Context Navigation

source: branches/samba-3.0/source/libads/cldap.c@ 1031

Visit:

Last change on this file since 1031 was 312, checked in by Herwig Bauernfeind, 16 years ago
Update 3.0 to final 3.0.36 (source)
File size: 8.8 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	net ads cldap functions
4	Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5	Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 2 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program; if not, write to the Free Software
19	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20	*/
21
22	#include "includes.h"
23
24	/*
25	These seem to be strings as described in RFC1035 4.1.4 and can be:
26
27	- a sequence of labels ending in a zero octet
28	- a pointer
29	- a sequence of labels ending with a pointer
30
31	A label is a byte where the first two bits must be zero and the remaining
32	bits represent the length of the label followed by the label itself.
33	Therefore, the length of a label is at max 64 bytes. Under RFC1035, a
34	sequence of labels cannot exceed 255 bytes.
35
36	A pointer consists of a 14 bit offset from the beginning of the data.
37
38	struct ptr {
39	unsigned ident:2; // must be 11
40	unsigned offset:14; // from the beginning of data
41	};
42
43	This is used as a method to compress the packet by eliminated duplicate
44	domain components. Since a UDP packet should probably be < 512 bytes and a
45	DNS name can be up to 255 bytes, this actually makes a lot of sense.
46	*/
47	static unsigned pull_netlogon_string(char ret, const char ptr,
48	const char *data)
49	{
50	char *pret = ret;
51	int followed_ptr = 0;
52	unsigned ret_len = 0;
53
54	memset(pret, 0, MAX_DNS_LABEL);
55	do {
56	if ((*ptr & 0xc0) == 0xc0) {
57	uint16 len;
58
59	if (!followed_ptr) {
60	ret_len += 2;
61	followed_ptr = 1;
62	}
63	len = ((ptr[0] & 0x3f) << 8) \| (uint8) ptr[1];
64	ptr = data + len;
65	} else if (*ptr) {
66	uint8 len = (uint8)*(ptr++);
67
68	if ((pret - ret + len + 1) >= MAX_DNS_LABEL) {
69	DEBUG(1,("DC returning too long DNS name\n"));
70	return 0;
71	}
72
73	if (pret != ret) {
74	*pret = '.';
75	pret++;
76	}
77	memcpy(pret, ptr, len);
78	pret += len;
79	ptr += len;
80
81	if (!followed_ptr) {
82	ret_len += (len + 1);
83	}
84	}
85	} while (*ptr);
86
87	return followed_ptr ? ret_len : ret_len + 1;
88	}
89
90	/*
91	do a cldap netlogon query
92	*/
93	static int send_cldap_netlogon(int sock, const char *domain,
94	const char *hostname, unsigned ntversion)
95	{
96	ASN1_DATA data;
97	char ntver[4];
98	#ifdef CLDAP_USER_QUERY
99	char aac[4];
100
101	SIVAL(aac, 0, 0x00000180);
102	#endif
103	SIVAL(ntver, 0, ntversion);
104
105	memset(&data, 0, sizeof(data));
106
107	asn1_push_tag(&data,ASN1_SEQUENCE(0));
108	asn1_write_Integer(&data, 4);
109	asn1_push_tag(&data, ASN1_APPLICATION(3));
110	asn1_write_OctetString(&data, NULL, 0);
111	asn1_write_enumerated(&data, 0);
112	asn1_write_enumerated(&data, 0);
113	asn1_write_Integer(&data, 0);
114	asn1_write_Integer(&data, 0);
115	asn1_write_BOOLEAN2(&data, False);
116	asn1_push_tag(&data, ASN1_CONTEXT(0));
117
118	if (domain) {
119	asn1_push_tag(&data, ASN1_CONTEXT(3));
120	asn1_write_OctetString(&data, "DnsDomain", 9);
121	asn1_write_OctetString(&data, domain, strlen(domain));
122	asn1_pop_tag(&data);
123	}
124
125	asn1_push_tag(&data, ASN1_CONTEXT(3));
126	asn1_write_OctetString(&data, "Host", 4);
127	asn1_write_OctetString(&data, hostname, strlen(hostname));
128	asn1_pop_tag(&data);
129
130	#ifdef CLDAP_USER_QUERY
131	asn1_push_tag(&data, ASN1_CONTEXT(3));
132	asn1_write_OctetString(&data, "User", 4);
133	asn1_write_OctetString(&data, "SAMBA$", 6);
134	asn1_pop_tag(&data);
135
136	asn1_push_tag(&data, ASN1_CONTEXT(3));
137	asn1_write_OctetString(&data, "AAC", 4);
138	asn1_write_OctetString(&data, aac, 4);
139	asn1_pop_tag(&data);
140	#endif
141
142	asn1_push_tag(&data, ASN1_CONTEXT(3));
143	asn1_write_OctetString(&data, "NtVer", 5);
144	asn1_write_OctetString(&data, ntver, 4);
145	asn1_pop_tag(&data);
146
147	asn1_pop_tag(&data);
148
149	asn1_push_tag(&data,ASN1_SEQUENCE(0));
150	asn1_write_OctetString(&data, "NetLogon", 8);
151	asn1_pop_tag(&data);
152	asn1_pop_tag(&data);
153	asn1_pop_tag(&data);
154
155	if (data.has_error) {
156	DEBUG(2,("Failed to build cldap netlogon at offset %d\n", (int)data.ofs));
157	asn1_free(&data);
158	return -1;
159	}
160
161	if (write(sock, data.data, data.length) != (ssize_t)data.length) {
162	DEBUG(2,("failed to send cldap query (%s)\n", strerror(errno)));
163	asn1_free(&data);
164	return -1;
165	}
166
167	asn1_free(&data);
168
169	return 0;
170	}
171
172	static SIG_ATOMIC_T gotalarm;
173
174	/***************************************************************
175	Signal function to tell us we timed out.
176	****************************************************************/
177
178	static void gotalarm_sig(void)
179	{
180	gotalarm = 1;
181	}
182
183	/*
184	receive a cldap netlogon reply
185	*/
186	static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
187	{
188	int ret;
189	ASN1_DATA data;
190	DATA_BLOB blob = data_blob(NULL, 0);
191	DATA_BLOB os1 = data_blob(NULL, 0);
192	DATA_BLOB os2 = data_blob(NULL, 0);
193	DATA_BLOB os3 = data_blob(NULL, 0);
194	int i1;
195	/* half the time of a regular ldap timeout, not less than 3 seconds. */
196	unsigned int al_secs = MAX(3,lp_ldap_timeout()/2);
197	char *p;
198
199	blob = data_blob(NULL, 8192);
200	if (blob.data == NULL) {
201	DEBUG(1, ("data_blob failed\n"));
202	errno = ENOMEM;
203	return -1;
204	}
205
206	/* Setup timeout */
207	gotalarm = 0;
208	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
209	alarm(al_secs);
210	/* End setup timeout. */
211
212	ret = read(sock, blob.data, blob.length);
213
214	/* Teardown timeout. */
215	CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
216	alarm(0);
217
218	if (ret <= 0) {
219	DEBUG(1,("no reply received to cldap netlogon\n"));
220	data_blob_free(&blob);
221	return -1;
222	}
223	blob.length = ret;
224
225	asn1_load(&data, blob);
226	asn1_start_tag(&data, ASN1_SEQUENCE(0));
227	asn1_read_Integer(&data, &i1);
228	asn1_start_tag(&data, ASN1_APPLICATION(4));
229	asn1_read_OctetString(&data, &os1);
230	asn1_start_tag(&data, ASN1_SEQUENCE(0));
231	asn1_start_tag(&data, ASN1_SEQUENCE(0));
232	asn1_read_OctetString(&data, &os2);
233	asn1_start_tag(&data, ASN1_SET);
234	asn1_read_OctetString(&data, &os3);
235	asn1_end_tag(&data);
236	asn1_end_tag(&data);
237	asn1_end_tag(&data);
238	asn1_end_tag(&data);
239	asn1_end_tag(&data);
240
241	if (data.has_error) {
242	data_blob_free(&blob);
243	data_blob_free(&os1);
244	data_blob_free(&os2);
245	data_blob_free(&os3);
246	asn1_free(&data);
247	DEBUG(1,("Failed to parse cldap reply\n"));
248	return -1;
249	}
250
251	p = (char *)os3.data;
252
253	reply->type = IVAL(p, 0); p += 4;
254	reply->flags = IVAL(p, 0); p += 4;
255
256	memcpy(&reply->guid.info, p, UUID_FLAT_SIZE);
257	p += UUID_FLAT_SIZE;
258
259	p += pull_netlogon_string(reply->forest, p, (const char *)os3.data);
260	p += pull_netlogon_string(reply->domain, p, (const char *)os3.data);
261	p += pull_netlogon_string(reply->hostname, p, (const char *)os3.data);
262	p += pull_netlogon_string(reply->netbios_domain, p, (const char *)os3.data);
263	p += pull_netlogon_string(reply->netbios_hostname, p, (const char *)os3.data);
264	p += pull_netlogon_string(reply->unk, p, (const char *)os3.data);
265
266	if (reply->type == SAMLOGON_AD_R) {
267	p += pull_netlogon_string(reply->user_name, p, (const char *)os3.data);
268	} else {
269	*reply->user_name = 0;
270	}
271
272	p += pull_netlogon_string(reply->server_site_name, p, (const char *)os3.data);
273	p += pull_netlogon_string(reply->client_site_name, p, (const char *)os3.data);
274
275	reply->version = IVAL(p, 0);
276	reply->lmnt_token = SVAL(p, 4);
277	reply->lm20_token = SVAL(p, 6);
278
279	data_blob_free(&os1);
280	data_blob_free(&os2);
281	data_blob_free(&os3);
282	data_blob_free(&blob);
283
284	asn1_free(&data);
285
286	return 0;
287	}
288
289	/*******************************************************************
290	do a cldap netlogon query. Always 389/udp
291	*******************************************************************/
292
293	BOOL ads_cldap_netlogon(const char server, const char realm, struct cldap_netlogon_reply *reply)
294	{
295	int sock;
296	int ret;
297
298	sock = open_udp_socket(server, LDAP_PORT );
299	if (sock == -1) {
300	DEBUG(2,("ads_cldap_netlogon: Failed to open udp socket to %s\n",
301	server));
302	return False;
303	}
304
305	ret = send_cldap_netlogon(sock, realm, global_myname(), 6);
306	if (ret != 0) {
307	close(sock);
308	return False;
309	}
310	ret = recv_cldap_netlogon(sock, reply);
311	close(sock);
312
313	if (ret == -1) {
314	return False;
315	}
316
317	return True;
318	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: