From 6464bb0ae5d2cb774ccd5187f65a6ff83c051ed9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 20 Nov 2001 08:54:15 +0000 Subject: added the beginnings of ADS support in smbd (This used to be commit c7f611691941ca92f57665e19d6e46b161599427) --- source3/Makefile.in | 5 +- source3/acconfig.h | 1 + source3/configure | 270 +++++++++++++++++++++--------------- source3/configure.in | 20 ++- source3/include/config.h.in | 13 ++ source3/include/includes.h | 22 +++ source3/libads/ldap.c | 324 ++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 538 insertions(+), 117 deletions(-) create mode 100644 source3/libads/ldap.c diff --git a/source3/Makefile.in b/source3/Makefile.in index f0f873bc7b..d69941bed3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -131,6 +131,8 @@ UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o +LIBADS_OBJ = libads/ldap.o + LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \ libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \ @@ -140,7 +142,8 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \ - libsmb/passchange.o libsmb/unexpected.o $(RPC_PARSE_OBJ1) + libsmb/passchange.o libsmb/unexpected.o $(RPC_PARSE_OBJ1) \ + $(LIBADS_OBJ) LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_dfs.o \ diff --git a/source3/acconfig.h b/source3/acconfig.h index 5cab86419f..cfd259d46f 100644 --- a/source3/acconfig.h +++ b/source3/acconfig.h @@ -182,3 +182,4 @@ #undef I18N_DEFAULT_PREF_LANG #undef HAVE_KRB5 #undef BROKEN_REDHAT_7_SYSTEM_HEADERS +#undef HAVE_LDAP diff --git a/source3/configure b/source3/configure index 18aec12b80..adddf05108 100755 --- a/source3/configure +++ b/source3/configure @@ -2154,7 +2154,7 @@ else fi done -for ac_hdr in security/pam_modules.h security/_pam_macros.h +for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h sasl.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 @@ -5134,7 +5134,7 @@ else fi done -for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset +for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 echo "configure:5141: checking for $ac_func" >&5 @@ -11280,31 +11280,29 @@ else fi - -######################################################## -# now see if we can find the krb5 libs in standard paths -if test x$have_krb5 != xyes; then -echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6 -echo "configure:11289: checking for krb5_mk_req_extended in -lkrb5" >&5 -ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'` +################################################################## +# we might need the k5crypto and com_err libraries on some systems +echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6 +echo "configure:11287: checking for _et_list in -lcom_err" >&5 +ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" -LIBS="-lkrb5 $LIBS" +LIBS="-lcom_err $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11306: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11319,40 +11317,77 @@ LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 - LIBS="$LIBS -lkrb5"; - cat >> confdefs.h <<\EOF -#define HAVE_KRB5 1 + LIBS="$LIBS -lcom_err" +else + echo "$ac_t""no" 1>&6 +fi + +echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 +echo "configure:11327: checking for krb5_encrypt_data in -lk5crypto" >&5 +ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lk5crypto $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lk5crypto" else echo "$ac_t""no" 1>&6 fi -fi -################################################################## -# we might need the k5crypto and com_err libraries on some systems -echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6 -echo "configure:11337: checking for _et_list in -lcom_err" >&5 -ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'` + +######################################################## +# now see if we can find the krb5 libs in standard paths +if test x$have_krb5 != xyes; then +echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6 +echo "configure:11372: checking for krb5_mk_req_extended in -lkrb5" >&5 +ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" -LIBS="-lcom_err $LIBS" +LIBS="-lkrb5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11367,32 +11402,41 @@ LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 - LIBS="$LIBS -lcom_err" + LIBS="$LIBS -lkrb5"; + cat >> confdefs.h <<\EOF +#define HAVE_KRB5 1 +EOF + else echo "$ac_t""no" 1>&6 fi -echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 -echo "configure:11377: checking for krb5_encrypt_data in -lk5crypto" >&5 -ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` +fi + +######################################################## +# now see if we can find the ldap libs in standard paths +if test x$have_ldap != xyes; then +echo $ac_n "checking for ldap_open in -lldap""... $ac_c" 1>&6 +echo "configure:11421: checking for ldap_open in -lldap" >&5 +ac_lib_var=`echo ldap'_'ldap_open | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" -LIBS="-lk5crypto $LIBS" +LIBS="-lldap $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11407,16 +11451,22 @@ LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 - LIBS="$LIBS -lk5crypto" + LIBS="$LIBS -lldap -llber"; + cat >> confdefs.h <<\EOF +#define HAVE_LDAP 1 +EOF + else echo "$ac_t""no" 1>&6 fi +fi + ################################################# # check for automount support echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6 -echo "configure:11420: checking whether to use AUTOMOUNT" >&5 +echo "configure:11470: checking whether to use AUTOMOUNT" >&5 # Check whether --with-automount or --without-automount was given. if test "${with_automount+set}" = set; then withval="$with_automount" @@ -11441,7 +11491,7 @@ fi ################################################# # check for smbmount support echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6 -echo "configure:11445: checking whether to use SMBMOUNT" >&5 +echo "configure:11495: checking whether to use SMBMOUNT" >&5 # Check whether --with-smbmount or --without-smbmount was given. if test "${with_smbmount+set}" = set; then withval="$with_smbmount" @@ -11478,7 +11528,7 @@ fi # check for a PAM clear-text auth, accounts, password and session support with_pam_for_crypt=no echo $ac_n "checking whether to use PAM""... $ac_c" 1>&6 -echo "configure:11482: checking whether to use PAM" >&5 +echo "configure:11532: checking whether to use PAM" >&5 # Check whether --with-pam or --without-pam was given. if test "${with_pam+set}" = set; then withval="$with_pam" @@ -11504,7 +11554,7 @@ fi # we can't build a pam module if we don't have pam. echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6 -echo "configure:11508: checking for pam_get_data in -lpam" >&5 +echo "configure:11558: checking for pam_get_data in -lpam" >&5 ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11512,7 +11562,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpam $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11550,7 +11600,7 @@ fi ################################################# # check for pam_smbpass support echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 -echo "configure:11554: checking whether to use pam_smbpass" >&5 +echo "configure:11604: checking whether to use pam_smbpass" >&5 # Check whether --with-pam_smbpass or --without-pam_smbpass was given. if test "${with_pam_smbpass+set}" = set; then withval="$with_pam_smbpass" @@ -11588,12 +11638,12 @@ if test $with_pam_for_crypt = no; then for ac_func in crypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:11592: checking for $ac_func" >&5 +echo "configure:11642: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11670: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -11642,7 +11692,7 @@ done if test x"$ac_cv_func_crypt" = x"no"; then echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:11646: checking for crypt in -lcrypt" >&5 +echo "configure:11696: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -11650,7 +11700,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -11696,7 +11746,7 @@ fi ## if test $with_pam_for_crypt = no; then echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6 -echo "configure:11700: checking for a crypt that needs truncated salt" >&5 +echo "configure:11750: checking for a crypt that needs truncated salt" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11705,11 +11755,11 @@ if test "$cross_compiling" = yes; then samba_cv_HAVE_TRUNCATED_SALT=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11763: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then samba_cv_HAVE_TRUNCATED_SALT=no else @@ -11747,7 +11797,7 @@ with_smbpasswd_sam=yes ################################################# # check for a TDB password database echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6 -echo "configure:11751: checking whether to use TDB SAM database" >&5 +echo "configure:11801: checking whether to use TDB SAM database" >&5 # Check whether --with-tdbsam or --without-tdbsam was given. if test "${with_tdbsam+set}" = set; then withval="$with_tdbsam" @@ -11773,7 +11823,7 @@ fi ################################################# # check for a LDAP password database echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6 -echo "configure:11777: checking whether to use LDAP SAM database" >&5 +echo "configure:11827: checking whether to use LDAP SAM database" >&5 # Check whether --with-ldapsam or --without-ldapsam was given. if test "${with_ldapsam+set}" = set; then withval="$with_ldapsam" @@ -11800,7 +11850,7 @@ fi ################################################# # check for a NISPLUS password database echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6 -echo "configure:11804: checking whether to use NISPLUS SAM database" >&5 +echo "configure:11854: checking whether to use NISPLUS SAM database" >&5 # Check whether --with-nisplussam or --without-nisplussam was given. if test "${with_nisplussam+set}" = set; then withval="$with_nisplussam" @@ -11828,7 +11878,7 @@ fi # smbpasswd SAM is only used if another format # has not been defined echo $ac_n "checking whether to use traditional smbpasswd file""... $ac_c" 1>&6 -echo "configure:11832: checking whether to use traditional smbpasswd file" >&5 +echo "configure:11882: checking whether to use traditional smbpasswd file" >&5 if test $with_smbpasswd_sam = yes; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -11848,7 +11898,7 @@ fi ################################################# # check for a NISPLUS_HOME support echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 -echo "configure:11852: checking whether to use NISPLUS_HOME" >&5 +echo "configure:11902: checking whether to use NISPLUS_HOME" >&5 # Check whether --with-nisplus-home or --without-nisplus-home was given. if test "${with_nisplus_home+set}" = set; then withval="$with_nisplus_home" @@ -11873,7 +11923,7 @@ fi ################################################# # check for the secure socket layer echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 -echo "configure:11877: checking whether to use SSL" >&5 +echo "configure:11927: checking whether to use SSL" >&5 # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then withval="$with_ssl" @@ -11947,7 +11997,7 @@ fi ################################################# # check for syslog logging echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 -echo "configure:11951: checking whether to use syslog logging" >&5 +echo "configure:12001: checking whether to use syslog logging" >&5 # Check whether --with-syslog or --without-syslog was given. if test "${with_syslog+set}" = set; then withval="$with_syslog" @@ -11972,7 +12022,7 @@ fi ################################################# # check for a shared memory profiling support echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 -echo "configure:11976: checking whether to use profiling" >&5 +echo "configure:12026: checking whether to use profiling" >&5 # Check whether --with-profiling-data or --without-profiling-data was given. if test "${with_profiling_data+set}" = set; then withval="$with_profiling_data" @@ -12000,7 +12050,7 @@ fi QUOTAOBJS=smbd/noquotas.o echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 -echo "configure:12004: checking whether to support disk-quotas" >&5 +echo "configure:12054: checking whether to support disk-quotas" >&5 # Check whether --with-quotas or --without-quotas was given. if test "${with_quotas+set}" = set; then withval="$with_quotas" @@ -12011,13 +12061,13 @@ if test "${with_quotas+set}" = set; then *linux*) # Check for kernel 2.4.x quota braindamage... echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6 -echo "configure:12015: checking for linux 2.4.x quota braindamage.." >&5 +echo "configure:12065: checking for linux 2.4.x quota braindamage.." >&5 if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12029,7 +12079,7 @@ int main() { struct mem_dqblk D; ; return 0; } EOF -if { (eval echo configure:12033: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12083: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_linux_2_4_quota_braindamage=yes else @@ -12078,7 +12128,7 @@ fi # check for experimental utmp accounting echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 -echo "configure:12082: checking whether to support utmp accounting" >&5 +echo "configure:12132: checking whether to support utmp accounting" >&5 # Check whether --with-utmp or --without-utmp was given. if test "${with_utmp+set}" = set; then withval="$with_utmp" @@ -12178,7 +12228,7 @@ fi ################################################# # choose native language(s) of man pages echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6 -echo "configure:12182: checking chosen man pages' language(s)" >&5 +echo "configure:12232: checking chosen man pages' language(s)" >&5 # Check whether --with-manpages-langs or --without-manpages-langs was given. if test "${with_manpages_langs+set}" = set; then withval="$with_manpages_langs" @@ -12206,14 +12256,14 @@ fi ################################################# # these tests are taken from the GNU fileutils package echo "checking how to get filesystem space usage" 1>&6 -echo "configure:12210: checking how to get filesystem space usage" >&5 +echo "configure:12260: checking how to get filesystem space usage" >&5 space=no # Test for statvfs64. if test $space = no; then # SVR4 echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 -echo "configure:12217: checking statvfs64 function (SVR4)" >&5 +echo "configure:12267: checking statvfs64 function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12221,7 +12271,7 @@ else fu_cv_sys_stat_statvfs64=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12289: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statvfs64=yes else @@ -12268,12 +12318,12 @@ fi if test $space = no; then # SVR4 echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 -echo "configure:12272: checking statvfs function (SVR4)" >&5 +echo "configure:12322: checking statvfs function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12281,7 +12331,7 @@ int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } EOF -if { (eval echo configure:12285: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12335: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* fu_cv_sys_stat_statvfs=yes else @@ -12306,7 +12356,7 @@ fi if test $space = no; then # DEC Alpha running OSF/1 echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 -echo "configure:12310: checking for 3-argument statfs function (DEC OSF/1)" >&5 +echo "configure:12360: checking for 3-argument statfs function (DEC OSF/1)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12314,7 +12364,7 @@ else fu_cv_sys_stat_statfs3_osf1=no else cat > conftest.$ac_ext < @@ -12327,7 +12377,7 @@ else exit (statfs (".", &fsd, sizeof (struct statfs))); } EOF -if { (eval echo configure:12331: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12381: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs3_osf1=yes else @@ -12354,7 +12404,7 @@ fi if test $space = no; then # AIX echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 -echo "configure:12358: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 +echo "configure:12408: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12362,7 +12412,7 @@ else fu_cv_sys_stat_statfs2_bsize=no else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_bsize=yes else @@ -12408,7 +12458,7 @@ fi if test $space = no; then # SVR3 echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 -echo "configure:12412: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 +echo "configure:12462: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12416,7 +12466,7 @@ else fu_cv_sys_stat_statfs4=no else cat > conftest.$ac_ext < #include @@ -12426,7 +12476,7 @@ else exit (statfs (".", &fsd, sizeof fsd, 0)); } EOF -if { (eval echo configure:12430: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs4=yes else @@ -12453,7 +12503,7 @@ fi if test $space = no; then # 4.4BSD and NetBSD echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 -echo "configure:12457: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 +echo "configure:12507: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12461,7 +12511,7 @@ else fu_cv_sys_stat_statfs2_fsize=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -12477,7 +12527,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:12481: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_fsize=yes else @@ -12504,7 +12554,7 @@ fi if test $space = no; then # Ultrix echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 -echo "configure:12508: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 +echo "configure:12558: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -12512,7 +12562,7 @@ else fu_cv_sys_stat_fs_data=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -12532,7 +12582,7 @@ else exit (statfs (".", &fsd) != 1); } EOF -if { (eval echo configure:12536: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12586: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_fs_data=yes else @@ -12565,9 +12615,9 @@ fi # file support. # echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 -echo "configure:12569: checking if large file support can be enabled" >&5 +echo "configure:12619: checking if large file support can be enabled" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12634: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes else @@ -12645,7 +12695,7 @@ fi # check for ACL support echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 -echo "configure:12649: checking whether to support ACLs" >&5 +echo "configure:12699: checking whether to support ACLs" >&5 # Check whether --with-acl-support or --without-acl-support was given. if test "${with_acl_support+set}" = set; then withval="$with_acl_support" @@ -12691,7 +12741,7 @@ EOF ;; *) echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 -echo "configure:12695: checking for acl_get_file in -lacl" >&5 +echo "configure:12745: checking for acl_get_file in -lacl" >&5 ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12699,7 +12749,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lacl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12738,13 +12788,13 @@ else fi echo $ac_n "checking for ACL support""... $ac_c" 1>&6 -echo "configure:12742: checking for ACL support" >&5 +echo "configure:12792: checking for ACL support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12752,7 +12802,7 @@ int main() { acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); ; return 0; } EOF -if { (eval echo configure:12756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_POSIX_ACLS=yes else @@ -12772,13 +12822,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6 EOF echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 -echo "configure:12776: checking for acl_get_perm_np" >&5 +echo "configure:12826: checking for acl_get_perm_np" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12786,7 +12836,7 @@ int main() { acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); ; return 0; } EOF -if { (eval echo configure:12790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12840: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_ACL_GET_PERM_NP=yes else @@ -12833,7 +12883,7 @@ fi # (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6 -echo "configure:12837: checking whether to build winbind" >&5 +echo "configure:12887: checking whether to build winbind" >&5 # Initially, the value of $host_os decides whether winbind is supported @@ -12923,7 +12973,7 @@ fi if test x"$INCLUDED_POPT" != x"yes"; then echo $ac_n "checking for poptGetContext in -lpopt""... $ac_c" 1>&6 -echo "configure:12927: checking for poptGetContext in -lpopt" >&5 +echo "configure:12977: checking for poptGetContext in -lpopt" >&5 ac_lib_var=`echo popt'_'poptGetContext | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12931,7 +12981,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpopt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12996: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12966,7 +13016,7 @@ fi fi echo $ac_n "checking whether to use included popt""... $ac_c" 1>&6 -echo "configure:12970: checking whether to use included popt" >&5 +echo "configure:13020: checking whether to use included popt" >&5 if test x"$INCLUDED_POPT" = x"yes"; then echo "$ac_t""$srcdir/popt" 1>&6 BUILD_POPT='$(POPT_OBJS)' @@ -12985,11 +13035,11 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:13043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "configure OK"; else diff --git a/source3/configure.in b/source3/configure.in index 506a34d941..534be53dc9 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -249,7 +249,7 @@ AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/i AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) -AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h) +AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h sasl.h) # # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. @@ -543,7 +543,7 @@ else fi AC_CHECK_FUNCS(waitpid getcwd strdup strtoul strerror chown fchown chmod fchmod chroot) -AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset) +AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat) AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid) AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf) @@ -1626,6 +1626,11 @@ AC_ARG_WITH(krb5, AC_MSG_RESULT(no) ) +################################################################## +# we might need the k5crypto and com_err libraries on some systems +AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"]) +AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"]) + ######################################################## # now see if we can find the krb5 libs in standard paths @@ -1634,10 +1639,13 @@ AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5"; AC_DEFINE(HAVE_KRB5)]) fi -################################################################## -# we might need the k5crypto and com_err libraries on some systems -AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"]) -AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"]) +######################################################## +# now see if we can find the ldap libs in standard paths +if test x$have_ldap != xyes; then +AC_CHECK_LIB(ldap, ldap_open, [LIBS="$LIBS -lldap -llber"; + AC_DEFINE(HAVE_LDAP)]) +fi + ################################################# # check for automount support diff --git a/source3/include/config.h.in b/source3/include/config.h.in index c54190e29a..6280c793eb 100644 --- a/source3/include/config.h.in +++ b/source3/include/config.h.in @@ -248,6 +248,7 @@ #undef I18N_DEFAULT_PREF_LANG #undef HAVE_KRB5 #undef BROKEN_REDHAT_7_SYSTEM_HEADERS +#undef HAVE_LDAP /* The number of bytes in a int. */ #undef SIZEOF_INT @@ -741,6 +742,12 @@ /* Define if you have the strftime function. */ #undef HAVE_STRFTIME +/* Define if you have the strlcat function. */ +#undef HAVE_STRLCAT + +/* Define if you have the strlcpy function. */ +#undef HAVE_STRLCPY + /* Define if you have the strpbrk function. */ #undef HAVE_STRPBRK @@ -816,6 +823,9 @@ /* Define if you have the header file. */ #undef HAVE_LASTLOG_H +/* Define if you have the header file. */ +#undef HAVE_LDAP_H + /* Define if you have the header file. */ #undef HAVE_LIMITS_H @@ -870,6 +880,9 @@ /* Define if you have the header file. */ #undef HAVE_RPCSVC_YPCLNT_H +/* Define if you have the header file. */ +#undef HAVE_SASL_H + /* Define if you have the header file. */ #undef HAVE_SECURITY__PAM_MACROS_H diff --git a/source3/include/includes.h b/source3/include/includes.h index 17c95eb6f7..8b61bc573c 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -381,6 +381,19 @@ #include #endif +#if HAVE_LDAP +#include +#endif + +#if HAVE_SASL_H +#include +#endif + +/* we support ADS if we have krb5 and ldap libs */ +#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_SASL_H) +#define HAVE_ADS +#endif + /* * Define VOLATILE if needed. */ @@ -650,6 +663,7 @@ extern int errno; #include "../tdb/tdb.h" #include "../tdb/spinlock.h" #include "talloc.h" +#include "ads.h" #include "interfaces.h" #include "hash.h" #include "trans2.h" @@ -871,6 +885,14 @@ int rename(const char *zfrom, const char *zto); time_t mktime(struct tm *t); #endif +#ifndef HAVE_STRLCPY +size_t strlcpy(char *d, const char *s, size_t bufsize); +#endif + +#ifndef HAVE_STRLCAT +size_t strlcat(char *d, const char *s, size_t bufsize); +#endif + #ifndef HAVE_FTRUNCATE int ftruncate(int f,long l); #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c new file mode 100644 index 0000000000..2853dbbaa3 --- /dev/null +++ b/source3/libads/ldap.c @@ -0,0 +1,324 @@ +/* + Unix SMB/Netbios implementation. + Version 3.0 + ads (active directory) utility library + Copyright (C) Andrew Tridgell 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#ifdef HAVE_ADS + +/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a + realm of the form AA.BB.CC + caller must free +*/ +static char *ads_build_dn(const char *realm) +{ + char *p, *r; + int numdots = 0; + char *ret; + int len; + + r = strdup(realm); + + if (!r || !*r) return r; + + for (p=r; *p; p++) { + if (*p == '.') numdots++; + } + + len = (numdots+1)*4 + strlen(r) + 1; + +ret = malloc(len); + strlcpy(ret,"dc=", len); + p=strtok(r,"."); + strlcat(ret, p, len); + + while ((p=strtok(NULL,"."))) { + strlcat(ret,",dc=", len); + strlcat(ret, p, len); + } + + free(r); + + return ret; +} + +/* + return a string for an error from a ads routine +*/ +char *ads_errstr(int rc) +{ + return ldap_err2string(rc); +} + +/* + initialise a ADS_STRUCT, ready for some ads_ ops +*/ +ADS_STRUCT *ads_init(const char *realm, + const char *ldap_server, + const char *bind_path) +{ + ADS_STRUCT *ads; + + ads = (ADS_STRUCT *)xmalloc(sizeof(*ads)); + memset(ads, 0, sizeof(*ads)); + + ads->realm = realm? strdup(realm) : NULL; + ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; + ads->bind_path = bind_path? strdup(bind_path) : NULL; + ads->ldap_port = LDAP_PORT; + + if (!ads->bind_path) { + ads->bind_path = ads_build_dn(ads->realm); + } + + return ads; +} + + +/* + this is a minimal interact function, just enough for SASL to talk + GSSAPI/kerberos to W2K +*/ +static int sasl_interact(LDAP *ld,unsigned flags,void *defaults,void *in) +{ + sasl_interact_t *interact = in; + + while (interact->id != SASL_CB_LIST_END) { + interact->result = strdup(""); + interact->len = 0; + interact++; + } + + return LDAP_SUCCESS; +} + +/* + connect to the LDAP server +*/ +int ads_connect(ADS_STRUCT *ads) +{ + int version = LDAP_VERSION3; + int rc; + + ads->ld = ldap_open(ads->ldap_server, ads->ldap_port); + if (!ads->ld) { + return errno; + } + ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); + + rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL, 0, + sasl_interact, NULL); + + return rc; +} + + +/* + find a machine account given a hostname +*/ +int ads_find_machine_acct(ADS_STRUCT *ads, void **res, const char *host) +{ + int ret; + char *exp; + + /* the easiest way to find a machine account anywhere in the tree + is to look for hostname$ */ + asprintf(&exp, "(samAccountName=%s$)", host); + *res = NULL; + ret = ldap_search_s(ads->ld, ads->bind_path, + LDAP_SCOPE_SUBTREE, exp, NULL, 0, (LDAPMessage **)res); + free(exp); + return ret; +} + + +/* + a convenient routine for adding a generic LDAP record +*/ +int ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ...) +{ + int i; + va_list ap; + LDAPMod **mods; + char *name, *value; + int ret; +#define MAX_MOD_VALUES 10 + + /* count the number of attributes */ + va_start(ap, new_dn); + for (i=0; va_arg(ap, char *); i++) { + /* skip the values */ + while (va_arg(ap, char *)) ; + } + va_end(ap); + + mods = malloc(sizeof(LDAPMod *) * (i+1)); + + va_start(ap, new_dn); + for (i=0; (name=va_arg(ap, char *)); i++) { + char **values; + int j; + values = (char **)malloc(sizeof(char *) * (MAX_MOD_VALUES+1)); + for (j=0; (value=va_arg(ap, char *)) && j < MAX_MOD_VALUES; j++) { + values[j] = value; + } + values[j] = NULL; + mods[i] = malloc(sizeof(LDAPMod)); + mods[i]->mod_type = name; + mods[i]->mod_op = LDAP_MOD_ADD; + mods[i]->mod_values = values; + } + mods[i] = NULL; + va_end(ap); + + ret = ldap_add_s(ads->ld, new_dn, mods); + + for (i=0; mods[i]; i++) { + free(mods[i]->mod_values); + free(mods[i]); + } + free(mods); + + return ret; +} + +/* + add a machine account to the ADS server +*/ +static int ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname) +{ + int ret; + char *host_spn, *host_upn, *new_dn, *samAccountName, *controlstr; + + asprintf(&host_spn, "HOST/%s", hostname); + asprintf(&host_upn, "%s@%s", host_spn, ads->realm); + asprintf(&new_dn, "cn=%s,cn=Computers,%s", hostname, ads->bind_path); + asprintf(&samAccountName, "%s$", hostname); + asprintf(&controlstr, "%u", + UF_DONT_EXPIRE_PASSWD | UF_WORKSTATION_TRUST_ACCOUNT | + UF_TRUSTED_FOR_DELEGATION | UF_USE_DES_KEY_ONLY); + + ret = ads_gen_add(ads, new_dn, + "cn", hostname, NULL, + "sAMAccountName", samAccountName, NULL, + "objectClass", + "top", "person", "organizationalPerson", + "user", "computer", NULL, + "userPrincipalName", host_upn, NULL, + "servicePrincipalName", host_spn, NULL, + "dNSHostName", hostname, NULL, + "userAccountControl", controlstr, NULL, + "operatingSystem", "Samba", NULL, + "operatingSystemVersion", VERSION, NULL, + NULL); + + free(host_spn); + free(host_upn); + free(new_dn); + free(samAccountName); + free(controlstr); + + return ret; +} + +/* + dump a record from LDAP on stdout + used for debugging +*/ +void ads_dump(ADS_STRUCT *ads, void *res) +{ + char *field; + LDAPMessage *msg; + BerElement *b; + char *this_dn; + + for (msg = ldap_first_entry(ads->ld, (LDAPMessage *)res); + msg; msg = ldap_next_entry(ads->ld, msg)) { + this_dn = ldap_get_dn(ads->ld, (LDAPMessage *)res); + if (this_dn) { + printf("Dumping: %s\n", this_dn); + } + ldap_memfree(this_dn); + + for (field = ldap_first_attribute(ads->ld, msg, &b); + field; + field = ldap_next_attribute(ads->ld, msg, b)) { + char **values, **p; + values = ldap_get_values(ads->ld, msg, field); + for (p = values; *p; p++) { + printf("%s: %s\n", field, *p); + } + ldap_value_free(values); + ldap_memfree(field); + } + + ber_free(b, 1); + printf("\n"); + } +} + +/* + count how many replies are in a LDAPMessage +*/ +int ads_count_replies(ADS_STRUCT *ads, void *res) +{ + return ldap_count_entries(ads->ld, (LDAPMessage *)res); +} + +/* + join a machine to a realm, creating the machine account + and setting the machine password +*/ +int ads_join_realm(ADS_STRUCT *ads, const char *hostname) +{ + int rc; + LDAPMessage *res; + char *principal; + + rc = ads_find_machine_acct(ads, (void **)&res, hostname); + if (rc == LDAP_SUCCESS && ads_count_replies(ads, res) == 1) { + DEBUG(0, ("Host account for %s already exists\n", hostname)); + goto set_password; + } + + rc = ads_add_machine_acct(ads, hostname); + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("ads_add_machine_acct: %s\n", ads_errstr(rc))); + return rc; + } + + rc = ads_find_machine_acct(ads, (void **)&res, hostname); + if (rc != LDAP_SUCCESS || ads_count_replies(ads, res) != 1) { + DEBUG(0, ("Host account test failed\n")); + /* hmmm, we need NTSTATUS */ + return -1; + } + +set_password: + asprintf(&principal, "HOST/%s@%s", hostname, ads->realm); +#if 0 + krb5_set_principal_password(principal, ads->ldap_server, hostname, ads->realm); +#endif + free(principal); + + return LDAP_SUCCESS; +} + +#endif -- cgit