summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_ldap_helpers.c162
-rw-r--r--source3/rpc_server/srv_samr.c126
2 files changed, 236 insertions, 52 deletions
diff --git a/source3/rpc_server/srv_ldap_helpers.c b/source3/rpc_server/srv_ldap_helpers.c
new file mode 100644
index 0000000000..d1c091c6c9
--- /dev/null
+++ b/source3/rpc_server/srv_ldap_helpers.c
@@ -0,0 +1,162 @@
+#ifdef USE_LDAP
+
+#include "includes.h"
+#include "lber.h"
+#include "ldap.h"
+
+extern int DEBUGLEVEL;
+
+/*******************************************************************
+ find a user or a machine return a smbpass struct.
+******************************************************************/
+static void make_ldap_sam_user_info_21(LDAP *ldap_struct, LDAPMessage *entry, SAM_USER_INFO_21 *user)
+{
+ pstring cn;
+ pstring fullname;
+ pstring home_dir;
+ pstring dir_drive;
+ pstring logon_script;
+ pstring profile_path;
+ pstring acct_desc;
+ pstring workstations;
+ pstring temp;
+
+ if (ldap_check_user(ldap_struct, entry)==True)
+ {
+ get_single_attribute(ldap_struct, entry, "cn", cn);
+ get_single_attribute(ldap_struct, entry, "userFullName", fullname);
+ get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir);
+ get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive);
+ get_single_attribute(ldap_struct, entry, "scriptPath", logon_script);
+ get_single_attribute(ldap_struct, entry, "profilePath", profile_path);
+ get_single_attribute(ldap_struct, entry, "comment", acct_desc);
+ get_single_attribute(ldap_struct, entry, "userWorkstations", workstations);
+
+ get_single_attribute(ldap_struct, entry, "rid", temp);
+ user->user_rid=atoi(temp);
+ get_single_attribute(ldap_struct, entry, "primaryGroupID", temp);
+ user->group_rid=atoi(temp);
+ get_single_attribute(ldap_struct, entry, "controlAccessRights", temp);
+ user->acb_info=atoi(temp);
+
+ make_unistr2(&(user->uni_user_name), cn, strlen(cn));
+ make_uni_hdr(&(user->hdr_user_name), strlen(cn), strlen(cn), 1);
+ make_unistr2(&(user->uni_full_name), fullname, strlen(fullname));
+ make_uni_hdr(&(user->hdr_full_name), strlen(fullname), strlen(fullname), 1);
+ make_unistr2(&(user->uni_home_dir), home_dir, strlen(home_dir));
+ make_uni_hdr(&(user->hdr_home_dir), strlen(home_dir), strlen(home_dir), 1);
+ make_unistr2(&(user->uni_dir_drive), dir_drive, strlen(dir_drive));
+ make_uni_hdr(&(user->hdr_dir_drive), strlen(dir_drive), strlen(dir_drive), 1);
+ make_unistr2(&(user->uni_logon_script), logon_script, strlen(logon_script));
+ make_uni_hdr(&(user->hdr_logon_script), strlen(logon_script), strlen(logon_script), 1);
+ make_unistr2(&(user->uni_profile_path), profile_path, strlen(profile_path));
+ make_uni_hdr(&(user->hdr_profile_path), strlen(profile_path), strlen(profile_path), 1);
+ make_unistr2(&(user->uni_acct_desc), acct_desc, strlen(acct_desc));
+ make_uni_hdr(&(user->hdr_acct_desc), strlen(acct_desc), strlen(acct_desc), 1);
+ make_unistr2(&(user->uni_workstations), workstations, strlen(workstations));
+ make_uni_hdr(&(user->hdr_workstations), strlen(workstations), strlen(workstations), 1);
+ }
+}
+
+/*******************************************************************
+ find a user or a machine return a smbpass struct.
+******************************************************************/
+BOOL get_ldap_entries(SAM_USER_INFO_21 *pw_buf,
+ int *total_entries, int *num_entries,
+ int max_num_entries,
+ uint16 acb_mask, int switch_level)
+{
+ LDAP *ldap_struct;
+ LDAPMessage *result;
+ LDAPMessage *entry;
+
+ int scope = LDAP_SCOPE_ONELEVEL;
+ int rc;
+
+ char filter[256];
+
+ (*num_entries) = 0;
+ (*total_entries) = 0;
+
+ if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */
+ return (False);
+
+ if (!ldap_connect_system(ldap_struct)) /* connect as system account */
+ return (False);
+
+
+ /* when the class is known the search is much faster */
+ switch (switch_level)
+ {
+ case 1: strcpy(filter, "objectclass=sambaAccount");
+ break;
+ case 2: strcpy(filter, "objectclass=sambaMachine");
+ break;
+ default: strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
+ break;
+ }
+
+ rc=ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result);
+
+ DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_struct, result) ));
+
+ for ( entry = ldap_first_entry(ldap_struct, result);
+ (entry != NULL) && (*num_entries) < max_num_entries;
+ entry = ldap_next_entry(ldap_struct, entry) )
+ {
+ make_ldap_sam_user_info_21(ldap_struct, entry, &(pw_buf[(*num_entries)]) );
+
+ if (acb_mask == 0 || IS_BITS_SET_SOME(pw_buf[(*num_entries)].acb_info, acb_mask))
+ {
+ DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
+ (*num_entries)++;
+ }
+ else
+ {
+ DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
+ }
+
+ (*total_entries)++;
+ }
+
+ ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
+ return (*num_entries) > 0;
+}
+
+BOOL ldap_get_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
+{
+ LDAP *ldap_struct;
+ LDAPMessage *result;
+ LDAPMessage *entry;
+
+ if (!ldap_open_connection(&ldap_struct))
+ return (False);
+ if (!ldap_connect_system(ldap_struct))
+ return (False);
+
+ if (!ldap_search_one_user_by_uid(ldap_struct, rid, &result))
+ return (False);
+
+ if (ldap_count_entries(ldap_struct, result) == 0)
+ {
+ DEBUG(2,("%s: Non existant user!\n", timestring() ));
+ return (False);
+ }
+
+ if (ldap_count_entries(ldap_struct, result) > 1)
+ {
+ DEBUG(2,("%s: Strange %d users in the base!\n",
+ timestring(), ldap_count_entries(ldap_struct, result) ));
+ }
+ /* take the first and unique entry */
+ entry=ldap_first_entry(ldap_struct, result);
+
+ make_ldap_sam_user_info_21(ldap_struct, entry, id21);
+
+ ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
+ return(True);
+}
+
+#endif
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 162d9c45d0..aa240ad3c6 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -45,55 +45,55 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
{
void *vp = NULL;
struct smb_passwd *pwd = NULL;
-
- (*num_entries) = 0;
- (*total_entries) = 0;
-
- if (pw_buf == NULL) return False;
-
- vp = startsmbpwent(False);
- if (!vp)
- {
- DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n"));
- return False;
- }
-
- while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries)
- {
- int user_name_len = strlen(pwd->smb_name);
- make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
- make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
- user_name_len, 1);
- pw_buf[(*num_entries)].user_rid = pwd->smb_userid;
- bzero( pw_buf[(*num_entries)].nt_pwd , 16);
-
- /* Now check if the NT compatible password is available. */
- if (pwd->smb_nt_passwd != NULL)
- {
- memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
- }
-
- pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
-
- DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x",
- (*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl));
-
- if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
- {
- DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
- (*num_entries)++;
- }
- else
- {
- DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
- }
-
- (*total_entries)++;
- }
-
- endsmbpwent(vp);
-
- return (*num_entries) > 0;
+
+ (*num_entries) = 0;
+ (*total_entries) = 0;
+
+ if (pw_buf == NULL) return False;
+
+ vp = startsmbpwent(False);
+ if (!vp)
+ {
+ DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n"));
+ return False;
+ }
+
+ while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries)
+ {
+ int user_name_len = strlen(pwd->smb_name);
+ make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len-1);
+ make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1,
+ user_name_len-1, 1);
+ pw_buf[(*num_entries)].user_rid = pwd->smb_userid;
+ bzero( pw_buf[(*num_entries)].nt_pwd , 16);
+
+ /* Now check if the NT compatible password is available. */
+ if (pwd->smb_nt_passwd != NULL)
+ {
+ memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
+ }
+
+ pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
+
+ DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x",
+ (*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl));
+
+ if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
+ {
+ DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
+ (*num_entries)++;
+ }
+ else
+ {
+ DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
+ }
+
+ (*total_entries)++;
+ }
+
+ endsmbpwent(vp);
+
+ return (*num_entries) > 0;
}
/*******************************************************************
@@ -463,33 +463,52 @@ static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
+#ifndef USE_LDAP
become_root(True);
got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
unbecome_root(True);
+#endif
switch (q_u->switch_level)
{
case 0x1:
{
+
/* query disp info is for users */
+ switch_level = 0x1;
+#ifdef USE_LDAP
+ got_pwds = get_ldap_entries(pass,
+ &total_entries,
+ &num_entries,
+ MAX_SAM_ENTRIES,
+ 0,
+ switch_level);
+#endif
make_sam_info_1(&info1, ACB_NORMAL,
q_u->start_idx, num_entries, pass);
ctr.sam.info1 = &info1;
- switch_level = 0x1;
break;
}
case 0x2:
{
/* query disp info is for servers */
+ switch_level = 0x2;
+#ifdef USE_LDAP
+ got_pwds = get_ldap_entries(pass,
+ &total_entries,
+ &num_entries,
+ MAX_SAM_ENTRIES,
+ 0,
+ switch_level);
+#endif
make_sam_info_2(&info2, ACB_WSTRUST,
q_u->start_idx, num_entries, pass);
ctr.sam.info2 = &info2;
- switch_level = 0x2;
break;
}
@@ -1025,8 +1044,11 @@ static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
case 21:
{
info = (void*)&id21;
+#ifdef USE_LDAP
+ status = ldap_get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER;
+#else
status = get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER;
-
+#endif
break;
}