Context Navigation

source: branches/samba-3.3.x/source/lib/smbldap.c@ 309

Visit:

Last change on this file since 309 was 274, checked in by Herwig Bauernfeind, 16 years ago
Update 3.3 branch to 3.3.5
File size: 54.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	LDAP protocol helper functions for SAMBA
4	Copyright (C) Jean FranÃ§ois Micouleau 1998
5	Copyright (C) Gerald Carter 2001-2003
6	Copyright (C) Shahms King 2001
7	Copyright (C) Andrew Bartlett 2002-2003
8	Copyright (C) Stefan (metze) Metzmacher 2002-2003
9
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 3 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License
21	along with this program. If not, see <http://www.gnu.org/licenses/>.
22
23	*/
24
25	#include "includes.h"
26	#include "smbldap.h"
27
28	#ifndef LDAP_OPT_SUCCESS
29	#define LDAP_OPT_SUCCESS 0
30	#endif
31
32	/* Try not to hit the up or down server forever */
33
34	#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
35	#define SMBLDAP_NUM_RETRIES 8 /* retry only 8 times */
36
37	#define SMBLDAP_IDLE_TIME 150 /* After 2.5 minutes disconnect */
38
39
40	/* attributes used by Samba 2.2 */
41
42	ATTRIB_MAP_ENTRY attrib_map_v22[] = {
43	{ LDAP_ATTR_UID, "uid" },
44	{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
45	{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
46	{ LDAP_ATTR_UNIX_HOME, "homeDirectory" },
47	{ LDAP_ATTR_PWD_LAST_SET, "pwdLastSet" },
48	{ LDAP_ATTR_PWD_CAN_CHANGE, "pwdCanChange" },
49	{ LDAP_ATTR_PWD_MUST_CHANGE, "pwdMustChange" },
50	{ LDAP_ATTR_LOGON_TIME, "logonTime" },
51	{ LDAP_ATTR_LOGOFF_TIME, "logoffTime" },
52	{ LDAP_ATTR_KICKOFF_TIME, "kickoffTime" },
53	{ LDAP_ATTR_CN, "cn" },
54	{ LDAP_ATTR_SN, "sn" },
55	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
56	{ LDAP_ATTR_HOME_PATH, "smbHome" },
57	{ LDAP_ATTR_HOME_DRIVE, "homeDrive" },
58	{ LDAP_ATTR_LOGON_SCRIPT, "scriptPath" },
59	{ LDAP_ATTR_PROFILE_PATH, "profilePath" },
60	{ LDAP_ATTR_DESC, "description" },
61	{ LDAP_ATTR_USER_WKS, "userWorkstations"},
62	{ LDAP_ATTR_USER_RID, "rid" },
63	{ LDAP_ATTR_PRIMARY_GROUP_RID, "primaryGroupID"},
64	{ LDAP_ATTR_LMPW, "lmPassword" },
65	{ LDAP_ATTR_NTPW, "ntPassword" },
66	{ LDAP_ATTR_DOMAIN, "domain" },
67	{ LDAP_ATTR_OBJCLASS, "objectClass" },
68	{ LDAP_ATTR_ACB_INFO, "acctFlags" },
69	{ LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" },
70	{ LDAP_ATTR_LIST_END, NULL }
71	};
72
73	ATTRIB_MAP_ENTRY attrib_map_to_delete_v22[] = {
74	{ LDAP_ATTR_PWD_LAST_SET, "pwdLastSet" },
75	{ LDAP_ATTR_PWD_CAN_CHANGE, "pwdCanChange" },
76	{ LDAP_ATTR_PWD_MUST_CHANGE, "pwdMustChange" },
77	{ LDAP_ATTR_LOGON_TIME, "logonTime" },
78	{ LDAP_ATTR_LOGOFF_TIME, "logoffTime" },
79	{ LDAP_ATTR_KICKOFF_TIME, "kickoffTime" },
80	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
81	{ LDAP_ATTR_HOME_PATH, "smbHome" },
82	{ LDAP_ATTR_HOME_DRIVE, "homeDrives" },
83	{ LDAP_ATTR_LOGON_SCRIPT, "scriptPath" },
84	{ LDAP_ATTR_PROFILE_PATH, "profilePath" },
85	{ LDAP_ATTR_USER_WKS, "userWorkstations"},
86	{ LDAP_ATTR_USER_RID, "rid" },
87	{ LDAP_ATTR_PRIMARY_GROUP_RID, "primaryGroupID"},
88	{ LDAP_ATTR_LMPW, "lmPassword" },
89	{ LDAP_ATTR_NTPW, "ntPassword" },
90	{ LDAP_ATTR_DOMAIN, "domain" },
91	{ LDAP_ATTR_ACB_INFO, "acctFlags" },
92	{ LDAP_ATTR_LIST_END, NULL }
93	};
94
95	/* attributes used by Samba 3.0's sambaSamAccount */
96
97	ATTRIB_MAP_ENTRY attrib_map_v30[] = {
98	{ LDAP_ATTR_UID, "uid" },
99	{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
100	{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
101	{ LDAP_ATTR_UNIX_HOME, "homeDirectory" },
102	{ LDAP_ATTR_PWD_LAST_SET, "sambaPwdLastSet" },
103	{ LDAP_ATTR_PWD_CAN_CHANGE, "sambaPwdCanChange" },
104	{ LDAP_ATTR_PWD_MUST_CHANGE, "sambaPwdMustChange" },
105	{ LDAP_ATTR_LOGON_TIME, "sambaLogonTime" },
106	{ LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" },
107	{ LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" },
108	{ LDAP_ATTR_CN, "cn" },
109	{ LDAP_ATTR_SN, "sn" },
110	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
111	{ LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" },
112	{ LDAP_ATTR_HOME_PATH, "sambaHomePath" },
113	{ LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" },
114	{ LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" },
115	{ LDAP_ATTR_DESC, "description" },
116	{ LDAP_ATTR_USER_WKS, "sambaUserWorkstations" },
117	{ LDAP_ATTR_USER_SID, LDAP_ATTRIBUTE_SID },
118	{ LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" },
119	{ LDAP_ATTR_LMPW, "sambaLMPassword" },
120	{ LDAP_ATTR_NTPW, "sambaNTPassword" },
121	{ LDAP_ATTR_DOMAIN, "sambaDomainName" },
122	{ LDAP_ATTR_OBJCLASS, "objectClass" },
123	{ LDAP_ATTR_ACB_INFO, "sambaAcctFlags" },
124	{ LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" },
125	{ LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" },
126	{ LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" },
127	{ LDAP_ATTR_PWD_HISTORY, "sambaPasswordHistory" },
128	{ LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" },
129	{ LDAP_ATTR_LOGON_HOURS, "sambaLogonHours" },
130	{ LDAP_ATTR_LIST_END, NULL }
131	};
132
133	ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[] = {
134	{ LDAP_ATTR_PWD_LAST_SET, "sambaPwdLastSet" },
135	{ LDAP_ATTR_PWD_CAN_CHANGE, "sambaPwdCanChange" },
136	{ LDAP_ATTR_PWD_MUST_CHANGE, "sambaPwdMustChange" },
137	{ LDAP_ATTR_LOGON_TIME, "sambaLogonTime" },
138	{ LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" },
139	{ LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" },
140	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
141	{ LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" },
142	{ LDAP_ATTR_HOME_PATH, "sambaHomePath" },
143	{ LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" },
144	{ LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" },
145	{ LDAP_ATTR_USER_WKS, "sambaUserWorkstations" },
146	{ LDAP_ATTR_USER_SID, LDAP_ATTRIBUTE_SID },
147	{ LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" },
148	{ LDAP_ATTR_LMPW, "sambaLMPassword" },
149	{ LDAP_ATTR_NTPW, "sambaNTPassword" },
150	{ LDAP_ATTR_DOMAIN, "sambaDomainName" },
151	{ LDAP_ATTR_ACB_INFO, "sambaAcctFlags" },
152	{ LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" },
153	{ LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" },
154	{ LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" },
155	{ LDAP_ATTR_PWD_HISTORY, "sambaPasswordHistory" },
156	{ LDAP_ATTR_LOGON_HOURS, "sambaLogonHours" },
157	{ LDAP_ATTR_LIST_END, NULL }
158	};
159
160	/* attributes used for allocating RIDs */
161
162	ATTRIB_MAP_ENTRY dominfo_attr_list[] = {
163	{ LDAP_ATTR_DOMAIN, "sambaDomainName" },
164	{ LDAP_ATTR_NEXT_RID, "sambaNextRid" },
165	{ LDAP_ATTR_NEXT_USERRID, "sambaNextUserRid" },
166	{ LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" },
167	{ LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID },
168	{ LDAP_ATTR_ALGORITHMIC_RID_BASE,"sambaAlgorithmicRidBase"},
169	{ LDAP_ATTR_OBJCLASS, "objectClass" },
170	{ LDAP_ATTR_LIST_END, NULL },
171	};
172
173	/* Samba 3.0 group mapping attributes */
174
175	ATTRIB_MAP_ENTRY groupmap_attr_list[] = {
176	{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
177	{ LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID },
178	{ LDAP_ATTR_GROUP_TYPE, "sambaGroupType" },
179	{ LDAP_ATTR_SID_LIST, "sambaSIDList" },
180	{ LDAP_ATTR_DESC, "description" },
181	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
182	{ LDAP_ATTR_CN, "cn" },
183	{ LDAP_ATTR_OBJCLASS, "objectClass" },
184	{ LDAP_ATTR_LIST_END, NULL }
185	};
186
187	ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = {
188	{ LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID },
189	{ LDAP_ATTR_GROUP_TYPE, "sambaGroupType" },
190	{ LDAP_ATTR_DESC, "description" },
191	{ LDAP_ATTR_DISPLAY_NAME, "displayName" },
192	{ LDAP_ATTR_SID_LIST, "sambaSIDList" },
193	{ LDAP_ATTR_LIST_END, NULL }
194	};
195
196	/* idmap_ldap sambaUnixIdPool */
197
198	ATTRIB_MAP_ENTRY idpool_attr_list[] = {
199	{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
200	{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
201	{ LDAP_ATTR_OBJCLASS, "objectClass" },
202	{ LDAP_ATTR_LIST_END, NULL }
203	};
204
205	ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
206	{ LDAP_ATTR_SID, LDAP_ATTRIBUTE_SID },
207	{ LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER},
208	{ LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER},
209	{ LDAP_ATTR_OBJCLASS, "objectClass" },
210	{ LDAP_ATTR_LIST_END, NULL }
211	};
212
213	/**********************************************************************
214	perform a simple table lookup and return the attribute name
215	**********************************************************************/
216
217	const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key )
218	{
219	int i = 0;
220
221	while ( table[i].attrib != LDAP_ATTR_LIST_END ) {
222	if ( table[i].attrib == key )
223	return table[i].name;
224	i++;
225	}
226
227	return NULL;
228	}
229
230
231	/**********************************************************************
232	Return the list of attribute names from a mapping table
233	**********************************************************************/
234
235	const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] )
236	{
237	const char **names;
238	int i = 0;
239
240	while ( table[i].attrib != LDAP_ATTR_LIST_END )
241	i++;
242	i++;
243
244	names = TALLOC_ARRAY( mem_ctx, const char*, i );
245	if ( !names ) {
246	DEBUG(0,("get_attr_list: out of memory\n"));
247	return NULL;
248	}
249
250	i = 0;
251	while ( table[i].attrib != LDAP_ATTR_LIST_END ) {
252	names[i] = talloc_strdup( names, table[i].name );
253	i++;
254	}
255	names[i] = NULL;
256
257	return names;
258	}
259
260	/*******************************************************************
261	Search an attribute and return the first value found.
262	******************************************************************/
263
264	bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
265	const char attribute, char value,
266	int max_len)
267	{
268	char **values;
269
270	if ( !attribute )
271	return False;
272
273	value[0] = '\0';
274
275	if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
276	DEBUG (10, ("smbldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute));
277
278	return False;
279	}
280
281	if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len, False) == (size_t)-1) {
282	DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n",
283	attribute, values[0]));
284	ldap_value_free(values);
285	return False;
286	}
287
288	ldap_value_free(values);
289	#ifdef DEBUG_PASSWORDS
290	DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", attribute, value));
291	#endif
292	return True;
293	}
294
295	char * smbldap_talloc_single_attribute(LDAP ldap_struct, LDAPMessage entry,
296	const char *attribute,
297	TALLOC_CTX *mem_ctx)
298	{
299	char **values;
300	char *result;
301	size_t converted_size;
302
303	if (attribute == NULL) {
304	return NULL;
305	}
306
307	values = ldap_get_values(ldap_struct, entry, attribute);
308
309	if (values == NULL) {
310	DEBUG(10, ("attribute %s does not exist\n", attribute));
311	return NULL;
312	}
313
314	if (ldap_count_values(values) != 1) {
315	DEBUG(10, ("attribute %s has %d values, expected only one\n",
316	attribute, ldap_count_values(values)));
317	ldap_value_free(values);
318	return NULL;
319	}
320
321	if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
322	DEBUG(10, ("pull_utf8_talloc failed\n"));
323	ldap_value_free(values);
324	return NULL;
325	}
326
327	ldap_value_free(values);
328
329	#ifdef DEBUG_PASSWORDS
330	DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
331	attribute, result));
332	#endif
333	return result;
334	}
335
336	char * smbldap_talloc_smallest_attribute(LDAP ldap_struct, LDAPMessage entry,
337	const char *attribute,
338	TALLOC_CTX *mem_ctx)
339	{
340	char **values;
341	char *result;
342	size_t converted_size;
343	int i, num_values;
344
345	if (attribute == NULL) {
346	return NULL;
347	}
348
349	values = ldap_get_values(ldap_struct, entry, attribute);
350
351	if (values == NULL) {
352	DEBUG(10, ("attribute %s does not exist\n", attribute));
353	return NULL;
354	}
355
356	if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
357	DEBUG(10, ("pull_utf8_talloc failed\n"));
358	ldap_value_free(values);
359	return NULL;
360	}
361
362	num_values = ldap_count_values(values);
363
364	for (i=1; i<num_values; i++) {
365	char *tmp;
366
367	if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
368	&converted_size)) {
369	DEBUG(10, ("pull_utf8_talloc failed\n"));
370	TALLOC_FREE(result);
371	ldap_value_free(values);
372	return NULL;
373	}
374
375	if (StrCaseCmp(tmp, result) < 0) {
376	TALLOC_FREE(result);
377	result = tmp;
378	} else {
379	TALLOC_FREE(tmp);
380	}
381	}
382
383	ldap_value_free(values);
384
385	#ifdef DEBUG_PASSWORDS
386	DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
387	attribute, result));
388	#endif
389	return result;
390	}
391
392	char * smbldap_talloc_smallest_attribute(LDAP ldap_struct, LDAPMessage entry,
393	const char *attribute,
394	TALLOC_CTX *mem_ctx)
395	{
396	char **values;
397	char *result;
398	size_t converted_size;
399	int i, num_values;
400
401	if (attribute == NULL) {
402	return NULL;
403	}
404
405	values = ldap_get_values(ldap_struct, entry, attribute);
406
407	if (values == NULL) {
408	DEBUG(10, ("attribute %s does not exist\n", attribute));
409	return NULL;
410	}
411
412	if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
413	DEBUG(10, ("pull_utf8_talloc failed\n"));
414	ldap_value_free(values);
415	return NULL;
416	}
417
418	num_values = ldap_count_values(values);
419
420	for (i=1; i<num_values; i++) {
421	char *tmp;
422
423	if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
424	&converted_size)) {
425	DEBUG(10, ("pull_utf8_talloc failed\n"));
426	TALLOC_FREE(result);
427	ldap_value_free(values);
428	return NULL;
429	}
430
431	if (StrCaseCmp(tmp, result) < 0) {
432	TALLOC_FREE(result);
433	result = tmp;
434	} else {
435	TALLOC_FREE(tmp);
436	}
437	}
438
439	ldap_value_free(values);
440
441	#ifdef DEBUG_PASSWORDS
442	DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
443	attribute, result));
444	#endif
445	return result;
446	}
447
448	static int ldapmsg_destructor(LDAPMessage **result) {
449	ldap_msgfree(*result);
450	return 0;
451	}
452
453	void talloc_autofree_ldapmsg(TALLOC_CTX mem_ctx, LDAPMessage result)
454	{
455	LDAPMessage **handle;
456
457	if (result == NULL) {
458	return;
459	}
460
461	handle = TALLOC_P(mem_ctx, LDAPMessage *);
462	SMB_ASSERT(handle != NULL);
463
464	*handle = result;
465	talloc_set_destructor(handle, ldapmsg_destructor);
466	}
467
468	static int ldapmod_destructor(LDAPMod ***mod) {
469	ldap_mods_free(*mod, True);
470	return 0;
471	}
472
473	void talloc_autofree_ldapmod(TALLOC_CTX mem_ctx, LDAPMod *mod)
474	{
475	LDAPMod ***handle;
476
477	if (mod == NULL) {
478	return;
479	}
480
481	handle = TALLOC_P(mem_ctx, LDAPMod **);
482	SMB_ASSERT(handle != NULL);
483
484	*handle = mod;
485	talloc_set_destructor(handle, ldapmod_destructor);
486	}
487
488	/************************************************************************
489	Routine to manage the LDAPMod structure array
490	manage memory used by the array, by each struct, and values
491	***********************************************************************/
492
493	void smbldap_set_mod (LDAPMod *** modlist, int modop, const char attribute, const char value)
494	{
495	LDAPMod **mods;
496	int i;
497	int j;
498
499	mods = *modlist;
500
501	/* sanity checks on the mod values */
502
503	if (attribute == NULL \|\| *attribute == '\0') {
504	return;
505	}
506
507	#if 0 /* commented out after discussion with abartlet. Do not reenable.
508	left here so other do not re-add similar code --jerry */
509	if (value == NULL \|\| *value == '\0')
510	return;
511	#endif
512
513	if (mods == NULL) {
514	mods = SMB_MALLOC_P(LDAPMod *);
515	if (mods == NULL) {
516	smb_panic("smbldap_set_mod: out of memory!");
517	/* notreached. */
518	}
519	mods[0] = NULL;
520	}
521
522	for (i = 0; mods[i] != NULL; ++i) {
523	if (mods[i]->mod_op == modop && strequal(mods[i]->mod_type, attribute))
524	break;
525	}
526
527	if (mods[i] == NULL) {
528	mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2);
529	if (mods == NULL) {
530	smb_panic("smbldap_set_mod: out of memory!");
531	/* notreached. */
532	}
533	mods[i] = SMB_MALLOC_P(LDAPMod);
534	if (mods[i] == NULL) {
535	smb_panic("smbldap_set_mod: out of memory!");
536	/* notreached. */
537	}
538	mods[i]->mod_op = modop;
539	mods[i]->mod_values = NULL;
540	mods[i]->mod_type = SMB_STRDUP(attribute);
541	mods[i + 1] = NULL;
542	}
543
544	if (value != NULL) {
545	char *utf8_value = NULL;
546	size_t converted_size;
547
548	j = 0;
549	if (mods[i]->mod_values != NULL) {
550	for (; mods[i]->mod_values[j] != NULL; j++);
551	}
552	mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2);
553
554	if (mods[i]->mod_values == NULL) {
555	smb_panic("smbldap_set_mod: out of memory!");
556	/* notreached. */
557	}
558
559	if (!push_utf8_allocate(&utf8_value, value, &converted_size)) {
560	smb_panic("smbldap_set_mod: String conversion failure!");
561	/* notreached. */
562	}
563
564	mods[i]->mod_values[j] = utf8_value;
565
566	mods[i]->mod_values[j + 1] = NULL;
567	}
568	*modlist = mods;
569	}
570
571	/**********************************************************************
572	Set attribute to newval in LDAP, regardless of what value the
573	attribute had in LDAP before.
574	*********************************************************************/
575
576	void smbldap_make_mod(LDAP ldap_struct, LDAPMessage existing,
577	LDAPMod ***mods,
578	const char attribute, const char newval)
579	{
580	char oldval[2048]; /* current largest allowed value is mungeddial */
581	bool existed;
582
583	if (attribute == NULL) {
584	/* This can actually happen for ldapsam_compat where we for
585	* example don't have a password history */
586	return;
587	}
588
589	if (existing != NULL) {
590	existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval));
591	} else {
592	existed = False;
593	*oldval = '\0';
594	}
595
596	/* all of our string attributes are case insensitive */
597
598	if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) {
599
600	/* Believe it or not, but LDAP will deny a delete and
601	an add at the same time if the values are the
602	same... */
603	DEBUG(10,("smbldap_make_mod: attribute \|%s\| not changed.\n", attribute));
604	return;
605	}
606
607	if (existed) {
608	/* There has been no value before, so don't delete it.
609	* Here's a possible race: We might end up with
610	* duplicate attributes */
611	/* By deleting exactly the value we found in the entry this
612	* should be race-free in the sense that the LDAP-Server will
613	* deny the complete operation if somebody changed the
614	* attribute behind our back. */
615	/* This will also allow modifying single valued attributes
616	* in Novell NDS. In NDS you have to first remove attribute and then
617	* you could add new value */
618
619	DEBUG(10,("smbldap_make_mod: deleting attribute \|%s\| values \|%s\|\n", attribute, oldval));
620	smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
621	}
622
623	/* Regardless of the real operation (add or modify)
624	we add the new value here. We rely on deleting
625	the old value, should it exist. */
626
627	if ((newval != NULL) && (strlen(newval) > 0)) {
628	DEBUG(10,("smbldap_make_mod: adding attribute \|%s\| value \|%s\|\n", attribute, newval));
629	smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
630	}
631	}
632
633	/**********************************************************************
634	Some varients of the LDAP rebind code do not pass in the third 'arg'
635	pointer to a void*, so we try and work around it by assuming that the
636	value of the 'LDAP *' pointer is the same as the one we had passed in
637	**********************************************************************/
638
639	struct smbldap_state_lookup {
640	LDAP *ld;
641	struct smbldap_state *smbldap_state;
642	struct smbldap_state_lookup prev, next;
643	};
644
645	static struct smbldap_state_lookup *smbldap_state_lookup_list;
646
647	static struct smbldap_state smbldap_find_state(LDAP ld)
648	{
649	struct smbldap_state_lookup *t;
650
651	for (t = smbldap_state_lookup_list; t; t = t->next) {
652	if (t->ld == ld) {
653	return t->smbldap_state;
654	}
655	}
656	return NULL;
657	}
658
659	static void smbldap_delete_state(struct smbldap_state *smbldap_state)
660	{
661	struct smbldap_state_lookup *t;
662
663	for (t = smbldap_state_lookup_list; t; t = t->next) {
664	if (t->smbldap_state == smbldap_state) {
665	DLIST_REMOVE(smbldap_state_lookup_list, t);
666	SAFE_FREE(t);
667	return;
668	}
669	}
670	}
671
672	static void smbldap_store_state(LDAP ld, struct smbldap_state smbldap_state)
673	{
674	struct smbldap_state *tmp_ldap_state;
675	struct smbldap_state_lookup *t;
676
677	if ((tmp_ldap_state = smbldap_find_state(ld))) {
678	SMB_ASSERT(tmp_ldap_state == smbldap_state);
679	return;
680	}
681
682	t = SMB_XMALLOC_P(struct smbldap_state_lookup);
683	ZERO_STRUCTP(t);
684
685	DLIST_ADD_END(smbldap_state_lookup_list, t, struct smbldap_state_lookup *);
686	t->ld = ld;
687	t->smbldap_state = smbldap_state;
688	}
689
690	/********************************************************************
691	start TLS on an existing LDAP connection
692	*******************************************************************/
693
694	int smb_ldap_start_tls(LDAP *ldap_struct, int version)
695	{
696	#ifdef LDAP_OPT_X_TLS
697	int rc;
698	#endif
699
700	if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
701	return LDAP_SUCCESS;
702	}
703
704	#ifdef LDAP_OPT_X_TLS
705	if (version != LDAP_VERSION3) {
706	DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
707	return LDAP_OPERATIONS_ERROR;
708	}
709
710	if ((rc = ldap_start_tls_s (ldap_struct, NULL, NULL)) != LDAP_SUCCESS) {
711	DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
712	ldap_err2string(rc)));
713	return rc;
714	}
715
716	DEBUG (3, ("StartTLS issued: using a TLS connection\n"));
717	return LDAP_SUCCESS;
718	#else
719	DEBUG(0,("StartTLS not supported by LDAP client libraries!\n"));
720	return LDAP_OPERATIONS_ERROR;
721	#endif
722	}
723
724	/********************************************************************
725	setup a connection to the LDAP server based on a uri
726	*******************************************************************/
727
728	int smb_ldap_setup_conn(LDAP *ldap_struct, const char uri)
729	{
730	int rc;
731
732	DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri));
733
734	#ifdef HAVE_LDAP_INITIALIZE
735
736	rc = ldap_initialize(ldap_struct, uri);
737	if (rc) {
738	DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
739	}
740
741	return rc;
742	#else
743
744	/* Parse the string manually */
745
746	{
747	int port = 0;
748	fstring protocol;
749	fstring host;
750	SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
751
752
753	/* skip leading "URL:" (if any) */
754	if ( strnequal( uri, "URL:", 4 ) ) {
755	uri += 4;
756	}
757
758	sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port);
759
760	if (port == 0) {
761	if (strequal(protocol, "ldap")) {
762	port = LDAP_PORT;
763	} else if (strequal(protocol, "ldaps")) {
764	port = LDAPS_PORT;
765	} else {
766	DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
767	}
768	}
769
770	if ((*ldap_struct = ldap_init(host, port)) == NULL) {
771	DEBUG(0, ("ldap_init failed !\n"));
772	return LDAP_OPERATIONS_ERROR;
773	}
774
775	if (strequal(protocol, "ldaps")) {
776	#ifdef LDAP_OPT_X_TLS
777	int tls = LDAP_OPT_X_TLS_HARD;
778	if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
779	{
780	DEBUG(0, ("Failed to setup a TLS session\n"));
781	}
782
783	DEBUG(3,("LDAPS option set...!\n"));
784	#else
785	DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
786	return LDAP_OPERATIONS_ERROR;
787	#endif /* LDAP_OPT_X_TLS */
788	}
789	}
790	#endif /* HAVE_LDAP_INITIALIZE */
791
792
793	/* now set connection timeout */
794	#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
795	{
796	int ct = lp_ldap_connection_timeout()*1000;
797	rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct);
798	if (rc != LDAP_SUCCESS) {
799	DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
800	ct, ldap_err2string(rc)));
801	}
802	}
803	#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
804	{
805	struct timeval ct;
806	ct.tv_usec = 0;
807	ct.tv_sec = lp_ldap_connection_timeout();
808	rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct);
809	if (rc != LDAP_SUCCESS) {
810	DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
811	(int)ct.tv_sec, ldap_err2string(rc)));
812	}
813	}
814	#endif
815
816	return LDAP_SUCCESS;
817	}
818
819	/********************************************************************
820	try to upgrade to Version 3 LDAP if not already, in either case return current
821	version
822	*******************************************************************/
823
824	int smb_ldap_upgrade_conn(LDAP ldap_struct, int new_version)
825	{
826	int version;
827	int rc;
828
829	/* assume the worst */
830	*new_version = LDAP_VERSION2;
831
832	rc = ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
833	if (rc) {
834	return rc;
835	}
836
837	if (version == LDAP_VERSION3) {
838	*new_version = LDAP_VERSION3;
839	return LDAP_SUCCESS;
840	}
841
842	/* try upgrade */
843	version = LDAP_VERSION3;
844	rc = ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
845	if (rc) {
846	return rc;
847	}
848
849	*new_version = LDAP_VERSION3;
850	return LDAP_SUCCESS;
851	}
852
853	/*******************************************************************
854	open a connection to the ldap server (just until the bind)
855	******************************************************************/
856
857	int smb_ldap_setup_full_conn(LDAP *ldap_struct, const char uri)
858	{
859	int rc, version;
860
861	rc = smb_ldap_setup_conn(ldap_struct, uri);
862	if (rc) {
863	return rc;
864	}
865
866	rc = smb_ldap_upgrade_conn(*ldap_struct, &version);
867	if (rc) {
868	return rc;
869	}
870
871	rc = smb_ldap_start_tls(*ldap_struct, version);
872	if (rc) {
873	return rc;
874	}
875
876	return LDAP_SUCCESS;
877	}
878
879	/*******************************************************************
880	open a connection to the ldap server.
881	******************************************************************/
882	static int smbldap_open_connection (struct smbldap_state *ldap_state)
883
884	{
885	int rc = LDAP_SUCCESS;
886	int version;
887	LDAP **ldap_struct = &ldap_state->ldap_struct;
888
889	rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri);
890	if (rc) {
891	return rc;
892	}
893
894	/* Store the LDAP pointer in a lookup list */
895
896	smbldap_store_state(*ldap_struct, ldap_state);
897
898	/* Upgrade to LDAPv3 if possible */
899
900	rc = smb_ldap_upgrade_conn(*ldap_struct, &version);
901	if (rc) {
902	return rc;
903	}
904
905	/* Start TLS if required */
906
907	rc = smb_ldap_start_tls(*ldap_struct, version);
908	if (rc) {
909	return rc;
910	}
911
912	DEBUG(2, ("smbldap_open_connection: connection opened\n"));
913	return rc;
914	}
915
916	/*******************************************************************
917	a rebind function for authenticated referrals
918	This version takes a void* that we can shove useful stuff in :-)
919	******************************************************************/
920	#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
921	#else
922	static int rebindproc_with_state (LDAP * ld, char whop, char credp,
923	int methodp, int freeit, void arg)
924	{
925	struct smbldap_state *ldap_state = arg;
926
927	/** @TODO Should we be doing something to check what servers we rebind to?
928	Could we get a referral to a machine that we don't want to give our
929	username and password to? */
930
931	if (freeit) {
932	SAFE_FREE(*whop);
933	if (*credp) {
934	memset(credp, '\0', strlen(credp));
935	}
936	SAFE_FREE(*credp);
937	} else {
938	DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n",
939	ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]"));
940
941	if (ldap_state->anonymous) {
942	*whop = NULL;
943	*credp = NULL;
944	} else {
945	*whop = SMB_STRDUP(ldap_state->bind_dn);
946	if (!*whop) {
947	return LDAP_NO_MEMORY;
948	}
949	*credp = SMB_STRDUP(ldap_state->bind_secret);
950	if (!*credp) {
951	SAFE_FREE(*whop);
952	return LDAP_NO_MEMORY;
953	}
954	}
955	*methodp = LDAP_AUTH_SIMPLE;
956	}
957
958	GetTimeOfDay(&ldap_state->last_rebind);
959
960	return 0;
961	}
962	#endif /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
963
964	/*******************************************************************
965	a rebind function for authenticated referrals
966	This version takes a void* that we can shove useful stuff in :-)
967	and actually does the connection.
968	******************************************************************/
969	#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
970	static int rebindproc_connect_with_state (LDAP *ldap_struct,
971	LDAP_CONST char *url,
972	ber_tag_t request,
973	ber_int_t msgid, void *arg)
974	{
975	struct smbldap_state *ldap_state =
976	(struct smbldap_state *)arg;
977	int rc;
978	int version;
979
980	DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n",
981	url, ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]"));
982
983	/* call START_TLS again (ldaps:// is handled by the OpenLDAP library
984	* itself) before rebinding to another LDAP server to avoid to expose
985	* our credentials. At least try to secure the connection - Guenther */
986
987	smb_ldap_upgrade_conn(ldap_struct, &version);
988	smb_ldap_start_tls(ldap_struct, version);
989
990	/** @TODO Should we be doing something to check what servers we rebind to?
991	Could we get a referral to a machine that we don't want to give our
992	username and password to? */
993
994	rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret);
995
996	/* only set the last rebind timestamp when we did rebind after a
997	* non-read LDAP operation. That way we avoid the replication sleep
998	* after a simple redirected search operation - Guenther */
999
1000	switch (request) {
1001
1002	case LDAP_REQ_MODIFY:
1003	case LDAP_REQ_ADD:
1004	case LDAP_REQ_DELETE:
1005	case LDAP_REQ_MODDN:
1006	case LDAP_REQ_EXTENDED:
1007	DEBUG(10,("rebindproc_connect_with_state: "
1008	"setting last_rebind timestamp "
1009	"(req: 0x%02x)\n", (unsigned int)request));
1010	GetTimeOfDay(&ldap_state->last_rebind);
1011	break;
1012	default:
1013	ZERO_STRUCT(ldap_state->last_rebind);
1014	break;
1015	}
1016
1017	return rc;
1018	}
1019	#endif /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
1020
1021	/*******************************************************************
1022	Add a rebind function for authenticated referrals
1023	******************************************************************/
1024	#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
1025	#else
1026	# if LDAP_SET_REBIND_PROC_ARGS == 2
1027	static int rebindproc (LDAP ldap_struct, char whop, char *credp,
1028	int *method, int freeit )
1029	{
1030	struct smbldap_state *ldap_state = smbldap_find_state(ldap_struct);
1031
1032	return rebindproc_with_state(ldap_struct, whop, credp,
1033	method, freeit, ldap_state);
1034
1035	}
1036	# endif /LDAP_SET_REBIND_PROC_ARGS == 2/
1037	#endif /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
1038
1039	/*******************************************************************
1040	a rebind function for authenticated referrals
1041	this also does the connection, but no void*.
1042	******************************************************************/
1043	#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
1044	# if LDAP_SET_REBIND_PROC_ARGS == 2
1045	static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
1046	ber_int_t msgid)
1047	{
1048	struct smbldap_state *ldap_state = smbldap_find_state(ld);
1049
1050	return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid,
1051	ldap_state);
1052	}
1053	# endif /LDAP_SET_REBIND_PROC_ARGS == 2/
1054	#endif /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
1055
1056	/*******************************************************************
1057	connect to the ldap server under system privilege.
1058	******************************************************************/
1059	static int smbldap_connect_system(struct smbldap_state ldap_state, LDAP ldap_struct)
1060	{
1061	int rc;
1062	int version;
1063
1064	if (!ldap_state->anonymous && !ldap_state->bind_dn) {
1065
1066	/* get the default dn and password only if they are not set already */
1067	if (!fetch_ldap_pw(&ldap_state->bind_dn, &ldap_state->bind_secret)) {
1068	DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n"));
1069	return LDAP_INVALID_CREDENTIALS;
1070	}
1071	}
1072
1073	/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
1074	(OpenLDAP) doesnt' seem to support it */
1075
1076	DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
1077	ldap_state->uri, ldap_state->bind_dn));
1078
1079	#ifdef HAVE_LDAP_SET_REBIND_PROC
1080	#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
1081	# if LDAP_SET_REBIND_PROC_ARGS == 2
1082	ldap_set_rebind_proc(ldap_struct, &rebindproc_connect);
1083	# endif
1084	# if LDAP_SET_REBIND_PROC_ARGS == 3
1085	ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state);
1086	# endif
1087	#else /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
1088	# if LDAP_SET_REBIND_PROC_ARGS == 2
1089	ldap_set_rebind_proc(ldap_struct, &rebindproc);
1090	# endif
1091	# if LDAP_SET_REBIND_PROC_ARGS == 3
1092	ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state);
1093	# endif
1094	#endif /defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)/
1095	#endif
1096
1097	rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret);
1098
1099	if (rc != LDAP_SUCCESS) {
1100	char *ld_error = NULL;
1101	ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
1102	&ld_error);
1103	DEBUG(ldap_state->num_failures ? 2 : 0,
1104	("failed to bind to server %s with dn=\"%s\" Error: %s\n\t%s\n",
1105	ldap_state->uri,
1106	ldap_state->bind_dn ? ldap_state->bind_dn : "[Anonymous bind]",
1107	ldap_err2string(rc),
1108	ld_error ? ld_error : "(unknown)"));
1109	SAFE_FREE(ld_error);
1110	ldap_state->num_failures++;
1111	return rc;
1112	}
1113
1114	ldap_state->num_failures = 0;
1115	ldap_state->paged_results = False;
1116
1117	ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
1118
1119	if (smbldap_has_control(ldap_state->ldap_struct, ADS_PAGE_CTL_OID) && version == 3) {
1120	ldap_state->paged_results = True;
1121	}
1122
1123	DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n"));
1124	DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n",
1125	ldap_state->paged_results ? "does" : "does not"));
1126	return rc;
1127	}
1128
1129	static void smbldap_idle_fn(struct event_context *event_ctx,
1130	struct timed_event *te,
1131	struct timeval now,
1132	void *private_data);
1133
1134	/**********************************************************************
1135	Connect to LDAP server (called before every ldap operation)
1136	*********************************************************************/
1137	static int smbldap_open(struct smbldap_state *ldap_state)
1138	{
1139	int rc, opt_rc;
1140	bool reopen = False;
1141	SMB_ASSERT(ldap_state);
1142
1143	if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) {
1144
1145	#ifdef HAVE_UNIXSOCKET
1146	struct sockaddr_un addr;
1147	#else
1148	struct sockaddr addr;
1149	#endif
1150	socklen_t len = sizeof(addr);
1151	int sd;
1152
1153	opt_rc = ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd);
1154	if (opt_rc == 0 && (getpeername(sd, (struct sockaddr *) &addr, &len)) < 0 )
1155	reopen = True;
1156
1157	#ifdef HAVE_UNIXSOCKET
1158	if (opt_rc == 0 && addr.sun_family == AF_UNIX)
1159	reopen = True;
1160	#endif
1161	if (reopen) {
1162	/* the other end has died. reopen. */
1163	ldap_unbind(ldap_state->ldap_struct);
1164	ldap_state->ldap_struct = NULL;
1165	ldap_state->last_ping = (time_t)0;
1166	} else {
1167	ldap_state->last_ping = time(NULL);
1168	}
1169	}
1170
1171	if (ldap_state->ldap_struct != NULL) {
1172	DEBUG(11,("smbldap_open: already connected to the LDAP server\n"));
1173	return LDAP_SUCCESS;
1174	}
1175
1176	if ((rc = smbldap_open_connection(ldap_state))) {
1177	return rc;
1178	}
1179
1180	if ((rc = smbldap_connect_system(ldap_state, ldap_state->ldap_struct))) {
1181	ldap_unbind(ldap_state->ldap_struct);
1182	ldap_state->ldap_struct = NULL;
1183	return rc;
1184	}
1185
1186
1187	ldap_state->last_ping = time(NULL);
1188	ldap_state->pid = sys_getpid();
1189
1190	TALLOC_FREE(ldap_state->idle_event);
1191
1192	if (ldap_state->event_context != NULL) {
1193	ldap_state->idle_event = event_add_timed(
1194	ldap_state->event_context, NULL,
1195	timeval_current_ofs(SMBLDAP_IDLE_TIME, 0),
1196	smbldap_idle_fn, ldap_state);
1197	}
1198
1199	DEBUG(4,("The LDAP server is successfully connected\n"));
1200
1201	return LDAP_SUCCESS;
1202	}
1203
1204	/**********************************************************************
1205	Disconnect from LDAP server
1206	*********************************************************************/
1207	static NTSTATUS smbldap_close(struct smbldap_state *ldap_state)
1208	{
1209	if (!ldap_state)
1210	return NT_STATUS_INVALID_PARAMETER;
1211
1212	if (ldap_state->ldap_struct != NULL) {
1213	ldap_unbind(ldap_state->ldap_struct);
1214	ldap_state->ldap_struct = NULL;
1215	}
1216
1217	smbldap_delete_state(ldap_state);
1218
1219	DEBUG(5,("The connection to the LDAP server was closed\n"));
1220	/* maybe free the results here --metze */
1221
1222	return NT_STATUS_OK;
1223	}
1224
1225	static bool got_alarm;
1226
1227	static void (*old_handler)(int);
1228
1229	static void gotalarm_sig(int dummy)
1230	{
1231	got_alarm = True;
1232	}
1233
1234	static int another_ldap_try(struct smbldap_state ldap_state, int rc,
1235	int *attempts, time_t endtime)
1236	{
1237	time_t now = time(NULL);
1238	int open_rc = LDAP_SERVER_DOWN;
1239
1240	if (*rc != LDAP_SERVER_DOWN)
1241	goto no_next;
1242
1243	if (now >= endtime) {
1244	smbldap_close(ldap_state);
1245	*rc = LDAP_TIMEOUT;
1246	goto no_next;
1247	}
1248
1249	if (*attempts == 0) {
1250	got_alarm = False;
1251	old_handler = CatchSignal(SIGALRM, gotalarm_sig);
1252	alarm(endtime - now);
1253
1254	if (ldap_state->pid != sys_getpid())
1255	smbldap_close(ldap_state);
1256	}
1257
1258	while (1) {
1259
1260	if (*attempts != 0)
1261	smb_msleep(1000);
1262
1263	*attempts += 1;
1264
1265	open_rc = smbldap_open(ldap_state);
1266
1267	if (open_rc == LDAP_SUCCESS) {
1268	ldap_state->last_use = now;
1269	return True;
1270	}
1271
1272	if (open_rc == LDAP_INSUFFICIENT_ACCESS) {
1273	/* The fact that we are non-root or any other
1274	* access-denied condition will not change in the next
1275	* round of trying */
1276	*rc = open_rc;
1277	break;
1278	}
1279
1280	if (got_alarm) {
1281	*rc = LDAP_TIMEOUT;
1282	break;
1283	}
1284
1285	if (open_rc != LDAP_SUCCESS) {
1286	DEBUG(1, ("Connection to LDAP server failed for the "
1287	"%d try!\n", *attempts));
1288	}
1289	}
1290
1291	no_next:
1292	CatchSignal(SIGALRM, old_handler);
1293	alarm(0);
1294	ldap_state->last_use = now;
1295	return False;
1296	}
1297
1298	/*********************************************************************
1299	********************************************************************/
1300
1301	static int smbldap_search_ext(struct smbldap_state *ldap_state,
1302	const char base, int scope, const char filter,
1303	const char *attrs[], int attrsonly,
1304	LDAPControl sctrls, LDAPControl cctrls,
1305	int sizelimit, LDAPMessage **res)
1306	{
1307	int rc = LDAP_SERVER_DOWN;
1308	int attempts = 0;
1309	char *utf8_filter;
1310	time_t endtime = time(NULL)+lp_ldap_timeout();
1311	struct timeval timeout;
1312	size_t converted_size;
1313
1314	SMB_ASSERT(ldap_state);
1315
1316	DEBUG(5,("smbldap_search_ext: base => [%s], filter => [%s], "
1317	"scope => [%d]\n", base, filter, scope));
1318
1319	if (ldap_state->last_rebind.tv_sec > 0) {
1320	struct timeval tval;
1321	SMB_BIG_INT tdiff = 0;
1322	int sleep_time = 0;
1323
1324	ZERO_STRUCT(tval);
1325	GetTimeOfDay(&tval);
1326
1327	tdiff = usec_time_diff(&tval, &ldap_state->last_rebind);
1328	tdiff /= 1000; /* Convert to milliseconds. */
1329
1330	sleep_time = lp_ldap_replication_sleep()-(int)tdiff;
1331	sleep_time = MIN(sleep_time, MAX_LDAP_REPLICATION_SLEEP_TIME);
1332
1333	if (sleep_time > 0) {
1334	/* we wait for the LDAP replication */
1335	DEBUG(5,("smbldap_search_ext: waiting %d milliseconds "
1336	"for LDAP replication.\n",sleep_time));
1337	smb_msleep(sleep_time);
1338	DEBUG(5,("smbldap_search_ext: go on!\n"));
1339	}
1340	ZERO_STRUCT(ldap_state->last_rebind);
1341	}
1342
1343	if (!push_utf8_allocate(&utf8_filter, filter, &converted_size)) {
1344	return LDAP_NO_MEMORY;
1345	}
1346
1347	/* Setup timeout for the ldap_search_ext_s call - local and remote. */
1348	timeout.tv_sec = lp_ldap_timeout();
1349	timeout.tv_usec = 0;
1350
1351	/* Setup alarm timeout.... Do we need both of these ? JRA.
1352	* Yes, I think we do need both of these. The server timeout only
1353	* covers the case where the server's operation takes too long. It
1354	* does not cover the case where the request hangs on its way to the
1355	* server. The server side timeout is not strictly necessary, it's
1356	* just a bit more kind to the server. VL. */
1357
1358	got_alarm = 0;
1359	CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
1360	alarm(lp_ldap_timeout());
1361	/* End setup timeout. */
1362
1363	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
1364	rc = ldap_search_ext_s(ldap_state->ldap_struct, base, scope,
1365	utf8_filter,
1366	CONST_DISCARD(char **, attrs),
1367	attrsonly, sctrls, cctrls, &timeout,
1368	sizelimit, res);
1369	if (rc != LDAP_SUCCESS) {
1370	char *ld_error = NULL;
1371	int ld_errno;
1372
1373	ldap_get_option(ldap_state->ldap_struct,
1374	LDAP_OPT_ERROR_NUMBER, &ld_errno);
1375
1376	ldap_get_option(ldap_state->ldap_struct,
1377	LDAP_OPT_ERROR_STRING, &ld_error);
1378	DEBUG(10, ("Failed search for base: %s, error: %d (%s) "
1379	"(%s)\n", base, ld_errno,
1380	ldap_err2string(rc),
1381	ld_error ? ld_error : "unknown"));
1382	SAFE_FREE(ld_error);
1383
1384	if (ld_errno == LDAP_SERVER_DOWN) {
1385	ldap_unbind(ldap_state->ldap_struct);
1386	ldap_state->ldap_struct = NULL;
1387	}
1388	}
1389	}
1390
1391	SAFE_FREE(utf8_filter);
1392
1393	/* Teardown timeout. */
1394	CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
1395	alarm(0);
1396
1397	if (got_alarm != 0)
1398	return LDAP_TIMELIMIT_EXCEEDED;
1399
1400	return rc;
1401	}
1402
1403	int smbldap_search(struct smbldap_state *ldap_state,
1404	const char base, int scope, const char filter,
1405	const char *attrs[], int attrsonly,
1406	LDAPMessage **res)
1407	{
1408	return smbldap_search_ext(ldap_state, base, scope, filter, attrs,
1409	attrsonly, NULL, NULL, LDAP_NO_LIMIT, res);
1410	}
1411
1412	int smbldap_search_paged(struct smbldap_state *ldap_state,
1413	const char base, int scope, const char filter,
1414	const char **attrs, int attrsonly, int pagesize,
1415	LDAPMessage res, void cookie)
1416	{
1417	LDAPControl pr;
1418	LDAPControl **rcontrols;
1419	LDAPControl *controls[2] = { NULL, NULL};
1420	BerElement *cookie_be = NULL;
1421	struct berval *cookie_bv = NULL;
1422	int tmp = 0, i, rc;
1423	bool critical = True;
1424
1425	*res = NULL;
1426
1427	DEBUG(3,("smbldap_search_paged: base => [%s], filter => [%s],"
1428	"scope => [%d], pagesize => [%d]\n",
1429	base, filter, scope, pagesize));
1430
1431	cookie_be = ber_alloc_t(LBER_USE_DER);
1432	if (cookie_be == NULL) {
1433	DEBUG(0,("smbldap_create_page_control: ber_alloc_t returns "
1434	"NULL\n"));
1435	return LDAP_NO_MEMORY;
1436	}
1437
1438	/* construct cookie */
1439	if (*cookie != NULL) {
1440	ber_printf(cookie_be, "{iO}", (ber_int_t) pagesize, *cookie);
1441	ber_bvfree((struct berval )cookie); /* don't need it from last time */
1442	*cookie = NULL;
1443	} else {
1444	ber_printf(cookie_be, "{io}", (ber_int_t) pagesize, "", 0);
1445	}
1446	ber_flatten(cookie_be, &cookie_bv);
1447
1448	pr.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID);
1449	pr.ldctl_iscritical = (char) critical;
1450	pr.ldctl_value.bv_len = cookie_bv->bv_len;
1451	pr.ldctl_value.bv_val = cookie_bv->bv_val;
1452
1453	controls[0] = &pr;
1454	controls[1] = NULL;
1455
1456	rc = smbldap_search_ext(ldap_state, base, scope, filter, attrs,
1457	0, controls, NULL, LDAP_NO_LIMIT, res);
1458
1459	ber_free(cookie_be, 1);
1460	ber_bvfree(cookie_bv);
1461
1462	if (rc != 0) {
1463	DEBUG(3,("smbldap_search_paged: smbldap_search_ext(%s) "
1464	"failed with [%s]\n", filter, ldap_err2string(rc)));
1465	goto done;
1466	}
1467
1468	DEBUG(3,("smbldap_search_paged: search was successfull\n"));
1469
1470	rc = ldap_parse_result(ldap_state->ldap_struct, *res, NULL, NULL,
1471	NULL, NULL, &rcontrols, 0);
1472	if (rc != 0) {
1473	DEBUG(3,("smbldap_search_paged: ldap_parse_result failed " \
1474	"with [%s]\n", ldap_err2string(rc)));
1475	goto done;
1476	}
1477
1478	if (rcontrols == NULL)
1479	goto done;
1480
1481	for (i=0; rcontrols[i]; i++) {
1482
1483	if (strcmp(ADS_PAGE_CTL_OID, rcontrols[i]->ldctl_oid) != 0)
1484	continue;
1485
1486	cookie_be = ber_init(&rcontrols[i]->ldctl_value);
1487	ber_scanf(cookie_be,"{iO}", &tmp, &cookie_bv);
1488	/* the berval is the cookie, but must be freed when it is all
1489	done */
1490	if (cookie_bv->bv_len)
1491	*cookie=ber_bvdup(cookie_bv);
1492	else
1493	*cookie=NULL;
1494	ber_bvfree(cookie_bv);
1495	ber_free(cookie_be, 1);
1496	break;
1497	}
1498	ldap_controls_free(rcontrols);
1499	done:
1500	return rc;
1501	}
1502
1503	int smbldap_modify(struct smbldap_state ldap_state, const char dn, LDAPMod *attrs[])
1504	{
1505	int rc = LDAP_SERVER_DOWN;
1506	int attempts = 0;
1507	char *utf8_dn;
1508	time_t endtime = time(NULL)+lp_ldap_timeout();
1509	size_t converted_size;
1510
1511	SMB_ASSERT(ldap_state);
1512
1513	DEBUG(5,("smbldap_modify: dn => [%s]\n", dn ));
1514
1515	if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
1516	return LDAP_NO_MEMORY;
1517	}
1518
1519	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
1520	rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs);
1521	if (rc != LDAP_SUCCESS) {
1522	char *ld_error = NULL;
1523	int ld_errno;
1524
1525	ldap_get_option(ldap_state->ldap_struct,
1526	LDAP_OPT_ERROR_NUMBER, &ld_errno);
1527
1528	ldap_get_option(ldap_state->ldap_struct,
1529	LDAP_OPT_ERROR_STRING, &ld_error);
1530	DEBUG(10, ("Failed to modify dn: %s, error: %d (%s) "
1531	"(%s)\n", dn, ld_errno,
1532	ldap_err2string(rc),
1533	ld_error ? ld_error : "unknown"));
1534	SAFE_FREE(ld_error);
1535
1536	if (ld_errno == LDAP_SERVER_DOWN) {
1537	ldap_unbind(ldap_state->ldap_struct);
1538	ldap_state->ldap_struct = NULL;
1539	}
1540	}
1541	}
1542
1543	SAFE_FREE(utf8_dn);
1544	return rc;
1545	}
1546
1547	int smbldap_add(struct smbldap_state ldap_state, const char dn, LDAPMod *attrs[])
1548	{
1549	int rc = LDAP_SERVER_DOWN;
1550	int attempts = 0;
1551	char *utf8_dn;
1552	time_t endtime = time(NULL)+lp_ldap_timeout();
1553	size_t converted_size;
1554
1555	SMB_ASSERT(ldap_state);
1556
1557	DEBUG(5,("smbldap_add: dn => [%s]\n", dn ));
1558
1559	if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
1560	return LDAP_NO_MEMORY;
1561	}
1562
1563	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
1564	rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs);
1565	if (rc != LDAP_SUCCESS) {
1566	char *ld_error = NULL;
1567	int ld_errno;
1568
1569	ldap_get_option(ldap_state->ldap_struct,
1570	LDAP_OPT_ERROR_NUMBER, &ld_errno);
1571
1572	ldap_get_option(ldap_state->ldap_struct,
1573	LDAP_OPT_ERROR_STRING, &ld_error);
1574	DEBUG(10, ("Failed to add dn: %s, error: %d (%s) "
1575	"(%s)\n", dn, ld_errno,
1576	ldap_err2string(rc),
1577	ld_error ? ld_error : "unknown"));
1578	SAFE_FREE(ld_error);
1579
1580	if (ld_errno == LDAP_SERVER_DOWN) {
1581	ldap_unbind(ldap_state->ldap_struct);
1582	ldap_state->ldap_struct = NULL;
1583	}
1584	}
1585	}
1586
1587	SAFE_FREE(utf8_dn);
1588	return rc;
1589	}
1590
1591	int smbldap_delete(struct smbldap_state ldap_state, const char dn)
1592	{
1593	int rc = LDAP_SERVER_DOWN;
1594	int attempts = 0;
1595	char *utf8_dn;
1596	time_t endtime = time(NULL)+lp_ldap_timeout();
1597	size_t converted_size;
1598
1599	SMB_ASSERT(ldap_state);
1600
1601	DEBUG(5,("smbldap_delete: dn => [%s]\n", dn ));
1602
1603	if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
1604	return LDAP_NO_MEMORY;
1605	}
1606
1607	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
1608	rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn);
1609	if (rc != LDAP_SUCCESS) {
1610	char *ld_error = NULL;
1611	int ld_errno;
1612
1613	ldap_get_option(ldap_state->ldap_struct,
1614	LDAP_OPT_ERROR_NUMBER, &ld_errno);
1615
1616	ldap_get_option(ldap_state->ldap_struct,
1617	LDAP_OPT_ERROR_STRING, &ld_error);
1618	DEBUG(10, ("Failed to delete dn: %s, error: %d (%s) "
1619	"(%s)\n", dn, ld_errno,
1620	ldap_err2string(rc),
1621	ld_error ? ld_error : "unknown"));
1622	SAFE_FREE(ld_error);
1623
1624	if (ld_errno == LDAP_SERVER_DOWN) {
1625	ldap_unbind(ldap_state->ldap_struct);
1626	ldap_state->ldap_struct = NULL;
1627	}
1628	}
1629	}
1630
1631	SAFE_FREE(utf8_dn);
1632	return rc;
1633	}
1634
1635	int smbldap_extended_operation(struct smbldap_state *ldap_state,
1636	LDAP_CONST char reqoid, struct berval reqdata,
1637	LDAPControl serverctrls, LDAPControl clientctrls,
1638	char retoidp, struct berval retdatap)
1639	{
1640	int rc = LDAP_SERVER_DOWN;
1641	int attempts = 0;
1642	time_t endtime = time(NULL)+lp_ldap_timeout();
1643
1644	if (!ldap_state)
1645	return (-1);
1646
1647	while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) {
1648	rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid,
1649	reqdata, serverctrls,
1650	clientctrls, retoidp, retdatap);
1651	if (rc != LDAP_SUCCESS) {
1652	char *ld_error = NULL;
1653	int ld_errno;
1654
1655	ldap_get_option(ldap_state->ldap_struct,
1656	LDAP_OPT_ERROR_NUMBER, &ld_errno);
1657
1658	ldap_get_option(ldap_state->ldap_struct,
1659	LDAP_OPT_ERROR_STRING, &ld_error);
1660	DEBUG(10, ("Extended operation failed with error: "
1661	"%d (%s) (%s)\n", ld_errno,
1662	ldap_err2string(rc),
1663	ld_error ? ld_error : "unknown"));
1664	SAFE_FREE(ld_error);
1665
1666	if (ld_errno == LDAP_SERVER_DOWN) {
1667	ldap_unbind(ldap_state->ldap_struct);
1668	ldap_state->ldap_struct = NULL;
1669	}
1670	}
1671	}
1672
1673	return rc;
1674	}
1675
1676	/*******************************************************************
1677	run the search by name.
1678	******************************************************************/
1679	int smbldap_search_suffix (struct smbldap_state *ldap_state,
1680	const char filter, const char *search_attr,
1681	LDAPMessage ** result)
1682	{
1683	return smbldap_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE,
1684	filter, search_attr, 0, result);
1685	}
1686
1687	static void smbldap_idle_fn(struct event_context *event_ctx,
1688	struct timed_event *te,
1689	struct timeval now,
1690	void *private_data)
1691	{
1692	struct smbldap_state state = (struct smbldap_state )private_data;
1693
1694	TALLOC_FREE(state->idle_event);
1695
1696	if (state->ldap_struct == NULL) {
1697	DEBUG(10,("ldap connection not connected...\n"));
1698	return;
1699	}
1700
1701	if ((state->last_use+SMBLDAP_IDLE_TIME) > now.tv_sec) {
1702	DEBUG(10,("ldap connection not idle...\n"));
1703
1704	state->idle_event = event_add_timed(
1705	event_ctx, NULL,
1706	timeval_add(&now, SMBLDAP_IDLE_TIME, 0),
1707	smbldap_idle_fn,
1708	private_data);
1709	return;
1710	}
1711
1712	DEBUG(7,("ldap connection idle...closing connection\n"));
1713	smbldap_close(state);
1714	}
1715
1716	/**********************************************************************
1717	Housekeeping
1718	*********************************************************************/
1719
1720	void smbldap_free_struct(struct smbldap_state **ldap_state)
1721	{
1722	smbldap_close(*ldap_state);
1723
1724	if ((*ldap_state)->bind_secret) {
1725	memset((ldap_state)->bind_secret, '\0', strlen((ldap_state)->bind_secret));
1726	}
1727
1728	SAFE_FREE((*ldap_state)->bind_dn);
1729	SAFE_FREE((*ldap_state)->bind_secret);
1730
1731	TALLOC_FREE((*ldap_state)->idle_event);
1732
1733	*ldap_state = NULL;
1734
1735	/* No need to free any further, as it is talloc()ed */
1736	}
1737
1738
1739	/**********************************************************************
1740	Intitalise the 'general' ldap structures, on which ldap operations may be conducted
1741	*********************************************************************/
1742
1743	NTSTATUS smbldap_init(TALLOC_CTX mem_ctx, struct event_context event_ctx,
1744	const char *location,
1745	struct smbldap_state **smbldap_state)
1746	{
1747	*smbldap_state = TALLOC_ZERO_P(mem_ctx, struct smbldap_state);
1748	if (!*smbldap_state) {
1749	DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
1750	return NT_STATUS_NO_MEMORY;
1751	}
1752
1753	if (location) {
1754	(*smbldap_state)->uri = talloc_strdup(mem_ctx, location);
1755	} else {
1756	(*smbldap_state)->uri = "ldap://localhost";
1757	}
1758
1759	(*smbldap_state)->event_context = event_ctx;
1760
1761	return NT_STATUS_OK;
1762	}
1763
1764	/*******************************************************************
1765	Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX.
1766	********************************************************************/
1767	char smbldap_get_dn(LDAP ld, LDAPMessage *entry)
1768	{
1769	char utf8_dn, unix_dn;
1770	size_t converted_size;
1771
1772	utf8_dn = ldap_get_dn(ld, entry);
1773	if (!utf8_dn) {
1774	DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n"));
1775	return NULL;
1776	}
1777	if (!pull_utf8_allocate(&unix_dn, utf8_dn, &converted_size)) {
1778	DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 "
1779	"[%s]\n", utf8_dn));
1780	return NULL;
1781	}
1782	ldap_memfree(utf8_dn);
1783	return unix_dn;
1784	}
1785
1786	const char smbldap_talloc_dn(TALLOC_CTX mem_ctx, LDAP *ld,
1787	LDAPMessage *entry)
1788	{
1789	char utf8_dn, unix_dn;
1790	size_t converted_size;
1791
1792	utf8_dn = ldap_get_dn(ld, entry);
1793	if (!utf8_dn) {
1794	DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n"));
1795	return NULL;
1796	}
1797	if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) {
1798	DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 "
1799	"[%s]\n", utf8_dn));
1800	return NULL;
1801	}
1802	ldap_memfree(utf8_dn);
1803	return unix_dn;
1804	}
1805
1806	/*******************************************************************
1807	Check if root-dse has a certain Control or Extension
1808	********************************************************************/
1809
1810	static bool smbldap_check_root_dse(LDAP ld, const char attrs, const char value)
1811	{
1812	LDAPMessage *msg = NULL;
1813	LDAPMessage *entry = NULL;
1814	char **values = NULL;
1815	int rc, num_result, num_values, i;
1816	bool result = False;
1817
1818	if (!attrs[0]) {
1819	DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
1820	return False;
1821	}
1822
1823	if (!strequal(attrs[0], "supportedExtension") &&
1824	!strequal(attrs[0], "supportedControl") &&
1825	!strequal(attrs[0], "namingContexts")) {
1826	DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
1827	return False;
1828	}
1829
1830	rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE,
1831	"(objectclass=)", CONST_DISCARD(char *, attrs), 0 , &msg);
1832
1833	if (rc != LDAP_SUCCESS) {
1834	DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
1835	return False;
1836	}
1837
1838	num_result = ldap_count_entries(ld, msg);
1839
1840	if (num_result != 1) {
1841	DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
1842	goto done;
1843	}
1844
1845	entry = ldap_first_entry(ld, msg);
1846
1847	if (entry == NULL) {
1848	DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
1849	goto done;
1850	}
1851
1852	values = ldap_get_values(ld, entry, attrs[0]);
1853
1854	if (values == NULL) {
1855	DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
1856	goto done;
1857	}
1858
1859	num_values = ldap_count_values(values);
1860
1861	if (num_values == 0) {
1862	DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
1863	goto done;
1864	}
1865
1866	for (i=0; i<num_values; i++) {
1867	if (strcmp(values[i], value) == 0)
1868	result = True;
1869	}
1870
1871
1872	done:
1873	if (values != NULL)
1874	ldap_value_free(values);
1875	if (msg != NULL)
1876	ldap_msgfree(msg);
1877
1878	return result;
1879
1880	}
1881
1882	/*******************************************************************
1883	Check if LDAP-Server supports a certain Control (OID in string format)
1884	********************************************************************/
1885
1886	bool smbldap_has_control(LDAP ld, const char control)
1887	{
1888	const char *attrs[] = { "supportedControl", NULL };
1889	return smbldap_check_root_dse(ld, attrs, control);
1890	}
1891
1892	/*******************************************************************
1893	Check if LDAP-Server supports a certain Extension (OID in string format)
1894	********************************************************************/
1895
1896	bool smbldap_has_extension(LDAP ld, const char extension)
1897	{
1898	const char *attrs[] = { "supportedExtension", NULL };
1899	return smbldap_check_root_dse(ld, attrs, extension);
1900	}
1901
1902	/*******************************************************************
1903	Check if LDAP-Server holds a given namingContext
1904	********************************************************************/
1905
1906	bool smbldap_has_naming_context(LDAP ld, const char naming_context)
1907	{
1908	const char *attrs[] = { "namingContexts", NULL };
1909	return smbldap_check_root_dse(ld, attrs, naming_context);
1910	}
1911
1912	bool smbldap_set_creds(struct smbldap_state ldap_state, bool anon, const char dn, const char *secret)
1913	{
1914	ldap_state->anonymous = anon;
1915
1916	/* free any previously set credential */
1917
1918	SAFE_FREE(ldap_state->bind_dn);
1919	if (ldap_state->bind_secret) {
1920	/* make sure secrets are zeroed out of memory */
1921	memset(ldap_state->bind_secret, '\0', strlen(ldap_state->bind_secret));
1922	SAFE_FREE(ldap_state->bind_secret);
1923	}
1924
1925	if ( ! anon) {
1926	ldap_state->bind_dn = SMB_STRDUP(dn);
1927	ldap_state->bind_secret = SMB_STRDUP(secret);
1928	}
1929
1930	return True;
1931	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: