ldap back-end database development

Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
author: Luke Leighton <lkcl@samba.org> 1998-05-11 15:56:01 +0000
committer: Luke Leighton <lkcl@samba.org> 1998-05-11 15:56:01 +0000
commit: f004d84f683673b7cb167320e3e78a3fcefdfd07 (patch)
tree: 2cddfdf965e6d24a101ada63ca6496af3813773e /source3/passdb/ldap.c
parent: b3cd94780d9eba7119cc3a1657822e42d6097af1 (diff)
download: samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.tar.gz
samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.tar.bz2
samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.zip
1 files changed, 159 insertions, 175 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index e14742a3aa..8547cf45cf 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -23,8 +23,6 @@
 #ifdef USE_LDAP
 
 #include "includes.h"
-#include "lber.h"
-#include "ldap.h"
 
 extern int DEBUGLEVEL;
 
@@ -190,13 +188,13 @@ BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
 /*******************************************************************
  check if the returned entry is a sambaMachine objectclass.
 ******************************************************************/	
-BOOL ldap_check_machine(LDAP *ldap_struct, LDAPMessage *entry)
+BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
 {
 	BOOL sambaMachine=False;
 	char **valeur;
 	int i;
 	
-	DEBUG(2,("ldap_check_machine: "));
+	DEBUG(2,("ldap_check_trust: "));
 	valeur=ldap_get_values(ldap_struct, entry, "objectclass");
 	if (valeur!=NULL)
 	{
@@ -213,188 +211,195 @@ BOOL ldap_check_machine(LDAP *ldap_struct, LDAPMessage *entry)
 /*******************************************************************
  retrieve the user's info and contruct a smb_passwd structure.
 ******************************************************************/
-static void ldap_get_user(LDAP *ldap_struct,LDAPMessage *entry, 
-                          struct smb_passwd *ldap_passwd)
+static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, 
+                          struct sam_passwd *user)
 {	
 	static pstring user_name;
-	static unsigned char ldappwd[16];
-	static unsigned char smbntpwd[16];
-	char **valeur;
+	static pstring fullname;
+	static pstring home_dir;
+	static pstring dir_drive;
+	static pstring logon_script;
+	static pstring profile_path;
+	static pstring acct_desc;
+	static pstring workstations;
+	static pstring temp;
+	
+	bzero(user, sizeof(*user));
+
+	user->logon_time            = (time_t)-1;
+	user->logoff_time           = (time_t)-1;
+	user->kickoff_time          = (time_t)-1;
+	user->pass_last_set_time    = (time_t)-1;
+	user->pass_can_change_time  = (time_t)-1;
+	user->pass_must_change_time = (time_t)-1;
+
+	get_single_attribute(ldap_struct, entry, "logonTime", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+
+	get_single_attribute(ldap_struct, entry, "logoffTime", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+
+	get_single_attribute(ldap_struct, entry, "kickoffTime", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+
+	get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+
+	get_single_attribute(ldap_struct, entry, "pwdCanChange", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
+
+	get_single_attribute(ldap_struct, entry, "pwdMustChange", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
 
 	get_single_attribute(ldap_struct, entry, "cn", user_name);
+	user->smb_name = user_name;
+
+	DEBUG(2,("ldap_get_sam_passwd: user: %s\n", user_name));
 		
-	DEBUG(2,("ldap_get_user: user: %s\n",user_name));
-		
-	if ( (valeur=ldap_get_values(ldap_struct, entry, "uidAccount")) != NULL)
-	{
-		ldap_passwd->smb_userid=atoi(valeur[0]);
-		ldap_value_free(valeur);
-	}
+	get_single_attribute(ldap_struct, entry, "userFullName", fullname);
+	user->full_name = fullname;
+
+	get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir);
+	user->home_dir = home_dir;
+
+	get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive);
+	user->dir_drive = dir_drive;
+
+	get_single_attribute(ldap_struct, entry, "scriptPath", logon_script);
+	user->logon_script = logon_script;
+
+	get_single_attribute(ldap_struct, entry, "profilePath", profile_path);
+	user->profile_path = profile_path;
+
+	get_single_attribute(ldap_struct, entry, "comment", acct_desc);
+	user->acct_desc = acct_desc;
+
+	get_single_attribute(ldap_struct, entry, "userWorkstations", workstations);
+	user->workstations = workstations;
+
+	
+	user->unknown_str = NULL; /* don't know, yet! */
+	user->munged_dial = NULL; /* "munged" dial-back telephone number */
+
+	get_single_attribute(ldap_struct, entry, "userPassword", temp);
+	nt_lm_owf_gen(temp, user->smb_nt_passwd, user->smb_passwd);
+	bzero(temp, sizeof(temp)); /* destroy local copy of the password */
 			
-	if ( (valeur=ldap_get_values(ldap_struct, entry, "userPassword")) != NULL) 
+	get_single_attribute(ldap_struct, entry, "rid", temp);
+	user->user_rid=atoi(temp);
+
+	get_single_attribute(ldap_struct, entry, "primaryGroupID", temp);
+	user->group_rid=atoi(temp);
+
+	/* the smb (unix) ids are not stored: they are created */
+	user->smb_userid = user_rid_to_uid (user->user_rid);
+	user->smb_grpid  = group_rid_to_uid(user->group_rid);
+
+	get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
+	user->acct_ctrl=atoi(temp);
+
+	user->unknown_3 = 0xffffff; /* don't know */
+	user->logon_divs = 168; /* hours per week */
+	user->hours_len = 21; /* 21 times 8 bits = 168 */
+	memset(user->hours, 0xff, user->hours_len); /* available at all hours */
+	user->unknown_5 = 0x00020000; /* don't know */
+	user->unknown_5 = 0x000004ec; /* don't know */
+
+	if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
 	{
-		memset(smbntpwd, '\0', 16);
-		E_md4hash((uchar *) valeur[0], smbntpwd);
-  		valeur[0][14] = '\0';
-  		strupper(valeur[0]);
- 		memset(ldappwd, '\0', 16);
-  		E_P16((uchar *) valeur[0], ldappwd);		
-		ldap_value_free(valeur);		
+		DEBUG(0,("Inconsistency in the LDAP database\n"));
 	}
-			
-	if ( (valeur=ldap_get_values(ldap_struct,entry, "userAccountControl") ) != NULL)
+
+	if (!(user->acct_ctrl & ACB_NORMAL))
 	{
-		ldap_passwd->acct_ctrl=atoi(valeur[0]);
-		if (ldap_passwd->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
-		{
-		 	DEBUG(0,("Inconsistency in the LDAP database\n"));
-				 
-		}
-		if (ldap_passwd->acct_ctrl & ACB_NORMAL)
-		{
-			ldap_passwd->smb_name=user_name;
-			ldap_passwd->smb_passwd=ldappwd;
-			ldap_passwd->smb_nt_passwd=smbntpwd;
-		}
-		ldap_value_free(valeur); 
-	}
-	
-	if ( (valeur=ldap_get_values(ldap_struct,entry, "pwdLastSet")) != NULL)
-	{	
-		ldap_passwd->pass_last_set_time=(time_t)strtol(valeur[0], NULL, 16);
-		ldap_value_free(valeur);
+		DEBUG(0,("User's acct_ctrl bits not set to ACT_NORMAL in LDAP database\n"));
+		return;
 	}
+
 }
 
 /*******************************************************************
- retrieve the machine's info and contruct a smb_passwd structure.
+ retrieve the user's info and contruct a smb_passwd structure.
 ******************************************************************/
-static void ldap_get_machine(LDAP *ldap_struct,LDAPMessage *entry, 
-                             struct smb_passwd *ldap_passwd)
+static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, 
+                          struct smb_passwd *user)
 {	
-	static pstring  user_name;
+	static pstring user_name;
+	static pstring user_pass;
+	static pstring temp;
+	static unsigned char smblmpwd[16];
 	static unsigned char smbntpwd[16];
-	char **valeur;
-	
-	/* by default it's a station */
-	ldap_passwd->acct_ctrl = ACB_WSTRUST;
+
+	user->smb_name = NULL;
+	user->smb_passwd = NULL;
+	user->smb_nt_passwd = NULL;
+	user->smb_userid = 0;
+	user->pass_last_set_time    = (time_t)-1;
 
 	get_single_attribute(ldap_struct, entry, "cn", user_name);
-	DEBUG(2,("ldap_get_machine: machine: %s\n", user_name));
+	DEBUG(2,("ldap_get_smb_passwd: user: %s\n",user_name));
 		
-	if ( (valeur=ldap_get_values(ldap_struct, entry, "uidAccount")) != NULL)
-	{
-		ldap_passwd->smb_userid=atoi(valeur[0]);
-		ldap_value_free(valeur);
-	}
-			
-	if ( (valeur=ldap_get_values(ldap_struct, entry, "machinePassword")) != NULL) 
-	{
-		gethexpwd(valeur[0],smbntpwd);		
-		ldap_value_free(valeur);		
-	}
+	get_single_attribute(ldap_struct, entry, "userPassword", user_pass);
+	nt_lm_owf_gen(user_pass, smbntpwd, smblmpwd);
+	bzero(user_pass, sizeof(user_pass)); /* destroy local copy of the password */
 			
-	if ( (valeur=ldap_get_values(ldap_struct,entry, "machineRole") ) != NULL)
-	{
-		if ( !strcmp(valeur[0],"workstation") )
-			ldap_passwd->acct_ctrl=ACB_WSTRUST;
-		else
-		if  ( !strcmp(valeur[0],"server") )
-			ldap_passwd->acct_ctrl=ACB_SVRTRUST;		
-		ldap_value_free(valeur); 
-	}
+	get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
+	user->acct_ctrl=decode_acct_ctrl(temp);
 
-	ldap_passwd->smb_name=user_name;
-	ldap_passwd->smb_passwd=smbntpwd;
-	ldap_passwd->smb_nt_passwd=smbntpwd;
-}
+	get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
+	user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
 
-/*******************************************************************
- find a user or a machine return a smbpass struct.
-******************************************************************/
-static struct smb_passwd *get_ldappwd_entry(char *name, int smb_userid)
-{
-	LDAP *ldap_struct;
-	LDAPMessage *result;
-	LDAPMessage *entry;
-	BOOL machine=False;
-
-	static struct smb_passwd ldap_passwd;
-
-	bzero(&ldap_passwd, sizeof(ldap_passwd));
-
-	ldap_passwd.smb_name      = NULL;
-	ldap_passwd.smb_passwd    = NULL;
-	ldap_passwd.smb_nt_passwd = NULL;
-	
-	ldap_passwd.smb_userid         = -1;
-	ldap_passwd.acct_ctrl          = ACB_DISABLED;
-	ldap_passwd.pass_last_set_time = (time_t)-1;
+	get_single_attribute(ldap_struct, entry, "rid", temp);
 
-	ldap_struct=NULL;
+	/* the smb (unix) ids are not stored: they are created */
+	user->smb_userid = user_rid_to_uid (atoi(temp));
 
-	if (name != NULL)
+	if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
 	{
-		DEBUG(10, ("get_ldappwd_entry: search by name: %s\n", name));
+		DEBUG(0,("Inconsistency in the LDAP database\n"));
+			 
 	}
-	else 
+	if (user->acct_ctrl & ACB_NORMAL)
 	{
-		DEBUG(10, ("get_ldappwd_entry: search by smb_userid: %x\n", smb_userid));
+		user->smb_name      = user_name;
+		user->smb_passwd    = smblmpwd;
+		user->smb_nt_passwd = smbntpwd;
 	}
+}
 
-	if (!ldap_open_connection(&ldap_struct))
-		return (NULL);
-	if (!ldap_connect_system(ldap_struct))
-		return (NULL);
-		
-	if (name != NULL)
-	{
-		if (!ldap_search_one_user_by_name(ldap_struct, name, &result))
-			return (NULL);
-	} 
-	else
-	{
-		if (!ldap_search_one_user_by_uid(ldap_struct, smb_userid, &result))
-			return (NULL);
-	}
+/*******************************************************************
+ retrieve the trust's info and contruct a smb_passwd structure.
+******************************************************************/
+static void ldap_get_trust(LDAP *ldap_struct,LDAPMessage *entry, 
+                             struct smb_passwd *trust)
+{	
+	static pstring  user_name;
+	static unsigned char smbntpwd[16];
+	static pstring temp;
 	
-	if (ldap_count_entries(ldap_struct, result) == 0)
-	{
-		DEBUG(2,("%s: Non existant user!\n", timestring() ));
-		return (NULL);	
-	}
+	get_single_attribute(ldap_struct, entry, "cn", user_name);
+	DEBUG(2,("ldap_get_trust: trust: %s\n", user_name));
 		
-	if (ldap_count_entries(ldap_struct, result) > 1)
-	{
-		DEBUG(2,("%s: Strange %d users in the base!\n",
-		         timestring(), ldap_count_entries(ldap_struct, result) ));
-	}
-	/* take the first and unique entry */
-	entry=ldap_first_entry(ldap_struct, result);
+	get_single_attribute(ldap_struct, entry, "trustPassword", temp);
+	gethexpwd(temp,smbntpwd);		
+			
+	get_single_attribute(ldap_struct, entry, "rid", temp);
 
-	if (name != NULL)
-	{
-		DEBUG(0,("get_ldappwd_entry: Found user: %s\n",name));
+	/* the smb (unix) ids are not stored: they are created */
+	trust->smb_userid = user_rid_to_uid(atoi(temp));
 
-		machine = name[strlen(name)-1] == '$';
-	}
-		
-	if (!machine)
-	{
-		if (ldap_check_user(ldap_struct, entry))
-			ldap_get_user(ldap_struct, entry, &ldap_passwd);
-	}
-	else
+	get_single_attribute(ldap_struct, entry, "trustAccountControl", temp);
+	trust->acct_ctrl=decode_acct_ctrl(temp);
+
+	if (trust->acct_ctrl == 0)
 	{
-		if (ldap_check_machine(ldap_struct, entry))
-			ldap_get_machine(ldap_struct, entry, &ldap_passwd);
+		/* by default it's a workstation (or stand-alone server) */
+		trust->acct_ctrl = ACB_WSTRUST;
 	}
-				
-	ldap_msgfree(result);
-	result=NULL;
-	ldap_unbind(ldap_struct);
-		
-	return(&ldap_passwd);
+
+	trust->smb_name      = user_name;
+	trust->smb_passwd    = NULL;
+	trust->smb_nt_passwd = smbntpwd;
 }
 
 /************************************************************************
@@ -424,30 +429,6 @@ BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
     return False;
 }
 
-/************************************************************************
- Routine to search ldap passwd by name.
-
- do not call this function directly.  use passdb.c instead.
-
-*************************************************************************/
-
-struct smb_passwd *getldappwnam(char *name)
-{
-  return get_ldappwd_entry(name, 0);
-}
-
-/************************************************************************
- Routine to search ldap passwd by uid.
-
- do not call this function directly.  use passdb.c instead.
-
-*************************************************************************/
-
-struct smb_passwd *getldappwuid(unsigned int uid)
-{
-	return get_ldappwd_entry(NULL, uid);
-}
-
 /***************************************************************
  Start to enumerate the ldap passwd list. Returns a void pointer
  to ensure no modification outside this module.
@@ -526,6 +507,9 @@ struct smb_passwd *getldappwent(void *vp)
 
 /***************************************************************
  End enumeration of the ldap passwd list.
+
+ do not call this function directly.  use passdb.c instead.
+
 ****************************************************************/
 void endldappwent(void *vp)
 {
author	Luke Leighton <lkcl@samba.org>	1998-05-11 15:56:01 +0000
committer	Luke Leighton <lkcl@samba.org>	1998-05-11 15:56:01 +0000
commit	f004d84f683673b7cb167320e3e78a3fcefdfd07 (patch)
tree	2cddfdf965e6d24a101ada63ca6496af3813773e /source3/passdb/ldap.c
parent	b3cd94780d9eba7119cc3a1657822e42d6097af1 (diff)
download	samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.tar.gz samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.tar.bz2 samba-f004d84f683673b7cb167320e3e78a3fcefdfd07.zip