sync'ing up for 3.0alpha20 release

(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
author: Gerald Carter <jerry@samba.org> 2002-09-25 15:19:00 +0000
committer: Gerald Carter <jerry@samba.org> 2002-09-25 15:19:00 +0000
commit: a834a73e341059be154426390304a42e4a011f72 (patch)
tree: 7f53b0f7819238e0ee0396daccf5d924cb9b8d29 /source3/libads/ldap.c
parent: 115a39775cb923d026dde58633b6ba6aef3a1943 (diff)
download: samba-a834a73e341059be154426390304a42e4a011f72.tar.gz
samba-a834a73e341059be154426390304a42e4a011f72.tar.bz2
samba-a834a73e341059be154426390304a42e4a011f72.zip
1 files changed, 72 insertions, 22 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 2672489482..7a0afb1a81 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -63,6 +63,7 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port)
 	ads->ldap_port = port;
 	ads->ldap_ip = *interpret_addr2(srv);
 	free(srv);
+
 	return True;
 }
 
@@ -204,7 +205,6 @@ static BOOL ads_try_netbios(ADS_STRUCT *ads)
 ADS_STATUS ads_connect(ADS_STRUCT *ads)
 {
 	int version = LDAP_VERSION3;
-	int code;
 	ADS_STATUS status;
 
 	ads->last_attempt = time(NULL);
@@ -226,7 +226,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 	/* try via DNS */
 	if (ads_try_dns(ads)) {
 		goto got_connection;
-		}
+	}
 
 	/* try via netbios lookups */
 	if (!lp_disable_netbios() && ads_try_netbios(ads)) {
@@ -274,12 +274,7 @@ got_connection:
 	}
 #endif
 
-	if (ads->auth.password) {
-		if ((code = ads_kinit_password(ads)))
-			return ADS_ERROR_KRB5(code);
-	}
-
-	if (ads->auth.no_bind) {
+	if (ads->auth.flags & ADS_AUTH_NO_BIND) {
 		return ADS_SUCCESS;
 	}
 
@@ -613,14 +608,17 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
 	char *utf8_exp, *utf8_path, **search_attrs = NULL;
 	TALLOC_CTX *ctx;
 
-	if (!(ctx = talloc_init()))
+	if (!(ctx = talloc_init())) {
+		DEBUG(1,("ads_do_search: talloc_init() failed!"));
 		return ADS_ERROR(LDAP_NO_MEMORY);
+	}
 
 	/* 0 means the conversion worked but the result was empty 
 	   so we only fail if it's negative.  In any case, it always 
 	   at least nulls out the dest */
 	if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) ||
 	    (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) {
+		DEBUG(1,("ads_do_search: push_utf8_talloc() failed!"));
 		rc = LDAP_NO_MEMORY;
 		goto done;
 	}
@@ -632,6 +630,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
 		/* if (!(search_attrs = ads_push_strvals(ctx, attrs)))  */
 		if (!(str_list_copy(&search_attrs, attrs)))
 		{
+			DEBUG(1,("ads_do_search: str_list_copy() failed!"));
 			rc = LDAP_NO_MEMORY;
 			goto done;
 		}
@@ -826,7 +825,11 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
 		       const char *name, const char *val)
 {
-	const char *values[2] = {val, NULL};
+	const char *values[2];
+
+	values[0] = val;
+	values[1] = NULL;
+
 	if (!val)
 		return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
 	return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, 
@@ -861,7 +864,10 @@ ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
 			      const char *name, const struct berval *val)
 {
-	const struct berval *values[2] = {val, NULL};
+	const struct berval *values[2];
+
+	values[0] = val;
+	values[1] = NULL;
 	if (!val)
 		return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
 	return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES,
@@ -884,7 +890,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
 	   non-existent attribute (but allowable for the object) to run
 	*/
 	LDAPControl PermitModify = {
-		"1.2.840.113556.1.4.1413",
+		ADS_PERMIT_MODIFY_OID,
 		{0, NULL},
 		(char) 1};
 	LDAPControl *controls[2];
@@ -1410,7 +1416,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
 	 */
 	asprintf(&principal, "%s$@%s", host, ads->auth.realm);
 	
-	status = krb5_set_password(ads->auth.kdc_server, principal, password);
+	status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
 	
 	free(host);
 	free(principal);
@@ -1616,6 +1622,26 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
 	return ADS_SUCCESS;
 }
 
+/* parse a ADS timestring - typical string is
+   '20020917091222.0Z0' which means 09:12.22 17th September
+   2002, timezone 0 */
+static time_t ads_parse_time(const char *str)
+{
+	struct tm tm;
+
+	ZERO_STRUCT(tm);
+
+	if (sscanf(str, "%4d%2d%2d%2d%2d%2d", 
+		   &tm.tm_year, &tm.tm_mon, &tm.tm_mday, 
+		   &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
+		return 0;
+	}
+	tm.tm_year -= 1900;
+	tm.tm_mon -= 1;
+
+	return timegm(&tm);
+}
+
 
 /**
  * Find the servers name and realm - this can be done before authentication 
@@ -1626,22 +1652,37 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
  **/
 ADS_STATUS ads_server_info(ADS_STRUCT *ads)
 {
-	const char *attrs[] = {"ldapServiceName", NULL};
+	const char *attrs[] = {"ldapServiceName", "currentTime", NULL};
 	ADS_STATUS status;
 	void *res;
-	char **values;
+	char *value;
 	char *p;
+	char *timestr;
+	TALLOC_CTX *ctx;
+
+	if (!(ctx = talloc_init())) {
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	}
 
 	status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
 	if (!ADS_ERR_OK(status)) return status;
 
-	values = ldap_get_values(ads->ld, res, "ldapServiceName");
-	if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+	value = ads_pull_string(ads, ctx, res, "ldapServiceName");
+	if (!value) {
+		return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+	}
+
+	timestr = ads_pull_string(ads, ctx, res, "currentTime");
+	if (!timestr) {
+		return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+	}
+
+	ldap_msgfree(res);
 
-	p = strchr(values[0], ':');
+	p = strchr(value, ':');
 	if (!p) {
-		ldap_value_free(values);
-		ldap_msgfree(res);
+		talloc_destroy(ctx);
+		DEBUG(1, ("ads_server_info: returned ldap server name did not contain a ':' so was deemed invalid\n"));
 		return ADS_ERROR(LDAP_DECODING_ERROR);
 	}
 
@@ -1650,9 +1691,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
 	ads->config.ldap_server_name = strdup(p+1);
 	p = strchr(ads->config.ldap_server_name, '$');
 	if (!p || p[1] != '@') {
-		ldap_value_free(values);
-		ldap_msgfree(res);
+		talloc_destroy(ctx);
 		SAFE_FREE(ads->config.ldap_server_name);
+		DEBUG(1, ("ads_server_info: returned ldap server name did not contain '$@' so was deemed invalid\n"));
 		return ADS_ERROR(LDAP_DECODING_ERROR);
 	}
 
@@ -1667,6 +1708,15 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
 	DEBUG(3,("got ldap server name %s@%s\n", 
 		 ads->config.ldap_server_name, ads->config.realm));
 
+	ads->config.current_time = ads_parse_time(timestr);
+
+	if (ads->config.current_time != 0) {
+		ads->auth.time_offset = ads->config.current_time - time(NULL);
+		DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
+	}
+
+	talloc_destroy(ctx);
+
 	return ADS_SUCCESS;
 }
author	Gerald Carter <jerry@samba.org>	2002-09-25 15:19:00 +0000
committer	Gerald Carter <jerry@samba.org>	2002-09-25 15:19:00 +0000
commit	a834a73e341059be154426390304a42e4a011f72 (patch)
tree	7f53b0f7819238e0ee0396daccf5d924cb9b8d29 /source3/libads/ldap.c
parent	115a39775cb923d026dde58633b6ba6aef3a1943 (diff)
download	samba-a834a73e341059be154426390304a42e4a011f72.tar.gz samba-a834a73e341059be154426390304a42e4a011f72.tar.bz2 samba-a834a73e341059be154426390304a42e4a011f72.zip