diff options
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/ads_status.c | 9 | ||||
| -rw-r--r-- | source3/libads/ads_struct.c | 23 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 16 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 95 | ||||
| -rw-r--r-- | source3/libads/kerberos_verify.c | 3 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 149 | ||||
| -rw-r--r-- | source3/libads/ndr.c | 118 |
7 files changed, 348 insertions, 65 deletions
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index ecef9d224b..29148e8543 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -141,3 +141,12 @@ const char *ads_errstr(ADS_STATUS status) } } +#ifdef HAVE_GSSAPI +NTSTATUS gss_err_to_ntstatus(uint32 maj, uint32 min) +{ + ADS_STATUS adss = ADS_ERROR_GSS(maj, min); + DEBUG(10,("gss_err_to_ntstatus: Error %s\n", + ads_errstr(adss) )); + return ads_ntstatus(adss); +} +#endif diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 041878916e..8cc2f1215e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -29,35 +29,42 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int int numbits = 0; char *ret; int len; - + char *saveptr; + r = SMB_STRDUP(realm); - if (!r || !*r) + if (!r || !*r) { return r; + } - for (p=r; *p; p++) - if (strchr(sep, *p)) + for (p=r; *p; p++) { + if (strchr(sep, *p)) { numbits++; + } + } len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; ret = (char *)SMB_MALLOC(len); - if (!ret) + if (!ret) { + free(r); return NULL; + } strlcpy(ret,field, len); - p=strtok(r,sep); + p=strtok_r(r, sep, &saveptr); if (p) { strlcat(ret, p, len); - while ((p=strtok(NULL,sep))) { + while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) { char *s; if (reverse) asprintf(&s, "%s%s,%s", field, p, ret); else asprintf(&s, "%s,%s%s", ret, field, p); free(ret); - ret = s; + ret = SMB_STRDUP(s); + free(s); } } diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 500f2d455e..644f8515bc 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -214,7 +214,7 @@ static bool pac_io_group_membership_array(const char *desc, static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, prs_struct *ps, int depth) { - uint32 garbage, i; + uint32 garbage = 0, i; if (NULL == info) return False; @@ -398,7 +398,7 @@ static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, prs_struct *ps, int depth) { - uint32 garbage; + uint32 garbage = 0; bool kerb_validation_info = True; if (NULL == info) @@ -429,8 +429,8 @@ static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, if (info->info3.ptr_res_groups) { - if (!(info->info3.user_flgs & LOGON_RESOURCE_GROUPS)) { - DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n")); + if (!(info->info3.user_flgs & NETLOGON_RESOURCE_GROUPS)) { + DEBUG(0,("user_flgs attribute does not have NETLOGON_RESOURCE_GROUPS\n")); /* return False; */ } @@ -738,10 +738,10 @@ void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info) DEBUG(lvl,("The PAC:\n")); DEBUGADD(lvl,("\tUser Flags: 0x%x (%d)\n", user_flgs, user_flgs)); - if (user_flgs & LOGON_EXTRA_SIDS) - DEBUGADD(lvl,("\tUser Flags: LOGON_EXTRA_SIDS 0x%x (%d)\n", LOGON_EXTRA_SIDS, LOGON_EXTRA_SIDS)); - if (user_flgs & LOGON_RESOURCE_GROUPS) - DEBUGADD(lvl,("\tUser Flags: LOGON_RESOURCE_GROUPS 0x%x (%d)\n", LOGON_RESOURCE_GROUPS, LOGON_RESOURCE_GROUPS)); + if (user_flgs & NETLOGON_EXTRA_SIDS) + DEBUGADD(lvl,("\tUser Flags: NETLOGON_EXTRA_SIDS 0x%x (%d)\n", NETLOGON_EXTRA_SIDS, NETLOGON_EXTRA_SIDS)); + if (user_flgs & NETLOGON_RESOURCE_GROUPS) + DEBUGADD(lvl,("\tUser Flags: NETLOGON_RESOURCE_GROUPS 0x%x (%d)\n", NETLOGON_RESOURCE_GROUPS, NETLOGON_RESOURCE_GROUPS)); DEBUGADD(lvl,("\tUser SID: %s-%d\n", sid_string_dbg(&dom_sid), logon_info->info3.user_rid)); DEBUGADD(lvl,("\tGroup SID: %s-%d\n", sid_string_dbg(&dom_sid), diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 227f95d15e..d47e8a3ff1 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -25,6 +25,8 @@ #ifdef HAVE_KRB5 +#define DEFAULT_KRB5_PORT 88 + #define LIBADS_CCACHE_NAME "MEMORY:libads" /* @@ -209,7 +211,8 @@ int kerberos_kinit_password_ext(const char *principal, krb5_set_real_time(ctx, time(NULL) + time_offset, 0); } - DEBUG(10,("kerberos_kinit_password: using [%s] as ccache and config [%s]\n", + DEBUG(10,("kerberos_kinit_password: as %s using [%s] as ccache and config [%s]\n", + principal, cache_name ? cache_name: krb5_cc_default_name(ctx), getenv("KRB5_CONFIG"))); @@ -521,7 +524,10 @@ char *kerberos_get_default_realm_from_ccache( void ) #if defined(HAVE_KRB5_PRINCIPAL_GET_REALM) realm = SMB_STRDUP(krb5_principal_get_realm(ctx, princ)); #elif defined(HAVE_KRB5_PRINC_REALM) - realm = SMB_STRDUP(krb5_princ_realm(ctx, princ)->data); + { + krb5_data *realm_data = krb5_princ_realm(ctx, princ); + realm = SMB_STRNDUP(realm_data->data, realm_data->length); + } #endif out: @@ -662,6 +668,57 @@ int kerberos_kinit_password(const char *principal, } /************************************************************************ +************************************************************************/ + +static char *print_kdc_line(char *mem_ctx, + const char *prev_line, + const struct sockaddr_storage *pss) +{ + char *kdc_str = NULL; + + if (pss->ss_family == AF_INET) { + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, + print_canonical_sockaddr(mem_ctx, pss)); + } else { + char addr[INET6_ADDRSTRLEN]; + uint16_t port = get_sockaddr_port(pss); + + if (port != 0 && port != DEFAULT_KRB5_PORT) { + /* Currently for IPv6 we can't specify a non-default + krb5 port with an address, as this requires a ':'. + Resolve to a name. */ + char hostname[MAX_DNS_NAME_LENGTH]; + int ret = sys_getnameinfo((const struct sockaddr *)pss, + sizeof(*pss), + hostname, sizeof(hostname), + NULL, 0, + NI_NAMEREQD); + if (ret) { + DEBUG(0,("print_kdc_line: can't resolve name " + "for kdc with non-default port %s. " + "Error %s\n.", + print_canonical_sockaddr(mem_ctx, pss), + gai_strerror(ret))); + } + /* Success, use host:port */ + kdc_str = talloc_asprintf(mem_ctx, + "%s\tkdc = %s:%u\n", + prev_line, + hostname, + (unsigned int)port); + } else { + kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + prev_line, + print_sockaddr(addr, + sizeof(addr), + pss)); + } + } + return kdc_str; +} + +/************************************************************************ Create a string list of available kdc's, possibly searching by sitename. Does DNS queries. ************************************************************************/ @@ -673,12 +730,10 @@ static char *get_kdc_ip_string(char *mem_ctx, { int i; struct ip_service *ip_srv_site = NULL; - struct ip_service *ip_srv_nonsite; + struct ip_service *ip_srv_nonsite = NULL; int count_site = 0; int count_nonsite; - char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n", - print_canonical_sockaddr(mem_ctx, - pss)); + char *kdc_str = print_kdc_line(mem_ctx, "", pss); if (kdc_str == NULL) { return NULL; @@ -696,10 +751,9 @@ static char *get_kdc_ip_string(char *mem_ctx, } /* Append to the string - inefficient * but not done often. */ - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", - kdc_str, - print_canonical_sockaddr(mem_ctx, - &ip_srv_site[i].ss)); + kdc_str = print_kdc_line(mem_ctx, + kdc_str, + &ip_srv_site[i].ss); if (!kdc_str) { SAFE_FREE(ip_srv_site); return NULL; @@ -734,10 +788,9 @@ static char *get_kdc_ip_string(char *mem_ctx, } /* Append to the string - inefficient but not done often. */ - kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", + kdc_str = print_kdc_line(mem_ctx, kdc_str, - print_canonical_sockaddr(mem_ctx, - &ip_srv_nonsite[i].ss)); + &ip_srv_nonsite[i].ss); if (!kdc_str) { SAFE_FREE(ip_srv_site); SAFE_FREE(ip_srv_nonsite); @@ -812,10 +865,14 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, return False; } - file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n" - "[realms]\n\t%s = {\n" - "\t%s\t}\n", - realm_upper, realm_upper, kdc_ip_string); + file_contents = talloc_asprintf(fname, + "[libdefaults]\n\tdefault_realm = %s\n" + "default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" + "[realms]\n\t%s = {\n" + "\t%s\t}\n", + realm_upper, realm_upper, kdc_ip_string); if (!file_contents) { TALLOC_FREE(dname); @@ -869,8 +926,8 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, } DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote " - "file %s with realm %s KDC = %s\n", - fname, realm_upper, print_canonical_sockaddr(dname, pss) )); + "file %s with realm %s KDC list = %s\n", + fname, realm_upper, kdc_ip_string)); /* Set the environment variable to this file. */ setenv("KRB5_CONFIG", fname, 1); diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 7040093e90..5ce7aa6b45 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -501,8 +501,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, DEBUG(3,("ads_verify_ticket: did not retrieve auth data. continuing without PAC\n")); } - if (got_auth_data && pac_data != NULL) { - + if (got_auth_data) { pac_ret = decode_pac_data(mem_ctx, &auth_data, context, keyblock, client_principal, authtime, pac_data); if (!NT_STATUS_IS_OK(pac_ret)) { DEBUG(3,("ads_verify_ticket: failed to decode PAC_DATA: %s\n", nt_errstr(pac_ret))); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 348ccacaee..7b0adc2fc3 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -56,6 +56,10 @@ static void gotalarm_sig(void) { LDAP *ldp = NULL; + + DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout " + "%u seconds\n", server, port, to)); + /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); @@ -65,8 +69,10 @@ static void gotalarm_sig(void) ldp = ldap_open(server, port); if (ldp == NULL) { - DEBUG(2,("Could not open LDAP connection to %s:%d: %s\n", + DEBUG(2,("Could not open connection to LDAP server %s:%d: %s\n", server, port, strerror(errno))); + } else { + DEBUG(10, ("Connected to LDAP server '%s:%d'\n", server, port)); } /* Teardown timeout. */ @@ -385,6 +391,13 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) /* try with a user specified server */ + if (DEBUGLEVEL >= 11) { + char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads); + DEBUG(11,("ads_connect: entering\n")); + DEBUGADD(11,("%s\n", s)); + TALLOC_FREE(s); + } + if (ads->server.ldap_server && ads_try_connect(ads, ads->server.ldap_server)) { goto got_connection; @@ -395,12 +408,13 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) goto got_connection; } - return ADS_ERROR_NT(ntstatus); + status = ADS_ERROR_NT(ntstatus); + goto out; got_connection: print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - DEBUG(3,("Connected to LDAP server %s\n", addr)); + DEBUG(3,("Successfully contacted LDAP server %s\n", addr)); if (!ads->auth.user_name) { /* Must use the userPrincipalName value here or sAMAccountName @@ -432,21 +446,25 @@ got_connection: /* If the caller() requested no LDAP bind, then we are done */ if (ads->auth.flags & ADS_AUTH_NO_BIND) { - return ADS_SUCCESS; + status = ADS_SUCCESS; + goto out; } ads->ldap.mem_ctx = talloc_init("ads LDAP connection memory"); if (!ads->ldap.mem_ctx) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + goto out; } /* Otherwise setup the TCP LDAP session */ - if ( (ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, - LDAP_PORT, lp_ldap_timeout())) == NULL ) - { - return ADS_ERROR(LDAP_OPERATIONS_ERROR); + ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, + LDAP_PORT, lp_ldap_timeout()); + if (ads->ldap.ld == NULL) { + status = ADS_ERROR(LDAP_OPERATIONS_ERROR); + goto out; } + DEBUG(3,("Connected to LDAP server %s\n", ads->config.ldap_server_name)); /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { @@ -459,27 +477,40 @@ got_connection: status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version)); if (!ADS_ERR_OK(status)) { - return status; + goto out; } /* fill in the current time and offsets */ status = ads_current_time( ads ); if ( !ADS_ERR_OK(status) ) { - return status; + goto out; } /* Now do the bind */ if (ads->auth.flags & ADS_AUTH_ANON_BIND) { - return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, NULL, NULL)); + status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL)); + goto out; } if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) { - return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, ads->auth.user_name, ads->auth.password)); + status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth.user_name, ads->auth.password)); + goto out; } - return ads_sasl_bind(ads); + status = ads_sasl_bind(ads); + + out: + if (DEBUGLEVEL >= 11) { + char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads); + DEBUG(11,("ads_connect: leaving with: %s\n", + ads_errstr(status))); + DEBUGADD(11,("%s\n", s)); + TALLOC_FREE(s); + } + + return status; } /** @@ -2384,20 +2415,22 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) LDAPMessage *msg, const char *field, SEC_DESC **sd) { struct berval **values; - bool ret = False; + bool ret = true; values = ldap_get_values_len(ads->ldap.ld, msg, field); - if (!values) return False; + if (!values) return false; if (values[0]) { - prs_struct ps; - prs_init(&ps, values[0]->bv_len, mem_ctx, UNMARSHALL); - prs_copy_data_in(&ps, values[0]->bv_val, values[0]->bv_len); - prs_set_offset(&ps,0); - - ret = sec_io_desc("sd", sd, &ps, 1); - prs_mem_free(&ps); + NTSTATUS status; + status = unmarshall_sec_desc(mem_ctx, + (uint8 *)values[0]->bv_val, + values[0]->bv_len, sd); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("unmarshall_sec_desc failed: %s\n", + nt_errstr(status))); + ret = false; + } } ldap_value_free_len(values); @@ -2789,6 +2822,66 @@ ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffix } /** + * get the joinable ous for a domain + * @param ads connection to ads server + * @param mem_ctx Pointer to talloc context + * @param ous Pointer to an array of ous + * @param num_ous Pointer to the number of ous + * @return status of search + **/ +ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + char ***ous, + size_t *num_ous) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + LDAPMessage *msg = NULL; + const char *attrs[] = { "dn", NULL }; + int count = 0; + + status = ads_search(ads, &res, + "(|(objectClass=domain)(objectclass=organizationalUnit))", + attrs); + if (!ADS_ERR_OK(status)) { + return status; + } + + count = ads_count_replies(ads, res); + if (count < 1) { + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); + } + + for (msg = ads_first_entry(ads, res); msg; + msg = ads_next_entry(ads, msg)) { + + char *dn = NULL; + + dn = ads_get_dn(ads, msg); + if (!dn) { + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + if (!add_string_to_array(mem_ctx, dn, + (const char ***)ous, + (int *)num_ous)) { + ads_memfree(ads, dn); + ads_msgfree(ads, res); + return ADS_ERROR(LDAP_NO_MEMORY); + } + + ads_memfree(ads, dn); + } + + ads_msgfree(ads, res); + + return status; +} + + +/** * pull a DOM_SID from an extended dn string * @param mem_ctx TALLOC_CTX * @param extended_dn string @@ -2957,26 +3050,26 @@ char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ) ADS_STATUS status; int count = 0; char *name = NULL; - - status = ads_find_machine_acct(ads, &res, global_myname()); + + status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_upn: Failed to find account for %s\n", global_myname())); goto out; } - + if ( (count = ads_count_replies(ads, res)) != 1 ) { DEBUG(1,("ads_get_upn: %d entries returned!\n", count)); goto out; } - + if ( (name = ads_pull_string(ads, ctx, res, "userPrincipalName")) == NULL ) { DEBUG(2,("ads_get_upn: No userPrincipalName attribute!\n")); } out: ads_msgfree(ads, res); - + return name; } diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c new file mode 100644 index 0000000000..6324a22041 --- /dev/null +++ b/source3/libads/ndr.c @@ -0,0 +1,118 @@ +/* + Unix SMB/CIFS implementation. + + debug print helpers + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_DISABLE_KERBEROS", ADS_AUTH_DISABLE_KERBEROS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_NO_BIND", ADS_AUTH_NO_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ANON_BIND", ADS_AUTH_ANON_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SIMPLE_BIND", ADS_AUTH_SIMPLE_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ALLOW_NTLMSSP", ADS_AUTH_ALLOW_NTLMSSP, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SIGN", ADS_AUTH_SASL_SIGN, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SEAL", ADS_AUTH_SASL_SEAL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_FORCE", ADS_AUTH_SASL_FORCE, r); + ndr->depth--; +} + +void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r) +{ + if (!r) { return; } + + ndr_print_struct(ndr, name, "ads_struct"); + ndr->depth++; + ndr_print_bool(ndr, "is_mine", r->is_mine); + ndr_print_struct(ndr, name, "server"); + ndr->depth++; + ndr_print_string(ndr, "realm", r->server.realm); + ndr_print_string(ndr, "workgroup", r->server.workgroup); + ndr_print_string(ndr, "ldap_server", r->server.ldap_server); + ndr_print_bool(ndr, "foreign", r->server.foreign); + ndr->depth--; + ndr_print_struct(ndr, name, "auth"); + ndr->depth++; + ndr_print_string(ndr, "realm", r->auth.realm); +#ifdef DEBUG_PASSWORD + ndr_print_string(ndr, "password", r->auth.password); +#else + ndr_print_string(ndr, "password", "(PASSWORD ommited)"); +#endif + ndr_print_string(ndr, "user_name", r->auth.user_name); + ndr_print_string(ndr, "kdc_server", r->auth.kdc_server); + ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags); + ndr_print_uint32(ndr, "time_offset", r->auth.time_offset); + ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire); + ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire); + ndr_print_time_t(ndr, "renewable", r->auth.renewable); + ndr->depth--; + ndr_print_struct(ndr, name, "config"); + ndr->depth++; + ndr_print_netr_DsR_DcFlags(ndr, "flags", r->config.flags); + ndr_print_string(ndr, "realm", r->config.realm); + ndr_print_string(ndr, "bind_path", r->config.bind_path); + ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name); + ndr_print_string(ndr, "server_site_name", r->config.server_site_name); + ndr_print_string(ndr, "client_site_name", r->config.client_site_name); + ndr_print_time_t(ndr, "current_time", r->config.current_time); + ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc); + ndr_print_string(ndr, "schema_path", r->config.schema_path); + ndr_print_string(ndr, "config_path", r->config.config_path); + ndr->depth--; +#ifdef HAVE_LDAP + ndr_print_struct(ndr, name, "ldap"); + ndr->depth++; + ndr_print_ptr(ndr, "ld", r->ldap.ld); + ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss); + ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt); + ndr_print_uint32(ndr, "port", r->ldap.port); + ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type); +#ifdef HAVE_LDAP_SASL_WRAPPING + ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod); +#endif /* HAVE_LDAP_SASL_WRAPPING */ + ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx); + ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops); + ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data); + ndr_print_struct(ndr, name, "in"); + ndr->depth++; + ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs); + ndr_print_uint32(ndr, "needed", r->ldap.in.needed); + ndr_print_uint32(ndr, "left", r->ldap.in.left); + ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped); + ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped); + ndr_print_uint32(ndr, "size", r->ldap.in.size); + ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size); + ndr->depth--; + ndr_print_struct(ndr, name, "out"); + ndr->depth++; + ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs); + ndr_print_uint32(ndr, "left", r->ldap.out.left); + ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped); + ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size); + ndr_print_uint32(ndr, "size", r->ldap.out.size); + ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size); + ndr->depth--; + ndr->depth--; +#endif /* HAVE_LDAP */ + ndr->depth--; +} |