diff options
Diffstat (limited to 'source3/libads/ldap.c')
| -rw-r--r-- | source3/libads/ldap.c | 94 |
1 files changed, 22 insertions, 72 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 7a0afb1a81..2672489482 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -63,7 +63,6 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port) ads->ldap_port = port; ads->ldap_ip = *interpret_addr2(srv); free(srv); - return True; } @@ -205,6 +204,7 @@ static BOOL ads_try_netbios(ADS_STRUCT *ads) ADS_STATUS ads_connect(ADS_STRUCT *ads) { int version = LDAP_VERSION3; + int code; ADS_STATUS status; ads->last_attempt = time(NULL); @@ -226,7 +226,7 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) /* try via DNS */ if (ads_try_dns(ads)) { goto got_connection; - } + } /* try via netbios lookups */ if (!lp_disable_netbios() && ads_try_netbios(ads)) { @@ -274,7 +274,12 @@ got_connection: } #endif - if (ads->auth.flags & ADS_AUTH_NO_BIND) { + if (ads->auth.password) { + if ((code = ads_kinit_password(ads))) + return ADS_ERROR_KRB5(code); + } + + if (ads->auth.no_bind) { return ADS_SUCCESS; } @@ -608,17 +613,14 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, char *utf8_exp, *utf8_path, **search_attrs = NULL; TALLOC_CTX *ctx; - if (!(ctx = talloc_init())) { - DEBUG(1,("ads_do_search: talloc_init() failed!")); + if (!(ctx = talloc_init())) return ADS_ERROR(LDAP_NO_MEMORY); - } /* 0 means the conversion worked but the result was empty so we only fail if it's negative. In any case, it always at least nulls out the dest */ if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) || (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) { - DEBUG(1,("ads_do_search: push_utf8_talloc() failed!")); rc = LDAP_NO_MEMORY; goto done; } @@ -630,7 +632,6 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */ if (!(str_list_copy(&search_attrs, attrs))) { - DEBUG(1,("ads_do_search: str_list_copy() failed!")); rc = LDAP_NO_MEMORY; goto done; } @@ -825,11 +826,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val) { - const char *values[2]; - - values[0] = val; - values[1] = NULL; - + const char *values[2] = {val, NULL}; if (!val) return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, @@ -864,10 +861,7 @@ ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const struct berval *val) { - const struct berval *values[2]; - - values[0] = val; - values[1] = NULL; + const struct berval *values[2] = {val, NULL}; if (!val) return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL); return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES, @@ -890,7 +884,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) non-existent attribute (but allowable for the object) to run */ LDAPControl PermitModify = { - ADS_PERMIT_MODIFY_OID, + "1.2.840.113556.1.4.1413", {0, NULL}, (char) 1}; LDAPControl *controls[2]; @@ -1416,7 +1410,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, */ asprintf(&principal, "%s$@%s", host, ads->auth.realm); - status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); + status = krb5_set_password(ads->auth.kdc_server, principal, password); free(host); free(principal); @@ -1622,26 +1616,6 @@ ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn) return ADS_SUCCESS; } -/* parse a ADS timestring - typical string is - '20020917091222.0Z0' which means 09:12.22 17th September - 2002, timezone 0 */ -static time_t ads_parse_time(const char *str) -{ - struct tm tm; - - ZERO_STRUCT(tm); - - if (sscanf(str, "%4d%2d%2d%2d%2d%2d", - &tm.tm_year, &tm.tm_mon, &tm.tm_mday, - &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { - return 0; - } - tm.tm_year -= 1900; - tm.tm_mon -= 1; - - return timegm(&tm); -} - /** * Find the servers name and realm - this can be done before authentication @@ -1652,37 +1626,22 @@ static time_t ads_parse_time(const char *str) **/ ADS_STATUS ads_server_info(ADS_STRUCT *ads) { - const char *attrs[] = {"ldapServiceName", "currentTime", NULL}; + const char *attrs[] = {"ldapServiceName", NULL}; ADS_STATUS status; void *res; - char *value; + char **values; char *p; - char *timestr; - TALLOC_CTX *ctx; - - if (!(ctx = talloc_init())) { - return ADS_ERROR(LDAP_NO_MEMORY); - } status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res); if (!ADS_ERR_OK(status)) return status; - value = ads_pull_string(ads, ctx, res, "ldapServiceName"); - if (!value) { - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - timestr = ads_pull_string(ads, ctx, res, "currentTime"); - if (!timestr) { - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - ldap_msgfree(res); + values = ldap_get_values(ads->ld, res, "ldapServiceName"); + if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - p = strchr(value, ':'); + p = strchr(values[0], ':'); if (!p) { - talloc_destroy(ctx); - DEBUG(1, ("ads_server_info: returned ldap server name did not contain a ':' so was deemed invalid\n")); + ldap_value_free(values); + ldap_msgfree(res); return ADS_ERROR(LDAP_DECODING_ERROR); } @@ -1691,9 +1650,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads) ads->config.ldap_server_name = strdup(p+1); p = strchr(ads->config.ldap_server_name, '$'); if (!p || p[1] != '@') { - talloc_destroy(ctx); + ldap_value_free(values); + ldap_msgfree(res); SAFE_FREE(ads->config.ldap_server_name); - DEBUG(1, ("ads_server_info: returned ldap server name did not contain '$@' so was deemed invalid\n")); return ADS_ERROR(LDAP_DECODING_ERROR); } @@ -1708,15 +1667,6 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads) DEBUG(3,("got ldap server name %s@%s\n", ads->config.ldap_server_name, ads->config.realm)); - ads->config.current_time = ads_parse_time(timestr); - - if (ads->config.current_time != 0) { - ads->auth.time_offset = ads->config.current_time - time(NULL); - DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset)); - } - - talloc_destroy(ctx); - return ADS_SUCCESS; } |