diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/ads_utils.c | 46 | ||||
-rw-r--r-- | source3/libads/kerberos_verify.c | 6 | ||||
-rw-r--r-- | source3/libads/krb5_setpw.c | 11 | ||||
-rw-r--r-- | source3/libads/ldap.c | 66 | ||||
-rw-r--r-- | source3/libads/ldap_utils.c | 10 |
5 files changed, 44 insertions, 95 deletions
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 626c177926..750940e336 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -89,52 +89,6 @@ uint32 ads_uf2atype(uint32 uf) } /* -translated the GROUP_CTRL Flags to GroupType (groupType) -*/ -uint32 ads_gcb2gtype(uint16 gcb) -{ - uint32 gtype = 0x00000000; - - if (gcb & GCB_ALIAS_GROUP) gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP; - else if(gcb & GCB_LOCAL_GROUP) gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP; - if (gcb & GCB_GLOBAL_GROUP) gtype |= GTYPE_SECURITY_GLOBAL_GROUP; - - return gtype; -} - -/* -translated the GroupType (groupType) to GROUP_CTRL Flags -*/ -uint16 ads_gtype2gcb(uint32 gtype) -{ - uint16 gcb = 0x0000; - - switch(gtype) { - case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: - gcb = GCB_ALIAS_GROUP; - break; - case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: - gcb = GCB_LOCAL_GROUP; - break; - case GTYPE_SECURITY_GLOBAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - - case GTYPE_DISTRIBUTION_GLOBAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: - gcb = GCB_LOCAL_GROUP; - break; - case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - } - - return gcb; -} - -/* get the accountType from the groupType */ uint32 ads_gtype2atype(uint32 gtype) diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 56ec33b0a6..4d9a1bf765 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -148,12 +148,6 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, get_auth_data_from_tkt(auth_data, tkt); - { - TALLOC_CTX *ctx = talloc_init("pac data"); - decode_pac_data(auth_data); - talloc_destroy(ctx); - } - #if 0 if (tkt->enc_part2) { file_save("/tmp/authdata.dat", diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 214871b3fb..a5b9eee4ce 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -538,6 +538,7 @@ ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char krb5_free_creds(context, credsp); krb5_free_principal(context, creds.client); + krb5_free_principal(context, creds.server); krb5_free_principal(context, principal); krb5_free_context(context); @@ -570,11 +571,11 @@ kerb_prompter(krb5_context ctx, void *data, return 0; } -static ADS_STATUS krb5_chg_password(const char *kdc_host, - const char *principal, - const char *oldpw, - const char *newpw, - int time_offset) +ADS_STATUS krb5_chg_password(const char *kdc_host, + const char *principal, + const char *oldpw, + const char *newpw, + int time_offset) { ADS_STATUS aret; krb5_error_code ret; diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index baedfb28db..67827d27f3 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -401,7 +401,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param expr Search expression - specified in local charset + * @param exp Search expression - specified in local charset * @param attrs Attributes to retrieve - specified in utf8 or ascii * @param res ** which will contain results - free res* with ads_msgfree() * @param count Number of entries retrieved on this page @@ -409,12 +409,12 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) * @return status of search **/ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, - int scope, const char *expr, + int scope, const char *exp, const char **attrs, void **res, int *count, void **cookie) { int rc, i, version; - char *utf8_expr, *utf8_path, **search_attrs; + char *utf8_exp, *utf8_path, **search_attrs; LDAPControl PagedResults, NoReferrals, *controls[3], **rcontrols; BerElement *cookie_be = NULL; struct berval *cookie_bv= NULL; @@ -428,7 +428,7 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, /* 0 means the conversion worked but the result was empty so we only fail if it's -1. In any case, it always at least nulls out the dest */ - if ((push_utf8_talloc(ctx, &utf8_expr, expr) == (size_t)-1) || + if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) || (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) { rc = LDAP_NO_MEMORY; goto done; @@ -489,7 +489,7 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, */ ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); - rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_expr, + rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_exp, search_attrs, 0, controls, NULL, NULL, LDAP_NO_LIMIT, (LDAPMessage **)res); @@ -497,7 +497,7 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, ber_bvfree(cookie_bv); if (rc) { - DEBUG(3,("ldap_search_ext_s(%s) -> %s\n", expr, ldap_err2string(rc))); + DEBUG(3,("ldap_search_ext_s(%s) -> %s\n", exp, ldap_err2string(rc))); goto done; } @@ -541,20 +541,20 @@ done: * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param expr Search expression + * @param exp Search expression * @param attrs Attributes to retrieve * @param res ** which will contain results - free res* with ads_msgfree() * @return status of search **/ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path, - int scope, const char *expr, + int scope, const char *exp, const char **attrs, void **res) { void *cookie = NULL; int count = 0; ADS_STATUS status; - status = ads_do_paged_search(ads, bind_path, scope, expr, attrs, res, + status = ads_do_paged_search(ads, bind_path, scope, exp, attrs, res, &count, &cookie); if (!ADS_ERR_OK(status)) return status; @@ -564,7 +564,7 @@ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path, ADS_STATUS status2; LDAPMessage *msg, *next; - status2 = ads_do_paged_search(ads, bind_path, scope, expr, + status2 = ads_do_paged_search(ads, bind_path, scope, exp, attrs, &res2, &count, &cookie); if (!ADS_ERR_OK(status2)) break; @@ -588,14 +588,14 @@ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path, * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param expr Search expression - specified in local charset + * @param exp Search expression - specified in local charset * @param attrs Attributes to retrieve - specified in UTF-8 or ascii * @param fn Function which takes attr name, values list, and data_area * @param data_area Pointer which is passed to function on each call * @return status of search **/ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, - int scope, const char *expr, const char **attrs, + int scope, const char *exp, const char **attrs, BOOL(*fn)(char *, void **, void *), void *data_area) { @@ -604,7 +604,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, ADS_STATUS status; void *res; - status = ads_do_paged_search(ads, bind_path, scope, expr, attrs, &res, + status = ads_do_paged_search(ads, bind_path, scope, exp, attrs, &res, &count, &cookie); if (!ADS_ERR_OK(status)) return status; @@ -613,7 +613,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, ads_msgfree(ads, res); while (cookie) { - status = ads_do_paged_search(ads, bind_path, scope, expr, attrs, + status = ads_do_paged_search(ads, bind_path, scope, exp, attrs, &res, &count, &cookie); if (!ADS_ERR_OK(status)) break; @@ -630,18 +630,18 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, * @param ads connection to ads server * @param bind_path Base dn for the search * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE) - * @param expr Search expression + * @param exp Search expression * @param attrs Attributes to retrieve * @param res ** which will contain results - free res* with ads_msgfree() * @return status of search **/ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, - const char *expr, + const char *exp, const char **attrs, void **res) { struct timeval timeout; int rc; - char *utf8_expr, *utf8_path, **search_attrs = NULL; + char *utf8_exp, *utf8_path, **search_attrs = NULL; TALLOC_CTX *ctx; if (!(ctx = talloc_init("ads_do_search"))) { @@ -652,7 +652,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, /* 0 means the conversion worked but the result was empty so we only fail if it's negative. In any case, it always at least nulls out the dest */ - if ((push_utf8_talloc(ctx, &utf8_expr, expr) == (size_t)-1) || + if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) || (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) { DEBUG(1,("ads_do_search: push_utf8_talloc() failed!")); rc = LDAP_NO_MEMORY; @@ -679,7 +679,7 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, /* see the note in ads_do_paged_search - we *must* disable referrals */ ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); - rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_expr, + rc = ldap_search_ext_s(ads->ld, utf8_path, scope, utf8_exp, search_attrs, 0, NULL, NULL, &timeout, LDAP_NO_LIMIT, (LDAPMessage **)res); @@ -698,16 +698,16 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, * Do a general ADS search * @param ads connection to ads server * @param res ** which will contain results - free res* with ads_msgfree() - * @param expr Search expression + * @param exp Search expression * @param attrs Attributes to retrieve * @return status of search **/ ADS_STATUS ads_search(ADS_STRUCT *ads, void **res, - const char *expr, + const char *exp, const char **attrs) { return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - expr, attrs, res); + exp, attrs, res); } /** @@ -772,18 +772,18 @@ char *ads_get_dn(ADS_STRUCT *ads, void *res) ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, void **res, const char *host) { ADS_STATUS status; - char *expr; + char *exp; const char *attrs[] = {"*", "nTSecurityDescriptor", NULL}; /* the easiest way to find a machine account anywhere in the tree is to look for hostname$ */ - if (asprintf(&expr, "(samAccountName=%s$)", host) == -1) { + if (asprintf(&exp, "(samAccountName=%s$)", host) == -1) { DEBUG(1, ("asprintf failed!\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - status = ads_search(ads, res, expr, attrs); - free(expr); + status = ads_search(ads, res, exp, attrs); + free(exp); return status; } @@ -1424,7 +1424,7 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) { const char *attrs[] = {"nTSecurityDescriptor", "objectSid", 0}; - char *expr = 0; + char *exp = 0; size_t sd_size = 0; struct berval bval = {0, NULL}; prs_struct ps_wire; @@ -1452,7 +1452,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } - if (asprintf(&expr, "(samAccountName=%s$)", escaped_hostname) == -1) { + if (asprintf(&exp, "(samAccountName=%s$)", escaped_hostname) == -1) { DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n")); SAFE_FREE(escaped_hostname); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); @@ -1460,7 +1460,7 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) SAFE_FREE(escaped_hostname); - ret = ads_search(ads, (void *) &res, expr, attrs); + ret = ads_search(ads, (void *) &res, exp, attrs); if (!ADS_ERR_OK(ret)) return ret; @@ -2036,7 +2036,7 @@ but you need to force the bind path to match the configurationNamingContext from */ ADS_STATUS ads_workgroup_name(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **workgroup) { - char *expr; + char *exp; ADS_STATUS rc; char **principles; char *prefix; @@ -2047,10 +2047,10 @@ ADS_STATUS ads_workgroup_name(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **workg (*workgroup) = NULL; - asprintf(&expr, "(&(objectclass=computer)(dnshostname=%s.%s))", + asprintf(&exp, "(&(objectclass=computer)(dnshostname=%s.%s))", ads->config.ldap_server_name, ads->config.realm); - rc = ads_search(ads, &res, expr, attrs); - free(expr); + rc = ads_search(ads, &res, exp, attrs); + free(exp); if (!ADS_ERR_OK(rc)) { return rc; diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index 6855600288..907f7c8aff 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -28,7 +28,7 @@ this is supposed to catch dropped connections and auto-reconnect */ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, - const char *expr, + const char *exp, const char **attrs, void **res) { ADS_STATUS status; @@ -46,10 +46,10 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); while (count--) { - status = ads_do_search_all(ads, bp, scope, expr, attrs, res); + status = ads_do_search_all(ads, bp, scope, exp, attrs, res); if (ADS_ERR_OK(status)) { DEBUG(5,("Search for %s gave %d replies\n", - expr, ads_count_replies(ads, *res))); + exp, ads_count_replies(ads, *res))); free(bp); return status; } @@ -79,11 +79,11 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, - const char *expr, + const char *exp, const char **attrs) { return ads_do_search_retry(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, - expr, attrs, res); + exp, attrs, res); } ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, |