summaryrefslogtreecommitdiff
path: root/source4/cldap_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/cldap_server')
-rw-r--r--source4/cldap_server/cldap_server.c17
-rw-r--r--source4/cldap_server/config.mk2
-rw-r--r--source4/cldap_server/netlogon.c126
-rw-r--r--source4/cldap_server/rootdse.c21
4 files changed, 80 insertions, 86 deletions
diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
index 310fb564e0..240f2b1dc2 100644
--- a/source4/cldap_server/cldap_server.c
+++ b/source4/cldap_server/cldap_server.c
@@ -127,6 +127,7 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l
int num_interfaces;
TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
NTSTATUS status;
+ int i;
num_interfaces = iface_count(ifaces);
@@ -135,14 +136,14 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l
if (!lp_bind_interfaces_only(lp_ctx)) {
status = cldapd_add_socket(cldapd, lp_ctx, "0.0.0.0");
NT_STATUS_NOT_OK_RETURN(status);
- } else {
- int i;
-
- for (i=0; i<num_interfaces; i++) {
- const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
- status = cldapd_add_socket(cldapd, lp_ctx, address);
- NT_STATUS_NOT_OK_RETURN(status);
- }
+ }
+
+ /* now we have to also listen on the specific interfaces,
+ so that replies always come from the right IP */
+ for (i=0; i<num_interfaces; i++) {
+ const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
+ status = cldapd_add_socket(cldapd, lp_ctx, address);
+ NT_STATUS_NOT_OK_RETURN(status);
}
talloc_free(tmp_ctx);
diff --git a/source4/cldap_server/config.mk b/source4/cldap_server/config.mk
index 137a44d0f7..baf2620f32 100644
--- a/source4/cldap_server/config.mk
+++ b/source4/cldap_server/config.mk
@@ -4,7 +4,7 @@
# Start SUBSYSTEM CLDAPD
[MODULE::CLDAPD]
INIT_FUNCTION = server_service_cldapd_init
-SUBSYSTEM = smbd
+SUBSYSTEM = samba
PRIVATE_DEPENDENCIES = \
LIBCLI_CLDAP LIBNETIF process_model
# End SUBSYSTEM CLDAPD
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 0b146b3c7d..1cb0d50d02 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -84,11 +84,11 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
struct ldb_dn *dom_dn;
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
- ldb_binary_encode_string(mem_ctx, domain));
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
+ partitions_basedn, LDB_SCOPE_ONELEVEL,
+ ref_attrs,
+ "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
+ ldb_binary_encode_string(mem_ctx, domain));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
@@ -96,19 +96,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count == 1) {
- talloc_steal(mem_ctx, dom_res);
dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- ret = ldb_search(sam_ctx, dom_dn,
- LDB_SCOPE_BASE, "objectClass=domain",
- dom_attrs, &dom_res);
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+ dom_dn, LDB_SCOPE_BASE, dom_attrs,
+ "objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- talloc_steal(mem_ctx, dom_res);
if (dom_res->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
@@ -123,11 +121,11 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
struct ldb_dn *dom_dn;
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
- partitions_basedn, LDB_SCOPE_ONELEVEL,
- ref_attrs,
- "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
- ldb_binary_encode_string(mem_ctx, netbios_domain));
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
+ partitions_basedn, LDB_SCOPE_ONELEVEL,
+ ref_attrs,
+ "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))",
+ ldb_binary_encode_string(mem_ctx, netbios_domain));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find referece to '%s' in sam: %s\n",
@@ -135,19 +133,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (ref_res->count == 1) {
- talloc_steal(mem_ctx, dom_res);
dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName");
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
- ret = ldb_search(sam_ctx, dom_dn,
- LDB_SCOPE_BASE, "objectClass=domain",
- dom_attrs, &dom_res);
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
+ dom_dn, LDB_SCOPE_BASE, dom_attrs,
+ "objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- talloc_steal(mem_ctx, dom_res);
if (dom_res->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
@@ -179,7 +175,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_INVALID_PARAMETER;
}
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
"(&(objectCategory=DomainDNS)(objectGUID=%s))",
@@ -196,7 +192,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
"(&(objectCategory=DomainDNS)(objectSID=%s))",
@@ -210,7 +206,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (dom_res->count == 1) {
/* try and find the domain */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &ref_res,
partitions_basedn, LDB_SCOPE_ONELEVEL,
ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
@@ -260,7 +256,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST);
/* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */
- ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &user_res,
+ ret = ldb_search(sam_ctx, mem_ctx, &user_res,
dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE,
none_attrs,
"(&(objectClass=user)(samAccountName=%s)"
@@ -305,7 +301,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
server_type |= NBT_SERVER_KDC;
}
- if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) {
+ if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
server_type |= NBT_SERVER_DS_DNS_FOREST;
}
@@ -335,68 +331,68 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
/* could check if the user exists */
if (user_known) {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
} else {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
}
- netlogon->nt5_ex.server_type = server_type;
- netlogon->nt5_ex.domain_uuid = domain_uuid;
- netlogon->nt5_ex.forest = realm;
- netlogon->nt5_ex.dns_domain = dns_domain;
- netlogon->nt5_ex.pdc_dns_name = pdc_dns_name;
- netlogon->nt5_ex.domain = flatname;
- netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
- netlogon->nt5_ex.user_name = user;
- netlogon->nt5_ex.server_site = server_site;
- netlogon->nt5_ex.client_site = client_site;
+ netlogon->data.nt5_ex.server_type = server_type;
+ netlogon->data.nt5_ex.domain_uuid = domain_uuid;
+ netlogon->data.nt5_ex.forest = realm;
+ netlogon->data.nt5_ex.dns_domain = dns_domain;
+ netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5_ex.domain = flatname;
+ netlogon->data.nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
+ netlogon->data.nt5_ex.user_name = user;
+ netlogon->data.nt5_ex.server_site = server_site;
+ netlogon->data.nt5_ex.client_site = client_site;
if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
/* Clearly this needs to be fixed up for IPv6 */
extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
- netlogon->nt5_ex.sockaddr.sa_family = 2;
- netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip;
- netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
+ netlogon->data.nt5_ex.sockaddr.sa_family = 2;
+ netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip;
+ netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
}
- netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
- netlogon->nt5_ex.lmnt_token = 0xFFFF;
- netlogon->nt5_ex.lm20_token = 0xFFFF;
+ netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
+ netlogon->data.nt5_ex.lmnt_token = 0xFFFF;
+ netlogon->data.nt5_ex.lm20_token = 0xFFFF;
} else if (version & NETLOGON_NT_VERSION_5) {
netlogon->ntver = NETLOGON_NT_VERSION_5;
/* could check if the user exists */
if (user_known) {
- netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt5.pdc_name = pdc_name;
- netlogon->nt5.user_name = user;
- netlogon->nt5.domain_name = flatname;
- netlogon->nt5.domain_uuid = domain_uuid;
- netlogon->nt5.forest = realm;
- netlogon->nt5.dns_domain = dns_domain;
- netlogon->nt5.pdc_dns_name = pdc_dns_name;
- netlogon->nt5.pdc_ip = pdc_ip;
- netlogon->nt5.server_type = server_type;
- netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
- netlogon->nt5.lmnt_token = 0xFFFF;
- netlogon->nt5.lm20_token = 0xFFFF;
+ netlogon->data.nt5.pdc_name = pdc_name;
+ netlogon->data.nt5.user_name = user;
+ netlogon->data.nt5.domain_name = flatname;
+ netlogon->data.nt5.domain_uuid = domain_uuid;
+ netlogon->data.nt5.forest = realm;
+ netlogon->data.nt5.dns_domain = dns_domain;
+ netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5.pdc_ip = pdc_ip;
+ netlogon->data.nt5.server_type = server_type;
+ netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
+ netlogon->data.nt5.lmnt_token = 0xFFFF;
+ netlogon->data.nt5.lm20_token = 0xFFFF;
} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
netlogon->ntver = NETLOGON_NT_VERSION_1;
/* could check if the user exists */
if (user_known) {
- netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt4.server = pdc_name;
- netlogon->nt4.user_name = user;
- netlogon->nt4.domain = flatname;
- netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1;
- netlogon->nt4.lmnt_token = 0xFFFF;
- netlogon->nt4.lm20_token = 0xFFFF;
+ netlogon->data.nt4.server = pdc_name;
+ netlogon->data.nt4.user_name = user;
+ netlogon->data.nt4.domain = flatname;
+ netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1;
+ netlogon->data.nt4.lmnt_token = 0xFFFF;
+ netlogon->data.nt4.lm20_token = 0xFFFF;
}
return NT_STATUS_OK;
diff --git a/source4/cldap_server/rootdse.c b/source4/cldap_server/rootdse.c
index 4ff71c0863..65786e6708 100644
--- a/source4/cldap_server/rootdse.c
+++ b/source4/cldap_server/rootdse.c
@@ -66,22 +66,19 @@ static void cldapd_rootdse_fill(struct cldapd_server *cldapd,
attrs[i] = NULL;
}
- lreq = talloc(mem_ctx, struct ldb_request);
- if (lreq == NULL) goto nomem;
-
res = talloc_zero(mem_ctx, struct ldb_result);
if (res == NULL) goto nomem;
- lreq->operation = LDB_SEARCH;
- lreq->op.search.base = basedn;
- lreq->op.search.scope = scope;
- lreq->op.search.tree = search->tree;
- lreq->op.search.attrs = attrs;
-
- lreq->controls = NULL;
+ ldb_ret = ldb_build_search_req_ex(&lreq, cldapd->samctx, mem_ctx,
+ basedn, scope,
+ search->tree, attrs,
+ NULL,
+ res, ldb_search_default_callback,
+ NULL);
- lreq->context = res;
- lreq->callback = ldb_search_default_callback;
+ if (ldb_ret != LDB_SUCCESS) {
+ goto reply;
+ }
/* Copy the timeout from the incoming call */
ldb_set_timeout(cldapd->samctx, lreq, search->timelimit);
generated by cgit (git 2.34.1) at 2024-07-14 16:59:34 +0000