From a062e58d9e47f95ac7c66668b3cfe1f72386f6e0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 19 Dec 2001 08:44:23 +0000 Subject: - added initial support for trusted domains in winbindd_ads - gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda) --- source3/libads/ldap.c | 77 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 69 insertions(+), 8 deletions(-) (limited to 'source3/libads/ldap.c') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 09498b4384..b41a864ae2 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -38,20 +38,24 @@ char *ads_errstr(int rc) /* connect to the LDAP server */ -int ads_connect(ADS_STRUCT *ads) +ADS_RETURN_CODE ads_connect(ADS_STRUCT *ads) { int version = LDAP_VERSION3; - int rc; + ADS_RETURN_CODE rc; + + rc.error_type = False; ads->last_attempt = time(NULL); ads->ld = ldap_open(ads->ldap_server, ads->ldap_port); if (!ads->ld) { - return LDAP_SERVER_DOWN; + rc.rc = LDAP_SERVER_DOWN; + return rc; } if (!ads_server_info(ads)) { DEBUG(1,("Failed to get ldap server info\n")); - return LDAP_SERVER_DOWN; + rc.rc = LDAP_SERVER_DOWN; + return rc; } ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); @@ -232,6 +236,19 @@ static void dump_binary(const char *field, struct berval **values) } } +/* + dump a sid result from ldap +*/ +static void dump_sid(const char *field, struct berval **values) +{ + int i; + for (i=0; values[i]; i++) { + DOM_SID sid; + sid_parse(values[i]->bv_val, values[i]->bv_len, &sid); + printf("%s: %s\n", field, sid_string_static(&sid)); + } +} + /* dump a string result from ldap */ @@ -257,7 +274,7 @@ void ads_dump(ADS_STRUCT *ads, void *res) void (*handler)(const char *, struct berval **); } handlers[] = { {"objectGUID", dump_binary}, - {"objectSid", dump_binary}, + {"objectSid", dump_sid}, {NULL, NULL} }; @@ -547,12 +564,16 @@ BOOL ads_server_info(ADS_STRUCT *ads) *p = 0; + SAFE_FREE(ads->server_realm); + SAFE_FREE(ads->bind_path); + + ads->server_realm = strdup(p+2); + ads->bind_path = ads_build_dn(ads->server_realm); + /* in case the realm isn't configured in smb.conf */ if (!ads->realm || !ads->realm[0]) { SAFE_FREE(ads->realm); - SAFE_FREE(ads->bind_path); - ads->realm = strdup(p+2); - ads->bind_path = ads_build_dn(ads->realm); + ads->realm = strdup(ads->server_realm); } DEBUG(3,("got ldap server name %s@%s\n", @@ -561,4 +582,44 @@ BOOL ads_server_info(ADS_STRUCT *ads) return True; } + +/* + find the list of trusted domains +*/ +BOOL ads_trusted_domains(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + int *num_trusts, char ***names, DOM_SID **sids) +{ + const char *attrs[] = {"flatName", "securityIdentifier", NULL}; + int rc; + void *res, *msg; + int count, i; + + *num_trusts = 0; + + rc = ads_search(ads, &res, "(objectcategory=trustedDomain)", attrs); + if (rc) return False; + + count = ads_count_replies(ads, res); + if (count == 0) { + ads_msgfree(ads, res); + return False; + } + + (*names) = talloc(mem_ctx, sizeof(char *) * count); + (*sids) = talloc(mem_ctx, sizeof(DOM_SID) * count); + if (! *names || ! *sids) return False; + + for (i=0, msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) { + (*names)[i] = ads_pull_string(ads, mem_ctx, msg, "flatName"); + ads_pull_sid(ads, msg, "securityIdentifier", &(*sids)[i]); + i++; + } + + ads_msgfree(ads, res); + + *num_trusts = i; + + return True; +} + #endif -- cgit