From 5fa8775d9758254f6f4784a0e34c9b5b8bf18bdb Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 6 May 1998 17:43:44 +0000 Subject: jean-francois micouleau's well-alpha code for ldap password database stuff! he's going to hate me for checking this in so early, but... (This used to be commit ad9ba0a1cbac5c4e6cbcbcadefe8f1df72231f74) --- source3/rpc_server/srv_ldap_helpers.c | 162 ++++++++++++++++++++++++++++++++++ source3/rpc_server/srv_samr.c | 126 +++++++++++++++----------- 2 files changed, 236 insertions(+), 52 deletions(-) create mode 100644 source3/rpc_server/srv_ldap_helpers.c (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_ldap_helpers.c b/source3/rpc_server/srv_ldap_helpers.c new file mode 100644 index 0000000000..d1c091c6c9 --- /dev/null +++ b/source3/rpc_server/srv_ldap_helpers.c @@ -0,0 +1,162 @@ +#ifdef USE_LDAP + +#include "includes.h" +#include "lber.h" +#include "ldap.h" + +extern int DEBUGLEVEL; + +/******************************************************************* + find a user or a machine return a smbpass struct. +******************************************************************/ +static void make_ldap_sam_user_info_21(LDAP *ldap_struct, LDAPMessage *entry, SAM_USER_INFO_21 *user) +{ + pstring cn; + pstring fullname; + pstring home_dir; + pstring dir_drive; + pstring logon_script; + pstring profile_path; + pstring acct_desc; + pstring workstations; + pstring temp; + + if (ldap_check_user(ldap_struct, entry)==True) + { + get_single_attribute(ldap_struct, entry, "cn", cn); + get_single_attribute(ldap_struct, entry, "userFullName", fullname); + get_single_attribute(ldap_struct, entry, "homeDirectory", home_dir); + get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive); + get_single_attribute(ldap_struct, entry, "scriptPath", logon_script); + get_single_attribute(ldap_struct, entry, "profilePath", profile_path); + get_single_attribute(ldap_struct, entry, "comment", acct_desc); + get_single_attribute(ldap_struct, entry, "userWorkstations", workstations); + + get_single_attribute(ldap_struct, entry, "rid", temp); + user->user_rid=atoi(temp); + get_single_attribute(ldap_struct, entry, "primaryGroupID", temp); + user->group_rid=atoi(temp); + get_single_attribute(ldap_struct, entry, "controlAccessRights", temp); + user->acb_info=atoi(temp); + + make_unistr2(&(user->uni_user_name), cn, strlen(cn)); + make_uni_hdr(&(user->hdr_user_name), strlen(cn), strlen(cn), 1); + make_unistr2(&(user->uni_full_name), fullname, strlen(fullname)); + make_uni_hdr(&(user->hdr_full_name), strlen(fullname), strlen(fullname), 1); + make_unistr2(&(user->uni_home_dir), home_dir, strlen(home_dir)); + make_uni_hdr(&(user->hdr_home_dir), strlen(home_dir), strlen(home_dir), 1); + make_unistr2(&(user->uni_dir_drive), dir_drive, strlen(dir_drive)); + make_uni_hdr(&(user->hdr_dir_drive), strlen(dir_drive), strlen(dir_drive), 1); + make_unistr2(&(user->uni_logon_script), logon_script, strlen(logon_script)); + make_uni_hdr(&(user->hdr_logon_script), strlen(logon_script), strlen(logon_script), 1); + make_unistr2(&(user->uni_profile_path), profile_path, strlen(profile_path)); + make_uni_hdr(&(user->hdr_profile_path), strlen(profile_path), strlen(profile_path), 1); + make_unistr2(&(user->uni_acct_desc), acct_desc, strlen(acct_desc)); + make_uni_hdr(&(user->hdr_acct_desc), strlen(acct_desc), strlen(acct_desc), 1); + make_unistr2(&(user->uni_workstations), workstations, strlen(workstations)); + make_uni_hdr(&(user->hdr_workstations), strlen(workstations), strlen(workstations), 1); + } +} + +/******************************************************************* + find a user or a machine return a smbpass struct. +******************************************************************/ +BOOL get_ldap_entries(SAM_USER_INFO_21 *pw_buf, + int *total_entries, int *num_entries, + int max_num_entries, + uint16 acb_mask, int switch_level) +{ + LDAP *ldap_struct; + LDAPMessage *result; + LDAPMessage *entry; + + int scope = LDAP_SCOPE_ONELEVEL; + int rc; + + char filter[256]; + + (*num_entries) = 0; + (*total_entries) = 0; + + if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */ + return (False); + + if (!ldap_connect_system(ldap_struct)) /* connect as system account */ + return (False); + + + /* when the class is known the search is much faster */ + switch (switch_level) + { + case 1: strcpy(filter, "objectclass=sambaAccount"); + break; + case 2: strcpy(filter, "objectclass=sambaMachine"); + break; + default: strcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))"); + break; + } + + rc=ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result); + + DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_struct, result) )); + + for ( entry = ldap_first_entry(ldap_struct, result); + (entry != NULL) && (*num_entries) < max_num_entries; + entry = ldap_next_entry(ldap_struct, entry) ) + { + make_ldap_sam_user_info_21(ldap_struct, entry, &(pw_buf[(*num_entries)]) ); + + if (acb_mask == 0 || IS_BITS_SET_SOME(pw_buf[(*num_entries)].acb_info, acb_mask)) + { + DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); + (*num_entries)++; + } + else + { + DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); + } + + (*total_entries)++; + } + + ldap_msgfree(result); + ldap_unbind(ldap_struct); + return (*num_entries) > 0; +} + +BOOL ldap_get_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) +{ + LDAP *ldap_struct; + LDAPMessage *result; + LDAPMessage *entry; + + if (!ldap_open_connection(&ldap_struct)) + return (False); + if (!ldap_connect_system(ldap_struct)) + return (False); + + if (!ldap_search_one_user_by_uid(ldap_struct, rid, &result)) + return (False); + + if (ldap_count_entries(ldap_struct, result) == 0) + { + DEBUG(2,("%s: Non existant user!\n", timestring() )); + return (False); + } + + if (ldap_count_entries(ldap_struct, result) > 1) + { + DEBUG(2,("%s: Strange %d users in the base!\n", + timestring(), ldap_count_entries(ldap_struct, result) )); + } + /* take the first and unique entry */ + entry=ldap_first_entry(ldap_struct, result); + + make_ldap_sam_user_info_21(ldap_struct, entry, id21); + + ldap_msgfree(result); + ldap_unbind(ldap_struct); + return(True); +} + +#endif diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 162d9c45d0..aa240ad3c6 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -45,55 +45,55 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf, { void *vp = NULL; struct smb_passwd *pwd = NULL; - - (*num_entries) = 0; - (*total_entries) = 0; - - if (pw_buf == NULL) return False; - - vp = startsmbpwent(False); - if (!vp) - { - DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n")); - return False; - } - - while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries) - { - int user_name_len = strlen(pwd->smb_name); - make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); - make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, - user_name_len, 1); - pw_buf[(*num_entries)].user_rid = pwd->smb_userid; - bzero( pw_buf[(*num_entries)].nt_pwd , 16); - - /* Now check if the NT compatible password is available. */ - if (pwd->smb_nt_passwd != NULL) - { - memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); - } - - pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; - - DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x", - (*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl)); - - if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) - { - DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); - (*num_entries)++; - } - else - { - DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); - } - - (*total_entries)++; - } - - endsmbpwent(vp); - - return (*num_entries) > 0; + + (*num_entries) = 0; + (*total_entries) = 0; + + if (pw_buf == NULL) return False; + + vp = startsmbpwent(False); + if (!vp) + { + DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n")); + return False; + } + + while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries) + { + int user_name_len = strlen(pwd->smb_name); + make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len-1); + make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1, + user_name_len-1, 1); + pw_buf[(*num_entries)].user_rid = pwd->smb_userid; + bzero( pw_buf[(*num_entries)].nt_pwd , 16); + + /* Now check if the NT compatible password is available. */ + if (pwd->smb_nt_passwd != NULL) + { + memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); + } + + pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; + + DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x", + (*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl)); + + if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) + { + DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); + (*num_entries)++; + } + else + { + DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); + } + + (*total_entries)++; + } + + endsmbpwent(vp); + + return (*num_entries) > 0; } /******************************************************************* @@ -463,33 +463,52 @@ static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u, DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__)); +#ifndef USE_LDAP become_root(True); got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0); unbecome_root(True); +#endif switch (q_u->switch_level) { case 0x1: { + /* query disp info is for users */ + switch_level = 0x1; +#ifdef USE_LDAP + got_pwds = get_ldap_entries(pass, + &total_entries, + &num_entries, + MAX_SAM_ENTRIES, + 0, + switch_level); +#endif make_sam_info_1(&info1, ACB_NORMAL, q_u->start_idx, num_entries, pass); ctr.sam.info1 = &info1; - switch_level = 0x1; break; } case 0x2: { /* query disp info is for servers */ + switch_level = 0x2; +#ifdef USE_LDAP + got_pwds = get_ldap_entries(pass, + &total_entries, + &num_entries, + MAX_SAM_ENTRIES, + 0, + switch_level); +#endif make_sam_info_2(&info2, ACB_WSTRUST, q_u->start_idx, num_entries, pass); ctr.sam.info2 = &info2; - switch_level = 0x2; break; } @@ -1025,8 +1044,11 @@ static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u, case 21: { info = (void*)&id21; +#ifdef USE_LDAP + status = ldap_get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER; +#else status = get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER; - +#endif break; } -- cgit