From fe64484824d8169bf66822ebf7f6a9180a238e6e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 Nov 2001 06:21:56 +0000 Subject: Make better use of the ads_init() function to get the kerberos relam etc. This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2) --- source3/libads/ads_struct.c | 182 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 source3/libads/ads_struct.c (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c new file mode 100644 index 0000000000..be0374225b --- /dev/null +++ b/source3/libads/ads_struct.c @@ -0,0 +1,182 @@ +/* + Unix SMB/Netbios implementation. + Version 3.0 + ads (active directory) utility library + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +static char *ads_build_dn(const char *realm) +{ + char *p, *r; + int numdots = 0; + char *ret; + int len; + + r = strdup(realm); + + if (!r || !*r) return r; + + for (p=r; *p; p++) { + if (*p == '.') numdots++; + } + + len = (numdots+1)*4 + strlen(r) + 1; + + ret = malloc(len); + strlcpy(ret,"dc=", len); + p=strtok(r,"."); + strlcat(ret, p, len); + + while ((p=strtok(NULL,"."))) { + strlcat(ret,",dc=", len); + strlcat(ret, p, len); + } + + free(r); + + return ret; +} + +#ifdef HAVE_KRB5 + +/* + get the default relm from krb5.conf +*/ +static char *get_default_realm(ADS_STRUCT *ads) +{ + BOOL ret; + krb5_context context; + char *realm; + + ret = krb5_init_context(&context); + if (ret) { + DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); + return NULL; + } + + ret = krb5_get_default_realm(context, &realm); + if (ret) { + DEBUG(1,("krb5_get_default_realm failed (%s)\n", error_message(ret))); + krb5_free_context(context); + return NULL; + } else { + DEBUG(5,("krb5_get_default_realm got (%s)\n", realm)); + } + krb5_free_context(context); + + return realm; +} + +#else +static char *get_default_realm(ADS_STRUCT *ads) +{ + /* We can't do this if we don't have krb5, + but save linking nightmares */ + DEBUG(5,("get_default_realm: not compiled with krb5.\n")); + return NULL; +} + +#endif + +#ifdef HAVE_LDAP +/* + find the ldap server from DNS +*/ +static char *find_ldap_server(ADS_STRUCT *ads) +{ + char *list = NULL; + + if (ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { + char *p; + p = strchr(list, ':'); + if (p) *p = 0; + return list; + } + + return NULL; +} + +#else + +static char *find_ldap_server(ADS_STRUCT *ads) +{ + /* Without LDAP this doesn't make much sense */ + return NULL; +} + +#endif + + +/* + initialise a ADS_STRUCT, ready for some ads_ ops +*/ +ADS_STRUCT *ads_init(const char *realm, + const char *ldap_server, + const char *bind_path) +{ + ADS_STRUCT *ads; + + ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); + memset(ads, 0, sizeof(*ads)); + + ads->realm = realm? strdup(realm) : NULL; + ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; + ads->bind_path = bind_path? strdup(bind_path) : NULL; + ads->ldap_port = LDAP_PORT; + + if (!ads->realm) { + ads->realm = lp_realm(); + if (!ads->realm[0]) { + ads->realm = get_default_realm(ads); + } + } + if (!ads->bind_path) { + ads->bind_path = ads_build_dn(ads->realm); + } + if (!ads->ldap_server) { + ads->ldap_server = lp_ads_server(); + if (!ads->ldap_server[0]) { + ads->ldap_server = find_ldap_server(ads); + } + } + if (!ads->kdc_server) { + /* assume its the same as LDAP */ + ads->kdc_server = ads->ldap_server? strdup(ads->ldap_server) : NULL; + } + + return ads; +} + +/* + free the memory used by the ADS structure initialized with 'ads_init(...)' +*/ +void ads_destroy(ADS_STRUCT **ads) +{ + if (False && (ads) && (*ads)) { + if ((*ads)->ld) ldap_unbind((*ads)->ld); + SAFE_FREE((*ads)->realm); + SAFE_FREE((*ads)->ldap_server); + SAFE_FREE((*ads)->kdc_server); + SAFE_FREE((*ads)->bind_path); + ZERO_STRUCTP(*ads); + SAFE_FREE(*ads); + } +} + -- cgit From 090acb27c3c2fe0562870ed9a1b13158d3d37767 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 Nov 2001 06:38:54 +0000 Subject: define LDAP_PORT when not available (This used to be commit 5a5f140f84f4dd377d141e352f4cb7f9bea4fe64) --- source3/libads/ads_struct.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index be0374225b..84c12bf665 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -123,6 +123,9 @@ static char *find_ldap_server(ADS_STRUCT *ads) #endif +#ifndef LDAP_PORT +#define LDAP_PORT 389 +#endif /* initialise a ADS_STRUCT, ready for some ads_ ops -- cgit From 3a921f37b737cab0729cc904e514647406e6f01c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 Nov 2001 08:22:45 +0000 Subject: ads->realm must not be NULL perhaps we should just fail ads_init() in this case? (This used to be commit 2a4ce3de6ae8fb833370d1f9d6e5e7193fafa979) --- source3/libads/ads_struct.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 84c12bf665..4227684375 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -103,6 +103,8 @@ static char *find_ldap_server(ADS_STRUCT *ads) { char *list = NULL; + if (!ads->realm) return NULL; + if (ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { char *p; p = strchr(list, ':'); @@ -149,6 +151,7 @@ ADS_STRUCT *ads_init(const char *realm, if (!ads->realm[0]) { ads->realm = get_default_realm(ads); } + if (!ads->realm) ads->realm = strdup(""); } if (!ads->bind_path) { ads->bind_path = ads_build_dn(ads->realm); -- cgit From 5f76385e709204151fb9c743ae9d36e0b3df48de Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Dec 2001 06:26:56 +0000 Subject: more memory leak fixes (This used to be commit eb6f0e91ddd2a97a907a569bc60beca99b494884) --- source3/libads/ads_struct.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 4227684375..2d8bf06156 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -139,7 +139,7 @@ ADS_STRUCT *ads_init(const char *realm, ADS_STRUCT *ads; ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); - memset(ads, 0, sizeof(*ads)); + ZERO_STRUCTP(ads); ads->realm = realm? strdup(realm) : NULL; ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; @@ -147,7 +147,7 @@ ADS_STRUCT *ads_init(const char *realm, ads->ldap_port = LDAP_PORT; if (!ads->realm) { - ads->realm = lp_realm(); + ads->realm = strdup(lp_realm()); if (!ads->realm[0]) { ads->realm = get_default_realm(ads); } @@ -157,7 +157,7 @@ ADS_STRUCT *ads_init(const char *realm, ads->bind_path = ads_build_dn(ads->realm); } if (!ads->ldap_server) { - ads->ldap_server = lp_ads_server(); + ads->ldap_server = strdup(lp_ads_server()); if (!ads->ldap_server[0]) { ads->ldap_server = find_ldap_server(ads); } @@ -175,7 +175,7 @@ ADS_STRUCT *ads_init(const char *realm, */ void ads_destroy(ADS_STRUCT **ads) { - if (False && (ads) && (*ads)) { + if (ads && *ads) { if ((*ads)->ld) ldap_unbind((*ads)->ld); SAFE_FREE((*ads)->realm); SAFE_FREE((*ads)->ldap_server); -- cgit From 9421ad4a7a900b219f87754bc20fa14f2f22fd35 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Dec 2001 09:46:53 +0000 Subject: added a REALLY gross hack into kerberos_kinit_password so that winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f) --- source3/libads/ads_struct.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 2d8bf06156..83c8f5b404 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -134,7 +134,8 @@ static char *find_ldap_server(ADS_STRUCT *ads) */ ADS_STRUCT *ads_init(const char *realm, const char *ldap_server, - const char *bind_path) + const char *bind_path, + const char *password) { ADS_STRUCT *ads; @@ -145,6 +146,7 @@ ADS_STRUCT *ads_init(const char *realm, ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; ads->bind_path = bind_path? strdup(bind_path) : NULL; ads->ldap_port = LDAP_PORT; + if (password) ads->password = strdup(password); if (!ads->realm) { ads->realm = strdup(lp_realm()); @@ -181,6 +183,7 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->ldap_server); SAFE_FREE((*ads)->kdc_server); SAFE_FREE((*ads)->bind_path); + SAFE_FREE((*ads)->password); ZERO_STRUCTP(*ads); SAFE_FREE(*ads); } -- cgit From 6194d6a54161931008244766a380e909bb5a8e63 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Dec 2001 10:35:25 +0000 Subject: fix link error (This used to be commit 58e93a8b7de10f60a1e68570f1bdd6e3d8fa44a5) --- source3/libads/ads_struct.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 83c8f5b404..15cbb328e8 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -178,7 +178,9 @@ ADS_STRUCT *ads_init(const char *realm, void ads_destroy(ADS_STRUCT **ads) { if (ads && *ads) { +#if HAVE_LDAP if ((*ads)->ld) ldap_unbind((*ads)->ld); +#endif SAFE_FREE((*ads)->realm); SAFE_FREE((*ads)->ldap_server); SAFE_FREE((*ads)->kdc_server); -- cgit From 5d378a280f74405fccbadbfb28e1066613c76fd8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 8 Dec 2001 11:18:56 +0000 Subject: added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b) --- source3/libads/ads_struct.c | 49 +++++---------------------------------------- 1 file changed, 5 insertions(+), 44 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 15cbb328e8..72f2a32e64 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -22,7 +22,7 @@ #include "includes.h" -static char *ads_build_dn(const char *realm) +char *ads_build_dn(const char *realm) { char *p, *r; int numdots = 0; @@ -54,46 +54,6 @@ static char *ads_build_dn(const char *realm) return ret; } -#ifdef HAVE_KRB5 - -/* - get the default relm from krb5.conf -*/ -static char *get_default_realm(ADS_STRUCT *ads) -{ - BOOL ret; - krb5_context context; - char *realm; - - ret = krb5_init_context(&context); - if (ret) { - DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); - return NULL; - } - - ret = krb5_get_default_realm(context, &realm); - if (ret) { - DEBUG(1,("krb5_get_default_realm failed (%s)\n", error_message(ret))); - krb5_free_context(context); - return NULL; - } else { - DEBUG(5,("krb5_get_default_realm got (%s)\n", realm)); - } - krb5_free_context(context); - - return realm; -} - -#else -static char *get_default_realm(ADS_STRUCT *ads) -{ - /* We can't do this if we don't have krb5, - but save linking nightmares */ - DEBUG(5,("get_default_realm: not compiled with krb5.\n")); - return NULL; -} - -#endif #ifdef HAVE_LDAP /* @@ -151,11 +111,10 @@ ADS_STRUCT *ads_init(const char *realm, if (!ads->realm) { ads->realm = strdup(lp_realm()); if (!ads->realm[0]) { - ads->realm = get_default_realm(ads); + SAFE_FREE(ads->realm); } - if (!ads->realm) ads->realm = strdup(""); } - if (!ads->bind_path) { + if (!ads->bind_path && ads->realm) { ads->bind_path = ads_build_dn(ads->realm); } if (!ads->ldap_server) { @@ -183,9 +142,11 @@ void ads_destroy(ADS_STRUCT **ads) #endif SAFE_FREE((*ads)->realm); SAFE_FREE((*ads)->ldap_server); + SAFE_FREE((*ads)->ldap_server_name); SAFE_FREE((*ads)->kdc_server); SAFE_FREE((*ads)->bind_path); SAFE_FREE((*ads)->password); + SAFE_FREE((*ads)->user_name); ZERO_STRUCTP(*ads); SAFE_FREE(*ads); } -- cgit From 75a6ac48a0a2fb5285fd7d92fed770cacc0d400f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 13 Dec 2001 11:29:49 +0000 Subject: try the PDC for our workgroup if we can't find the ldap server (This used to be commit fc9fd2ca19899e757a6d3ccbba3d4a10f27d7a3f) --- source3/libads/ads_struct.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 72f2a32e64..4b2ab5b40f 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -62,16 +62,21 @@ char *ads_build_dn(const char *realm) static char *find_ldap_server(ADS_STRUCT *ads) { char *list = NULL; + struct in_addr ip; - if (!ads->realm) return NULL; - - if (ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { + if (ads->realm && + ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { char *p; p = strchr(list, ':'); if (p) *p = 0; return list; } + /* get desperate, find the domain controller IP */ + if (resolve_name(lp_workgroup(), &ip, 0x1B)) { + return strdup(inet_ntoa(ip)); + } + return NULL; } -- cgit From a062e58d9e47f95ac7c66668b3cfe1f72386f6e0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 08:44:23 +0000 Subject: - added initial support for trusted domains in winbindd_ads - gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda) --- source3/libads/ads_struct.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 4b2ab5b40f..a7c8d1a681 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -157,3 +157,29 @@ void ads_destroy(ADS_STRUCT **ads) } } + +static void ads_display_status_helper(char *m, OM_uint32 code, int type) +{ + int maj_stat, min_stat; + gss_buffer_desc msg; + int msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + DEBUG(1, ("GSS-API error %s: %s\n", m, + (char *)msg.value)); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } +} + +void ads_display_status(char * msg, int maj_stat,int min_stat) +{ + ads_display_status_helper(msg, maj_stat, GSS_C_GSS_CODE); + ads_display_status_helper(msg, min_stat, GSS_C_MECH_CODE); +} -- cgit From 105fe2a32eccc63f63ddf903278b80fb211f05bf Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 09:58:52 +0000 Subject: we only have gss_ fns on a krb5 capable box (This used to be commit 344b786efe00f72ed81f0eeb4d422c655d866557) --- source3/libads/ads_struct.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index a7c8d1a681..83d423104e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -157,8 +157,8 @@ void ads_destroy(ADS_STRUCT **ads) } } - -static void ads_display_status_helper(char *m, OM_uint32 code, int type) +#if HAVE_KRB5 +static void ads_display_status_helper(const char *m, uint32 code, int type) { int maj_stat, min_stat; gss_buffer_desc msg; @@ -177,9 +177,12 @@ static void ads_display_status_helper(char *m, OM_uint32 code, int type) break; } } +#endif -void ads_display_status(char * msg, int maj_stat,int min_stat) +void ads_display_status(const char *msg, int maj_stat,int min_stat) { +#if HAVE_KRB5 ads_display_status_helper(msg, maj_stat, GSS_C_GSS_CODE); ads_display_status_helper(msg, min_stat, GSS_C_MECH_CODE); +#endif } -- cgit From 1f31ace6cb771d7bf0b64091fba1d24c466ad4e5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 12:21:12 +0000 Subject: much better ADS error handling system (This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16) --- source3/libads/ads_struct.c | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 83d423104e..013491eaed 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -22,6 +22,10 @@ #include "includes.h" +/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a + realm of the form AA.BB.CC + caller must free +*/ char *ads_build_dn(const char *realm) { char *p, *r; @@ -156,33 +160,3 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE(*ads); } } - -#if HAVE_KRB5 -static void ads_display_status_helper(const char *m, uint32 code, int type) -{ - int maj_stat, min_stat; - gss_buffer_desc msg; - int msg_ctx; - - msg_ctx = 0; - while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); - DEBUG(1, ("GSS-API error %s: %s\n", m, - (char *)msg.value)); - (void) gss_release_buffer(&min_stat, &msg); - - if (!msg_ctx) - break; - } -} -#endif - -void ads_display_status(const char *msg, int maj_stat,int min_stat) -{ -#if HAVE_KRB5 - ads_display_status_helper(msg, maj_stat, GSS_C_GSS_CODE); - ads_display_status_helper(msg, min_stat, GSS_C_MECH_CODE); -#endif -} -- cgit From 9f85d4ad5f2bb5fdb7739b3f90c4bfac705393ce Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 16 Jan 2002 02:22:30 +0000 Subject: much better support for organisational units in ADS join (This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688) --- source3/libads/ads_struct.c | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 013491eaed..476152f2c2 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -22,14 +22,13 @@ #include "includes.h" -/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a - realm of the form AA.BB.CC +/* return a ldap dn path from a string, given separators and field name caller must free */ -char *ads_build_dn(const char *realm) +char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse) { char *p, *r; - int numdots = 0; + int numbits = 0; char *ret; int len; @@ -38,19 +37,25 @@ char *ads_build_dn(const char *realm) if (!r || !*r) return r; for (p=r; *p; p++) { - if (*p == '.') numdots++; + if (strchr(sep, *p)) numbits++; } - len = (numdots+1)*4 + strlen(r) + 1; + len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; ret = malloc(len); - strlcpy(ret,"dc=", len); - p=strtok(r,"."); + strlcpy(ret,field, len); + p=strtok(r,sep); strlcat(ret, p, len); - while ((p=strtok(NULL,"."))) { - strlcat(ret,",dc=", len); - strlcat(ret, p, len); + while ((p=strtok(NULL,sep))) { + char *s; + if (reverse) { + asprintf(&s, "%s%s,%s", field, p, ret); + } else { + asprintf(&s, "%s,%s%s", ret, field, p); + } + free(ret); + ret = s; } free(r); @@ -58,6 +63,15 @@ char *ads_build_dn(const char *realm) return ret; } +/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a + realm of the form AA.BB.CC + caller must free +*/ +char *ads_build_dn(const char *realm) +{ + return ads_build_path(realm, ".", "dc=", 0); +} + #ifdef HAVE_LDAP /* -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/libads/ads_struct.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 476152f2c2..489f301ae2 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 3.0 + Unix SMB/CIFS implementation. ads (active directory) utility library Copyright (C) Andrew Tridgell 2001 Copyright (C) Andrew Bartlett 2001 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/libads/ads_struct.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 489f301ae2..638dc0b22e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -81,7 +81,8 @@ static char *find_ldap_server(ADS_STRUCT *ads) char *list = NULL; struct in_addr ip; - if (ads->realm && + if (ads->realm && + strcasecmp(ads->workgroup, lp_workgroup()) == 0 && ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { char *p; p = strchr(list, ':'); @@ -90,7 +91,12 @@ static char *find_ldap_server(ADS_STRUCT *ads) } /* get desperate, find the domain controller IP */ - if (resolve_name(lp_workgroup(), &ip, 0x1B)) { + if (resolve_name(ads->workgroup, &ip, 0x1B)) { + return strdup(inet_ntoa(ip)); + } + + /* or a BDC ... */ + if (resolve_name(ads->workgroup, &ip, 0x1C)) { return strdup(inet_ntoa(ip)); } @@ -115,6 +121,7 @@ static char *find_ldap_server(ADS_STRUCT *ads) initialise a ADS_STRUCT, ready for some ads_ ops */ ADS_STRUCT *ads_init(const char *realm, + const char *workgroup, const char *ldap_server, const char *bind_path, const char *password) @@ -124,7 +131,12 @@ ADS_STRUCT *ads_init(const char *realm, ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); ZERO_STRUCTP(ads); + if (!workgroup) { + workgroup = lp_workgroup(); + } + ads->realm = realm? strdup(realm) : NULL; + ads->workgroup = strdup(workgroup); ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; ads->bind_path = bind_path? strdup(bind_path) : NULL; ads->ldap_port = LDAP_PORT; @@ -140,8 +152,10 @@ ADS_STRUCT *ads_init(const char *realm, ads->bind_path = ads_build_dn(ads->realm); } if (!ads->ldap_server) { - ads->ldap_server = strdup(lp_ads_server()); - if (!ads->ldap_server[0]) { + if (strcasecmp(ads->workgroup, lp_workgroup()) == 0) { + ads->ldap_server = strdup(lp_ads_server()); + } + if (!ads->ldap_server || !ads->ldap_server[0]) { ads->ldap_server = find_ldap_server(ads); } } @@ -153,6 +167,12 @@ ADS_STRUCT *ads_init(const char *realm, return ads; } +/* a simpler ads_init() interface using all defaults */ +ADS_STRUCT *ads_init_simple(void) +{ + return ads_init(NULL, NULL, NULL, NULL, NULL); +} + /* free the memory used by the ADS structure initialized with 'ads_init(...)' */ -- cgit From b2edf254eda92f775e7d3d9b6793b4d77f9000b6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 17 Aug 2002 17:00:51 +0000 Subject: sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290) --- source3/libads/ads_struct.c | 107 +++++++++++--------------------------------- 1 file changed, 25 insertions(+), 82 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 638dc0b22e..b68c822ce3 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -72,47 +72,6 @@ char *ads_build_dn(const char *realm) } -#ifdef HAVE_LDAP -/* - find the ldap server from DNS -*/ -static char *find_ldap_server(ADS_STRUCT *ads) -{ - char *list = NULL; - struct in_addr ip; - - if (ads->realm && - strcasecmp(ads->workgroup, lp_workgroup()) == 0 && - ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) { - char *p; - p = strchr(list, ':'); - if (p) *p = 0; - return list; - } - - /* get desperate, find the domain controller IP */ - if (resolve_name(ads->workgroup, &ip, 0x1B)) { - return strdup(inet_ntoa(ip)); - } - - /* or a BDC ... */ - if (resolve_name(ads->workgroup, &ip, 0x1C)) { - return strdup(inet_ntoa(ip)); - } - - return NULL; -} - -#else - -static char *find_ldap_server(ADS_STRUCT *ads) -{ - /* Without LDAP this doesn't make much sense */ - return NULL; -} - -#endif - #ifndef LDAP_PORT #define LDAP_PORT 389 #endif @@ -122,46 +81,24 @@ static char *find_ldap_server(ADS_STRUCT *ads) */ ADS_STRUCT *ads_init(const char *realm, const char *workgroup, - const char *ldap_server, - const char *bind_path, - const char *password) + const char *ldap_server) { ADS_STRUCT *ads; ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); ZERO_STRUCTP(ads); - if (!workgroup) { - workgroup = lp_workgroup(); + ads->server.realm = realm? strdup(realm) : NULL; + ads->server.workgroup = workgroup ? strdup(workgroup) : NULL; + ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL; + + /* we need to know if this is a foreign realm to know if we can + use lp_ads_server() */ + if (realm && strcasecmp(lp_realm(), realm) != 0) { + ads->server.foreign = 1; } - - ads->realm = realm? strdup(realm) : NULL; - ads->workgroup = strdup(workgroup); - ads->ldap_server = ldap_server? strdup(ldap_server) : NULL; - ads->bind_path = bind_path? strdup(bind_path) : NULL; - ads->ldap_port = LDAP_PORT; - if (password) ads->password = strdup(password); - - if (!ads->realm) { - ads->realm = strdup(lp_realm()); - if (!ads->realm[0]) { - SAFE_FREE(ads->realm); - } - } - if (!ads->bind_path && ads->realm) { - ads->bind_path = ads_build_dn(ads->realm); - } - if (!ads->ldap_server) { - if (strcasecmp(ads->workgroup, lp_workgroup()) == 0) { - ads->ldap_server = strdup(lp_ads_server()); - } - if (!ads->ldap_server || !ads->ldap_server[0]) { - ads->ldap_server = find_ldap_server(ads); - } - } - if (!ads->kdc_server) { - /* assume its the same as LDAP */ - ads->kdc_server = ads->ldap_server? strdup(ads->ldap_server) : NULL; + if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) { + ads->server.foreign = 1; } return ads; @@ -170,7 +107,7 @@ ADS_STRUCT *ads_init(const char *realm, /* a simpler ads_init() interface using all defaults */ ADS_STRUCT *ads_init_simple(void) { - return ads_init(NULL, NULL, NULL, NULL, NULL); + return ads_init(NULL, NULL, NULL); } /* @@ -182,13 +119,19 @@ void ads_destroy(ADS_STRUCT **ads) #if HAVE_LDAP if ((*ads)->ld) ldap_unbind((*ads)->ld); #endif - SAFE_FREE((*ads)->realm); - SAFE_FREE((*ads)->ldap_server); - SAFE_FREE((*ads)->ldap_server_name); - SAFE_FREE((*ads)->kdc_server); - SAFE_FREE((*ads)->bind_path); - SAFE_FREE((*ads)->password); - SAFE_FREE((*ads)->user_name); + SAFE_FREE((*ads)->server.realm); + SAFE_FREE((*ads)->server.workgroup); + SAFE_FREE((*ads)->server.ldap_server); + + SAFE_FREE((*ads)->auth.realm); + SAFE_FREE((*ads)->auth.password); + SAFE_FREE((*ads)->auth.user_name); + SAFE_FREE((*ads)->auth.kdc_server); + + SAFE_FREE((*ads)->config.realm); + SAFE_FREE((*ads)->config.bind_path); + SAFE_FREE((*ads)->config.ldap_server_name); + ZERO_STRUCTP(*ads); SAFE_FREE(*ads); } -- cgit From f2d1f19a66ebaf9b88d23c0faa2412536cc74cda Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 18:26:00 +0000 Subject: syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f) --- source3/libads/ads_struct.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index b68c822ce3..3cdd015bf4 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -122,6 +122,7 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->server.realm); SAFE_FREE((*ads)->server.workgroup); SAFE_FREE((*ads)->server.ldap_server); + SAFE_FREE((*ads)->server.ldap_uri); SAFE_FREE((*ads)->auth.realm); SAFE_FREE((*ads)->auth.password); -- cgit From 8308ec6979d8d71903cb82963827d194d8c7bff3 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 21 Jan 2003 01:21:33 +0000 Subject: sanity checks from Ken Cross (This used to be commit 9f35846b8e0d711c9101ade9e79394219045383c) --- source3/libads/ads_struct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 3cdd015bf4..c45805cd16 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -94,10 +94,10 @@ ADS_STRUCT *ads_init(const char *realm, /* we need to know if this is a foreign realm to know if we can use lp_ads_server() */ - if (realm && strcasecmp(lp_realm(), realm) != 0) { + if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) { ads->server.foreign = 1; } - if (workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) { + if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) { ads->server.foreign = 1; } -- cgit From eccae5d23a5a4e2ee63891196d27cc4938019893 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 4 Feb 2003 23:44:28 +0000 Subject: Mem alloc checks. Jeremy. (This used to be commit 46ea028169426fbcad92d3d5bf786e88be8f5112) --- source3/libads/ads_struct.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index c45805cd16..652bfe31be 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -33,32 +33,34 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int r = strdup(realm); - if (!r || !*r) return r; + if (!r || !*r) + return r; - for (p=r; *p; p++) { - if (strchr(sep, *p)) numbits++; - } + for (p=r; *p; p++) + if (strchr(sep, *p)) + numbits++; len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; ret = malloc(len); + if (!ret) + return NULL; + strlcpy(ret,field, len); p=strtok(r,sep); strlcat(ret, p, len); while ((p=strtok(NULL,sep))) { char *s; - if (reverse) { + if (reverse) asprintf(&s, "%s%s,%s", field, p, ret); - } else { + else asprintf(&s, "%s,%s%s", ret, field, p); - } free(ret); ret = s; } free(r); - return ret; } -- cgit From f51d769dd303027a3dbf46fc89a482933988e866 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Jun 2003 17:41:05 +0000 Subject: large change: *) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091) --- source3/libads/ads_struct.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 652bfe31be..dd31439d83 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -94,8 +94,7 @@ ADS_STRUCT *ads_init(const char *realm, ads->server.workgroup = workgroup ? strdup(workgroup) : NULL; ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL; - /* we need to know if this is a foreign realm to know if we can - use lp_ads_server() */ + /* we need to know if this is a foreign realm */ if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) { ads->server.foreign = 1; } -- cgit From bb0598faf58679a7ad26a1caab8eadb154a07ae2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Oct 2003 23:38:20 +0000 Subject: Put strcasecmp/strncasecmp on the banned list (except for needed calls in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace) --- source3/libads/ads_struct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index dd31439d83..9774968e12 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -95,10 +95,10 @@ ADS_STRUCT *ads_init(const char *realm, ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL; /* we need to know if this is a foreign realm */ - if (realm && *realm && strcasecmp(lp_realm(), realm) != 0) { + if (realm && *realm && !strequal(lp_realm(), realm)) { ads->server.foreign = 1; } - if (workgroup && *workgroup && strcasecmp(lp_workgroup(), workgroup) != 0) { + if (workgroup && *workgroup && !strequal(lp_workgroup(), workgroup)) { ads->server.foreign = 1; } -- cgit From 14dd75d181293fa5335184d2d836834a42edcbb4 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 22 Mar 2004 22:49:40 +0000 Subject: bug 1195: add flag to ADS_STRUCT so we know who owns the main structure's memory (not the members though) (This used to be commit 4449e0e251190b741f51348819669453f0758f36) --- source3/libads/ads_struct.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 9774968e12..92f37093f4 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -102,13 +102,10 @@ ADS_STRUCT *ads_init(const char *realm, ads->server.foreign = 1; } - return ads; -} + /* the caller will own the memory by default */ + ads->is_mine = 1; -/* a simpler ads_init() interface using all defaults */ -ADS_STRUCT *ads_init_simple(void) -{ - return ads_init(NULL, NULL, NULL); + return ads; } /* @@ -117,6 +114,9 @@ ADS_STRUCT *ads_init_simple(void) void ads_destroy(ADS_STRUCT **ads) { if (ads && *ads) { + BOOL is_mine; + + is_mine = (*ads)->is_mine; #if HAVE_LDAP if ((*ads)->ld) ldap_unbind((*ads)->ld); #endif @@ -133,8 +133,11 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.realm); SAFE_FREE((*ads)->config.bind_path); SAFE_FREE((*ads)->config.ldap_server_name); - + + ZERO_STRUCTP(*ads); - SAFE_FREE(*ads); + + if ( is_mine ) + SAFE_FREE(*ads); } } -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/libads/ads_struct.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 92f37093f4..e8546f86f5 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -31,7 +31,7 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int char *ret; int len; - r = strdup(realm); + r = SMB_STRDUP(realm); if (!r || !*r) return r; @@ -42,7 +42,7 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; - ret = malloc(len); + ret = SMB_MALLOC(len); if (!ret) return NULL; @@ -87,12 +87,12 @@ ADS_STRUCT *ads_init(const char *realm, { ADS_STRUCT *ads; - ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads)); + ads = SMB_XMALLOC_P(ADS_STRUCT); ZERO_STRUCTP(ads); - ads->server.realm = realm? strdup(realm) : NULL; - ads->server.workgroup = workgroup ? strdup(workgroup) : NULL; - ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL; + ads->server.realm = realm? SMB_STRDUP(realm) : NULL; + ads->server.workgroup = workgroup ? SMB_STRDUP(workgroup) : NULL; + ads->server.ldap_server = ldap_server? SMB_STRDUP(ldap_server) : NULL; /* we need to know if this is a foreign realm */ if (realm && *realm && !strequal(lp_realm(), realm)) { -- cgit From 2e7f22e833fbb549f698460f9ed4d81af68b86e9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 29 Jun 2005 14:03:53 +0000 Subject: r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8) --- source3/libads/ads_struct.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index e8546f86f5..d8676d050d 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -132,8 +132,13 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.realm); SAFE_FREE((*ads)->config.bind_path); + SAFE_FREE((*ads)->config.schema_path); SAFE_FREE((*ads)->config.ldap_server_name); + SAFE_FREE((*ads)->schema.sfu_uidnumber_attr); + SAFE_FREE((*ads)->schema.sfu_gidnumber_attr); + SAFE_FREE((*ads)->schema.sfu_shell_attr); + SAFE_FREE((*ads)->schema.sfu_homedir_attr); ZERO_STRUCTP(*ads); -- cgit From 97ecce03de5d4e9e9e3f9bab55af0fe171045085 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Nov 2005 17:39:42 +0000 Subject: r11504: Added Andrew Bartletts removal of another NTLMSSP implementation patch. Jeremy. (This used to be commit 4591984176fd32ba25155fbc6889a1c637019a08) --- source3/libads/ads_struct.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index d8676d050d..55a6d66440 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -105,6 +105,8 @@ ADS_STRUCT *ads_init(const char *realm, /* the caller will own the memory by default */ ads->is_mine = 1; + ads->auth.flags = ADS_AUTH_DISABLE_KERBEROS | ADS_AUTH_ALLOW_NTLMSSP; + return ads; } -- cgit From 65ed4d3efda243f526131fd145c72647785f9906 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 5 Nov 2005 00:02:01 +0000 Subject: r11508: Removed incorrect patch hunk. Thanks to Andrew Bartlett for pointing this out. Jeremy. (This used to be commit c93a08be4a29854354a16c6e8f984477e19f41c0) --- source3/libads/ads_struct.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 55a6d66440..d8676d050d 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -105,8 +105,6 @@ ADS_STRUCT *ads_init(const char *realm, /* the caller will own the memory by default */ ads->is_mine = 1; - ads->auth.flags = ADS_AUTH_DISABLE_KERBEROS | ADS_AUTH_ALLOW_NTLMSSP; - return ads; } -- cgit From 379bd6865f2fa46ea28024ad2bb2162ccfbb0db7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Feb 2006 14:28:41 +0000 Subject: r13657: Let winbindd try to obtain the gecos field from the msSFU30Gecos attribute when "winbind nss info = sfu" is set. Fixes #3539. Guenther (This used to be commit ffce0461de130828345c44293e564ca03227607d) --- source3/libads/ads_struct.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index d8676d050d..9b2179ad31 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -139,6 +139,7 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->schema.sfu_gidnumber_attr); SAFE_FREE((*ads)->schema.sfu_shell_attr); SAFE_FREE((*ads)->schema.sfu_homedir_attr); + SAFE_FREE((*ads)->schema.sfu_gecos_attr); ZERO_STRUCTP(*ads); -- cgit From 2c029a8b96ae476f1d5c2abe14ee25f98a1513d8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 12 May 2006 15:17:35 +0000 Subject: r15543: New implementation of 'net ads join' to be more like Windows XP. The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b) --- source3/libads/ads_struct.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 9b2179ad31..48533c7ffb 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -118,12 +118,13 @@ void ads_destroy(ADS_STRUCT **ads) is_mine = (*ads)->is_mine; #if HAVE_LDAP - if ((*ads)->ld) ldap_unbind((*ads)->ld); + if ((*ads)->ld) { + ldap_unbind((*ads)->ld); + } #endif SAFE_FREE((*ads)->server.realm); SAFE_FREE((*ads)->server.workgroup); SAFE_FREE((*ads)->server.ldap_server); - SAFE_FREE((*ads)->server.ldap_uri); SAFE_FREE((*ads)->auth.realm); SAFE_FREE((*ads)->auth.password); @@ -132,7 +133,6 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.realm); SAFE_FREE((*ads)->config.bind_path); - SAFE_FREE((*ads)->config.schema_path); SAFE_FREE((*ads)->config.ldap_server_name); SAFE_FREE((*ads)->schema.sfu_uidnumber_attr); -- cgit From 39c45ce4f1a0cce9dc23e6d8df3f93bb124a19a0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 18 May 2006 16:08:28 +0000 Subject: r15697: I take no comments as no objections :) Expand the "winbind nss info" to also take "rfc2307" to support the plain posix attributes LDAP schema from win2k3-r2. This work is based on patches from Howard Wilkinson and Bob Gautier (and closes bug #3345). Guenther (This used to be commit 52423e01dc209ba5abde808a446287714ed11567) --- source3/libads/ads_struct.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 48533c7ffb..e546f2ae8a 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -135,11 +135,11 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.bind_path); SAFE_FREE((*ads)->config.ldap_server_name); - SAFE_FREE((*ads)->schema.sfu_uidnumber_attr); - SAFE_FREE((*ads)->schema.sfu_gidnumber_attr); - SAFE_FREE((*ads)->schema.sfu_shell_attr); - SAFE_FREE((*ads)->schema.sfu_homedir_attr); - SAFE_FREE((*ads)->schema.sfu_gecos_attr); + SAFE_FREE((*ads)->schema.posix_uidnumber_attr); + SAFE_FREE((*ads)->schema.posix_gidnumber_attr); + SAFE_FREE((*ads)->schema.posix_shell_attr); + SAFE_FREE((*ads)->schema.posix_homedir_attr); + SAFE_FREE((*ads)->schema.posix_gecos_attr); ZERO_STRUCTP(*ads); -- cgit From c0e4753cfcbece7aaf2a96726146b225c9925932 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Jun 2006 18:09:04 +0000 Subject: r16199: Fix Klocwork #1 - ensure we test the first strtok for NULL. Jeremy. (This used to be commit 98751e8190317416de56b4a19a489c5f4b7d6bc9) --- source3/libads/ads_struct.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index e546f2ae8a..7a03a2a80f 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -48,16 +48,18 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int strlcpy(ret,field, len); p=strtok(r,sep); - strlcat(ret, p, len); - - while ((p=strtok(NULL,sep))) { - char *s; - if (reverse) - asprintf(&s, "%s%s,%s", field, p, ret); - else - asprintf(&s, "%s,%s%s", ret, field, p); - free(ret); - ret = s; + if (p) { + strlcat(ret, p, len); + + while ((p=strtok(NULL,sep))) { + char *s; + if (reverse) + asprintf(&s, "%s%s,%s", field, p, ret); + else + asprintf(&s, "%s,%s%s", ret, field, p); + free(ret); + ret = s; + } } free(r); -- cgit From f852fdbe06ec9f19424d6870cba9b1872a0d5d7a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Aug 2006 17:55:06 +0000 Subject: r17626: Some C++ Warnings (This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a) --- source3/libads/ads_struct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 7a03a2a80f..372f72fe06 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -42,7 +42,7 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; - ret = SMB_MALLOC(len); + ret = (char *)SMB_MALLOC(len); if (!ret) return NULL; -- cgit From 2fcd113f5507f643fcf80d5a9770ce72aa121ba8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 31 Aug 2006 04:14:08 +0000 Subject: r17945: Store the server and client sitenames in the ADS struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f) --- source3/libads/ads_struct.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 372f72fe06..130d86b8dc 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -136,6 +136,8 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.realm); SAFE_FREE((*ads)->config.bind_path); SAFE_FREE((*ads)->config.ldap_server_name); + SAFE_FREE((*ads)->config.server_site_name); + SAFE_FREE((*ads)->config.client_site_name); SAFE_FREE((*ads)->schema.posix_uidnumber_attr); SAFE_FREE((*ads)->schema.posix_gidnumber_attr); -- cgit From db7bf9a6b6754b604ee44d28c564bab10c7b98a7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 14 Dec 2006 17:00:10 +0000 Subject: r20173: DNS update fixes: * Fix DNS updates for multi-homed hosts * Child domains often don't have an NS record in DNS so we have to fall back to looking up the the NS records for the forest root. * Fix compile warning caused by mismatched 'struct in_addr' and 'in_addr_t' parameters called to DoDNSUpdate() (This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7) --- source3/libads/ads_struct.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 130d86b8dc..545995ddcc 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -75,6 +75,28 @@ char *ads_build_dn(const char *realm) return ads_build_path(realm, ".", "dc=", 0); } +/* return a DNS name in the for aa.bb.cc from the DN + "dc=AA,dc=BB,dc=CC". caller must free +*/ +char *ads_build_domain(const char *dn) +{ + char *dnsdomain = NULL; + + /* result should always be shorter than the DN */ + + if ( (dnsdomain = SMB_STRDUP( dn )) == NULL ) { + DEBUG(0,("ads_build_domain: malloc() failed!\n")); + return NULL; + } + + strlower_m( dnsdomain ); + all_string_sub( dnsdomain, "dc=", "", 0); + all_string_sub( dnsdomain, ",", ".", 0 ); + + return dnsdomain; +} + + #ifndef LDAP_PORT #define LDAP_PORT 389 -- cgit From b9b26be1744b792a54f0a77af140237b4dc5a870 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 24 Jan 2007 01:48:08 +0000 Subject: r20986: Commit the prototype of the nss_info plugin interface. This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e) --- source3/libads/ads_struct.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 545995ddcc..05f066c9fa 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -161,12 +161,6 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.server_site_name); SAFE_FREE((*ads)->config.client_site_name); - SAFE_FREE((*ads)->schema.posix_uidnumber_attr); - SAFE_FREE((*ads)->schema.posix_gidnumber_attr); - SAFE_FREE((*ads)->schema.posix_shell_attr); - SAFE_FREE((*ads)->schema.posix_homedir_attr); - SAFE_FREE((*ads)->schema.posix_gecos_attr); - ZERO_STRUCTP(*ads); if ( is_mine ) -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libads/ads_struct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 05f066c9fa..9347777eab 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libads/ads_struct.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 9347777eab..b01e0879ef 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From b62ade20d0721c694785fdd2882ea28b129bb0f1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 13:32:57 +0000 Subject: r23838: Allow to store schema and config path in ADS_STRUCT config. Guenther (This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622) --- source3/libads/ads_struct.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index b01e0879ef..c66d4e84e8 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -159,6 +159,8 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.ldap_server_name); SAFE_FREE((*ads)->config.server_site_name); SAFE_FREE((*ads)->config.client_site_name); + SAFE_FREE((*ads)->config.schema_path); + SAFE_FREE((*ads)->config.config_path); ZERO_STRUCTP(*ads); -- cgit From 2fc53c947b6c18f5e9761a26792f806ff588e239 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jul 2007 09:48:15 +0000 Subject: r23886: add ads_disconnect() function metze (This used to be commit ba70737b7043cae89dd90f8668a24881212ac6fb) --- source3/libads/ads_struct.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index c66d4e84e8..c769d8ff48 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -141,9 +141,7 @@ void ads_destroy(ADS_STRUCT **ads) is_mine = (*ads)->is_mine; #if HAVE_LDAP - if ((*ads)->ld) { - ldap_unbind((*ads)->ld); - } + ads_disconnect(*ads); #endif SAFE_FREE((*ads)->server.realm); SAFE_FREE((*ads)->server.workgroup); -- cgit From 31dc9126c1f401ac8668b3c46e28c5a47d34a090 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 30 Jul 2007 08:22:45 +0000 Subject: r24072: Add "client ldap sasl wrapping" parameter. Possible values are "plain" (default), "sign" or "seal". metze (This used to be commit 26ccbad7212e9acd480b98789f04b71c1e940ea8) --- source3/libads/ads_struct.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index c769d8ff48..aac57d41fe 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -109,6 +109,7 @@ ADS_STRUCT *ads_init(const char *realm, const char *ldap_server) { ADS_STRUCT *ads; + int wrap_flags; ads = SMB_XMALLOC_P(ADS_STRUCT); ZERO_STRUCTP(ads); @@ -128,6 +129,13 @@ ADS_STRUCT *ads_init(const char *realm, /* the caller will own the memory by default */ ads->is_mine = 1; + wrap_flags = lp_client_ldap_sasl_wrapping(); + if (wrap_flags == -1) { + wrap_flags = 0; + } + + ads->auth.flags = wrap_flags; + return ads; } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/libads/ads_struct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index aac57d41fe..041878916e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -145,7 +145,7 @@ ADS_STRUCT *ads_init(const char *realm, void ads_destroy(ADS_STRUCT **ads) { if (ads && *ads) { - BOOL is_mine; + bool is_mine; is_mine = (*ads)->is_mine; #if HAVE_LDAP -- cgit From fbcc7820c620d45f02ab75e08d840e3a676fe671 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 16 Jan 2008 15:51:52 +0100 Subject: Fix memleak in ads_build_path(). Guenther (This used to be commit b7a06b54e0a58c4cd6c5351b1e4a0a2c253cfea1) --- source3/libads/ads_struct.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 041878916e..44bcdf76ea 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -32,18 +32,23 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int r = SMB_STRDUP(realm); - if (!r || !*r) + if (!r || !*r) { return r; + } - for (p=r; *p; p++) - if (strchr(sep, *p)) + for (p=r; *p; p++) { + if (strchr(sep, *p)) { numbits++; + } + } len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1; ret = (char *)SMB_MALLOC(len); - if (!ret) + if (!ret) { + free(r); return NULL; + } strlcpy(ret,field, len); p=strtok(r,sep); @@ -57,7 +62,8 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int else asprintf(&s, "%s,%s%s", ret, field, p); free(ret); - ret = s; + ret = SMB_STRDUP(s); + free(s); } } -- cgit From 587cf54c61c9f1f7bcae431a82035fd942716c32 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 23 Jan 2008 11:04:10 +0100 Subject: strtok -> strtok_r (This used to be commit fd34ce437057bb34cdc37f4b066e424000d36789) --- source3/libads/ads_struct.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libads/ads_struct.c') diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index 44bcdf76ea..8cc2f1215e 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -29,7 +29,8 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int int numbits = 0; char *ret; int len; - + char *saveptr; + r = SMB_STRDUP(realm); if (!r || !*r) { @@ -51,11 +52,11 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int } strlcpy(ret,field, len); - p=strtok(r,sep); + p=strtok_r(r, sep, &saveptr); if (p) { strlcat(ret, p, len); - while ((p=strtok(NULL,sep))) { + while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) { char *s; if (reverse) asprintf(&s, "%s%s,%s", field, p, ret); -- cgit