok(r,".");
+ strlcat(ret, p, len);
+
+ while ((p=strtok(NULL,"."))) {
+ strlcat(ret,",dc=", len);
+ strlcat(ret, p, len);
+ }
+
+ free(r);
+
+ return ret;
+}
+
+/*
+ return a string for an error from a ads routine
+*/
+char *ads_errstr(int rc)
+{
+ return ldap_err2string(rc);
+}
+
+/*
+ initialise a ADS_STRUCT, ready for some ads_ ops
+*/
+ADS_STRUCT *ads_init(const char *realm,
+ const char *ldap_server,
+ const char *bind_path)
+{
+ ADS_STRUCT *ads;
+
+ ads = (ADS_STRUCT *)xmalloc(sizeof(*ads));
+ memset(ads, 0, sizeof(*ads));
+
+ ads->realm = realm? strdup(realm) : NULL;
+ ads->ldap_server = ldap_server? strdup(ldap_server) : NULL;
+ ads->bind_path = bind_path? strdup(bind_path) : NULL;
+ ads->ldap_port = LDAP_PORT;
+
+ if (!ads->bind_path) {
+ ads->bind_path = ads_build_dn(ads->realm);
+ }
+
+ return ads;
+}
+
+
+/*
+ this is a minimal interact function, just enough for SASL to talk
+ GSSAPI/kerberos to W2K
+*/
+static int sasl_interact(LDAP *ld,unsigned flags,void *defaults,void *in)
+{
+ sasl_interact_t *interact = in;
+
+ while (interact->id != SASL_CB_LIST_END) {
+ interact->result = strdup("");
+ interact->len = 0;
+ interact++;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*
+ connect to the LDAP server
+*/
+int ads_connect(ADS_STRUCT *ads)
+{
+ int version = LDAP_VERSION3;
+ int rc;
+
+ ads->ld = ldap_open(ads->ldap_server, ads->ldap_port);
+ if (!ads->ld) {
+ return errno;
+ }
+ ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL, 0,
+ sasl_interact, NULL);
+
+ return rc;
+}
+
+
+/*
+ find a machine account given a hostname
+*/
+int ads_find_machine_acct(ADS_STRUCT *ads, void **res, const char *host)
+{
+ int ret;
+ char *exp;
+
+ /* the easiest way to find a machine account anywhere in the tree
+ is to look for hostname$ */
+ asprintf(&exp, "(samAccountName=%s$)", host);
+ *res = NULL;
+ ret = ldap_search_s(ads->ld, ads->bind_path,
+ LDAP_SCOPE_SUBTREE, exp, NULL, 0, (LDAPMessage **)res);
+ free(exp);
+ return ret;
+}
+
+
+/*
+ a convenient routine for adding a generic LDAP record
+*/
+int ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ...)
+{
+ int i;
+ va_list ap;
+ LDAPMod **mods;
+ char *name, *value;
+ int ret;
+#define MAX_MOD_VALUES 10
+
+ /* count the number of attributes */
+ va_start(ap, new_dn);
+ for (i=0; va_arg(ap, char *); i++) {
+ /* skip the values */
+ while (va_arg(ap, char *)) ;
+ }
+ va_end(ap);
+
+ mods = malloc(sizeof(LDAPMod *) * (i+1));
+
+ va_start(ap, new_dn);
+ for (i=0; (name=va_arg(ap, char *)); i++) {
+ char **values;
+ int j;
+ values = (char **)malloc(sizeof(char *) * (MAX_MOD_VALUES+1));
+ for (j=0; (value=va_arg(ap, char *)) && j < MAX_MOD_VALUES; j++) {
+ values[j] = value;
+ }
+ values[j] = NULL;
+ mods[i] = malloc(sizeof(LDAPMod));
+ mods[i]->mod_type = name;
+ mods[i]->mod_op = LDAP_MOD_ADD;
+ mods[i]->mod_values = values;
+ }
+ mods[i] = NULL;
+ va_end(ap);
+
+ ret = ldap_add_s(ads->ld, new_dn, mods);
+
+ for (i=0; mods[i]; i++) {
+ free(mods[i]->mod_values);
+ free(mods[i]);
+ }
+ free(mods);
+
+ return ret;
+}
+
+/*
+ add a machine account to the ADS server
+*/
+static int ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname)
+{
+ int ret;
+ char *host_spn, *host_upn, *new_dn, *samAccountName, *controlstr;
+
+ asprintf(&host_spn, "HOST/%s", hostname);
+ asprintf(&host_upn, "%s@%s", host_spn, ads->realm);
+ asprintf(&new_dn, "cn=%s,cn=Computers,%s", hostname, ads->bind_path);
+ asprintf(&samAccountName, "%s$", hostname);
+ asprintf(&controlstr, "%u",
+ UF_DONT_EXPIRE_PASSWD | UF_WORKSTATION_TRUST_ACCOUNT |
+ UF_TRUSTED_FOR_DELEGATION | UF_USE_DES_KEY_ONLY);
+
+ ret = ads_gen_add(ads, new_dn,
+ "cn", hostname, NULL,
+ "sAMAccountName", samAccountName, NULL,
+ "objectClass",
+ "top", "person", "organizationalPerson",
+ "user", "computer", NULL,
+ "userPrincipalName", host_upn, NULL,
+ "servicePrincipalName", host_spn, NULL,
+ "dNSHostName", hostname, NULL,
+ "userAccountControl", controlstr, NULL,
+ "operatingSystem", "Samba", NULL,
+ "operatingSystemVersion", VERSION, NULL,
+ NULL);
+
+ free(host_spn);
+ free(host_upn);
+ free(new_dn);
+ free(samAccountName);
+ free(controlstr);
+
+ return ret;
+}
+
+/*
+ dump a record from LDAP on stdout
+ used for debugging
+*/
+void ads_dump(ADS_STRUCT *ads, void *res)
+{
+ char *field;
+ LDAPMessage *msg;
+ BerElement *b;
+ char *this_dn;
+
+ for (msg = ldap_first_entry(ads->ld, (LDAPMessage *)res);
+ msg; msg = ldap_next_entry(ads->ld, msg)) {
+ this_dn = ldap_get_dn(ads->ld, (LDAPMessage *)res);
+ if (this_dn) {
+ printf("Dumping: %s\n", this_dn);
+ }
+ ldap_memfree(this_dn);
+
+ for (field = ldap_first_attribute(ads->ld, msg, &b);
+ field;
+ field = ldap_next_attribute(ads->ld, msg, b)) {
+ char **values, **p;
+ values = ldap_get_values(ads->ld, msg, field);
+ for (p = values; *p; p++) {
+ printf("%s: %s\n", field, *p);
+ }
+ ldap_value_free(values);
+ ldap_memfree(field);
+ }
+
+ ber_free(b, 1);
+ printf("\n");
+ }
+}
+
+/*
+ count how many replies are in a LDAPMessage
+*/
+int ads_count_replies(ADS_STRUCT *ads, void *res)
+{
+ return ldap_count_entries(ads->ld, (LDAPMessage *)res);
+}
+
+/*
+ join a machine to a realm, creating the machine account
+ and setting the machine password
+*/
+int ads_join_realm(ADS_STRUCT *ads, const char *hostname)
+{
+ int rc;
+ LDAPMessage *res;
+ char *principal;
+
+ rc = ads_find_machine_acct(ads, (void **)&res, hostname);
+ if (rc == LDAP_SUCCESS && ads_count_replies(ads, res) == 1) {
+ DEBUG(0, ("Host account for %s already exists\n", hostname));
+ goto set_password;
+ }
+
+ rc = ads_add_machine_acct(ads, hostname);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0, ("ads_add_machine_acct: %s\n", ads_errstr(rc)));
+ return rc;
+ }
+
+ rc = ads_find_machine_acct(ads, (void **)&res, hostname);
+ if (rc != LDAP_SUCCESS || ads_count_replies(ads, res) != 1) {
+ DEBUG(0, ("Host account test failed\n"));
+ /* hmmm, we need NTSTATUS */
+ return -1;
+ }
+
+set_password:
+ asprintf(&principal, "HOST/%s@%s", hostname, ads->realm);
+#if 0
+ krb5_set_principal_password(principal, ads->ldap_server, hostname, ads->realm);
+#endif
+ free(principal);
+
+ return LDAP_SUCCESS;
+}
+
+#endif