Changeset 745 for trunk/server/source3/passdb/pdb_ads.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/passdb/pdb_ads.c (modified) (74 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/passdb/pdb_ads.c
r414 r745 19 19 20 20 #include "includes.h" 21 #include "passdb.h" 22 #include "tldap.h" 23 #include "tldap_util.h" 24 #include "../libds/common/flags.h" 25 #include "secrets.h" 26 #include "../librpc/gen_ndr/samr.h" 27 #include "../libcli/ldap/ldap_ndr.h" 28 #include "../libcli/security/security.h" 29 #include "../libds/common/flag_mapping.h" 21 30 22 31 struct pdb_ads_state { … … 35 44 }; 36 45 37 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,38 struct samu *sam_acct,39 const DOM_SID *sid);40 46 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, 41 DOM_SID*sid);47 struct dom_sid *sid); 42 48 static bool pdb_ads_dnblob2sid(struct pdb_ads_state *state, DATA_BLOB *dnblob, 43 49 struct dom_sid *psid); … … 64 70 return false; 65 71 } 66 *ptime = uint64s_nt_time_to_unix_abs(&tmp);72 *ptime = nt_time_to_unix(tmp); 67 73 return true; 68 74 } … … 151 157 } 152 158 153 sidstr = sid_binstring(talloc_tos(), pdb_get_user_sid(sam));159 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), pdb_get_user_sid(sam)); 154 160 if (sidstr == NULL) { 155 161 return NULL; … … 185 191 struct dom_sid sid; 186 192 uint64_t n; 193 uint32_t i; 187 194 DATA_BLOB blob; 188 195 … … 239 246 if (str != NULL) { 240 247 pdb_set_profile_path(sam, str, PDB_SET); 248 } 249 250 str = tldap_talloc_single_attribute(entry, "comment", 251 talloc_tos()); 252 if (str != NULL) { 253 pdb_set_comment(sam, str, PDB_SET); 254 } 255 256 str = tldap_talloc_single_attribute(entry, "description", 257 talloc_tos()); 258 if (str != NULL) { 259 pdb_set_acct_desc(sam, str, PDB_SET); 260 } 261 262 str = tldap_talloc_single_attribute(entry, "userWorkstations", 263 talloc_tos()); 264 if (str != NULL) { 265 pdb_set_workstations(sam, str, PDB_SET); 266 } 267 268 str = tldap_talloc_single_attribute(entry, "userParameters", 269 talloc_tos()); 270 if (str != NULL) { 271 pdb_set_munged_dial(sam, str, PDB_SET); 241 272 } 242 273 … … 276 307 277 308 } 309 310 if (tldap_pull_uint32(entry, "countryCode", &i)) { 311 pdb_set_country_code(sam, i, PDB_SET); 312 } 313 314 if (tldap_pull_uint32(entry, "codePage", &i)) { 315 pdb_set_code_page(sam, i, PDB_SET); 316 } 317 318 if (tldap_get_single_valueblob(entry, "logonHours", &blob)) { 319 320 if (blob.length > MAX_HOURS_LEN) { 321 status = NT_STATUS_INVALID_PARAMETER; 322 goto fail; 323 } 324 pdb_set_logon_divs(sam, blob.length * 8, PDB_SET); 325 pdb_set_hours_len(sam, blob.length, PDB_SET); 326 pdb_set_hours(sam, blob.data, blob.length, PDB_SET); 327 328 } else { 329 uint8_t hours[21]; 330 pdb_set_logon_divs(sam, sizeof(hours)/8, PDB_SET); 331 pdb_set_hours_len(sam, sizeof(hours), PDB_SET); 332 memset(hours, 0xff, sizeof(hours)); 333 pdb_set_hours(sam, hours, sizeof(hours), PDB_SET); 334 } 335 278 336 status = NT_STATUS_OK; 279 337 fail: … … 282 340 } 283 341 342 static bool pdb_ads_make_time_mod(struct tldap_message *existing, 343 TALLOC_CTX *mem_ctx, 344 struct tldap_mod **pmods, int *pnum_mods, 345 const char *attrib, time_t t) 346 { 347 uint64_t nt_time; 348 349 unix_to_nt_time(&nt_time, t); 350 351 return tldap_make_mod_fmt( 352 existing, mem_ctx, pmods, pnum_mods, attrib, 353 "%llu", nt_time); 354 } 355 284 356 static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, 285 357 struct tldap_message *existing, 286 358 TALLOC_CTX *mem_ctx, 287 int *pnum_mods, struct tldap_mod **pmods,359 struct tldap_mod **pmods, int *pnum_mods, 288 360 struct samu *sam) 289 361 { 290 362 bool ret = true; 291 363 DATA_BLOB blob; 364 const char *pw; 292 365 293 366 /* TODO: All fields :-) */ 294 367 295 368 ret &= tldap_make_mod_fmt( 296 existing, mem_ctx, p num_mods, pmods, "displayName",369 existing, mem_ctx, pmods, pnum_mods, "displayName", 297 370 "%s", pdb_get_fullname(sam)); 298 371 299 blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN); 300 if (blob.data != NULL) { 301 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, 302 "unicodePwd", 1, &blob); 303 } 304 305 blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN); 306 if (blob.data != NULL) { 307 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, 308 "dBCSPwd", 1, &blob); 372 pw = pdb_get_plaintext_passwd(sam); 373 374 /* 375 * If we have the plain text pw, this is probably about to be 376 * set. Is this true always? 377 */ 378 if (pw != NULL) { 379 char *pw_quote; 380 uint8_t *pw_utf16; 381 size_t pw_utf16_len; 382 383 pw_quote = talloc_asprintf(talloc_tos(), "\"%s\"", pw); 384 if (pw_quote == NULL) { 385 ret = false; 386 goto fail; 387 } 388 389 ret &= convert_string_talloc(talloc_tos(), 390 CH_UNIX, CH_UTF16LE, 391 pw_quote, strlen(pw_quote), 392 &pw_utf16, &pw_utf16_len, false); 393 if (!ret) { 394 goto fail; 395 } 396 blob = data_blob_const(pw_utf16, pw_utf16_len); 397 398 ret &= tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods, 399 TLDAP_MOD_REPLACE, 400 "unicodePwd", &blob, 1); 401 TALLOC_FREE(pw_utf16); 402 TALLOC_FREE(pw_quote); 309 403 } 310 404 311 405 ret &= tldap_make_mod_fmt( 312 existing, mem_ctx, p num_mods, pmods, "userAccountControl",406 existing, mem_ctx, pmods, pnum_mods, "userAccountControl", 313 407 "%d", ds_acb2uf(pdb_get_acct_ctrl(sam))); 314 408 315 409 ret &= tldap_make_mod_fmt( 316 existing, mem_ctx, p num_mods, pmods, "homeDirectory",410 existing, mem_ctx, pmods, pnum_mods, "homeDirectory", 317 411 "%s", pdb_get_homedir(sam)); 318 412 319 413 ret &= tldap_make_mod_fmt( 320 existing, mem_ctx, p num_mods, pmods, "homeDrive",414 existing, mem_ctx, pmods, pnum_mods, "homeDrive", 321 415 "%s", pdb_get_dir_drive(sam)); 322 416 323 417 ret &= tldap_make_mod_fmt( 324 existing, mem_ctx, p num_mods, pmods, "scriptPath",418 existing, mem_ctx, pmods, pnum_mods, "scriptPath", 325 419 "%s", pdb_get_logon_script(sam)); 326 420 327 421 ret &= tldap_make_mod_fmt( 328 existing, mem_ctx, p num_mods, pmods, "profilePath",422 existing, mem_ctx, pmods, pnum_mods, "profilePath", 329 423 "%s", pdb_get_profile_path(sam)); 330 424 425 ret &= tldap_make_mod_fmt( 426 existing, mem_ctx, pmods, pnum_mods, "comment", 427 "%s", pdb_get_comment(sam)); 428 429 ret &= tldap_make_mod_fmt( 430 existing, mem_ctx, pmods, pnum_mods, "description", 431 "%s", pdb_get_acct_desc(sam)); 432 433 ret &= tldap_make_mod_fmt( 434 existing, mem_ctx, pmods, pnum_mods, "userWorkstations", 435 "%s", pdb_get_workstations(sam)); 436 437 ret &= tldap_make_mod_fmt( 438 existing, mem_ctx, pmods, pnum_mods, "userParameters", 439 "%s", pdb_get_munged_dial(sam)); 440 441 ret &= tldap_make_mod_fmt( 442 existing, mem_ctx, pmods, pnum_mods, "countryCode", 443 "%i", (int)pdb_get_country_code(sam)); 444 445 ret &= tldap_make_mod_fmt( 446 existing, mem_ctx, pmods, pnum_mods, "codePage", 447 "%i", (int)pdb_get_code_page(sam)); 448 449 ret &= pdb_ads_make_time_mod( 450 existing, mem_ctx, pmods, pnum_mods, "accountExpires", 451 (int)pdb_get_kickoff_time(sam)); 452 453 ret &= tldap_make_mod_blob( 454 existing, mem_ctx, pmods, pnum_mods, "logonHours", 455 data_blob_const(pdb_get_hours(sam), pdb_get_hours_len(sam))); 456 457 fail: 331 458 return ret; 332 459 } … … 368 495 DEBUG(10, ("Expected 1 user, got %d\n", count)); 369 496 TALLOC_FREE(result); 370 return NT_STATUS_ INTERNAL_DB_CORRUPTION;497 return NT_STATUS_NO_SUCH_USER; 371 498 } 372 499 … … 427 554 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m, 428 555 struct samu *sam_acct, 429 const DOM_SID*sid)556 const struct dom_sid *sid) 430 557 { 431 558 struct pdb_ads_state *state = talloc_get_type_abort( … … 433 560 char *sidstr, *filter; 434 561 435 sidstr = sid_binstring(talloc_tos(), sid);562 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 436 563 NT_STATUS_HAVE_NO_MEMORY(sidstr); 437 564 … … 476 603 ok = true; 477 604 ok &= tldap_make_mod_fmt( 478 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "user");605 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "user"); 479 606 ok &= tldap_make_mod_fmt( 480 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",607 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 481 608 name); 482 609 if (!ok) { … … 485 612 486 613 487 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);614 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 488 615 if (rc != TLDAP_SUCCESS) { 489 616 DEBUG(10, ("ldap_add failed %s\n", … … 578 705 579 706 if (!pdb_ads_init_ads_from_sam(state, priv->ldapmsg, talloc_tos(), 580 & num_mods, &mods, sam)) {707 &mods, &num_mods, sam)) { 581 708 return NT_STATUS_NO_MEMORY; 582 709 } … … 587 714 } 588 715 589 rc = tldap_modify(ld, priv->dn, num_mods,mods, NULL, 0,716 rc = tldap_modify(ld, priv->dn, mods, num_mods, NULL, 0, 590 717 NULL, 0); 591 718 TALLOC_FREE(mods); … … 620 747 621 748 static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map, 622 const char *filter) 749 const char *filter, 750 TALLOC_CTX *mem_ctx, 751 struct tldap_message **pmsg) 623 752 { 624 753 struct pdb_ads_state *state = talloc_get_type_abort( … … 640 769 } 641 770 if (talloc_array_length(group) != 1) { 642 DEBUG(10, ("Expected 1 user, got %d\n",771 DEBUG(10, ("Expected 1 group, got %d\n", 643 772 (int)talloc_array_length(group))); 644 773 return NT_STATUS_INTERNAL_DB_CORRUPTION; … … 682 811 } 683 812 813 if (pmsg != NULL) { 814 *pmsg = talloc_move(mem_ctx, &group[0]); 815 } 684 816 TALLOC_FREE(group); 685 817 return NT_STATUS_OK; … … 687 819 688 820 static NTSTATUS pdb_ads_getgrsid(struct pdb_methods *m, GROUP_MAP *map, 689 DOM_SIDsid)821 struct dom_sid sid) 690 822 { 691 823 char *filter; … … 699 831 } 700 832 701 status = pdb_ads_getgrfilter(m, map, filter );833 status = pdb_ads_getgrfilter(m, map, filter, NULL, NULL); 702 834 TALLOC_FREE(filter); 703 835 return status; … … 725 857 } 726 858 727 status = pdb_ads_getgrfilter(m, map, filter );859 status = pdb_ads_getgrfilter(m, map, filter, NULL, NULL); 728 860 TALLOC_FREE(filter); 729 861 return status; … … 760 892 761 893 ok &= tldap_make_mod_fmt( 762 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",894 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 763 895 name); 764 896 ok &= tldap_make_mod_fmt( 765 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "group");897 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group"); 766 898 ok &= tldap_make_mod_fmt( 767 NULL, talloc_tos(), & num_mods, &mods, "groupType",899 NULL, talloc_tos(), &mods, &num_mods, "groupType", 768 900 "%d", (int)GTYPE_SECURITY_GLOBAL_GROUP); 769 901 … … 773 905 } 774 906 775 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);907 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 776 908 if (rc != TLDAP_SUCCESS) { 777 909 DEBUG(10, ("ldap_add failed %s\n", … … 825 957 sid_compose(&sid, &state->domainsid, rid); 826 958 827 sidstr = sid_binstring(talloc_tos(), &sid);959 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid); 828 960 NT_STATUS_HAVE_NO_MEMORY(sidstr); 829 961 … … 879 1011 GROUP_MAP *map) 880 1012 { 1013 struct pdb_ads_state *state = talloc_get_type_abort( 1014 m->private_data, struct pdb_ads_state); 1015 struct tldap_context *ld; 1016 struct tldap_mod *mods = NULL; 1017 char *filter; 1018 struct tldap_message *existing; 1019 char *dn; 1020 GROUP_MAP existing_map; 1021 int rc, num_mods = 0; 1022 bool ret; 1023 NTSTATUS status; 1024 1025 ld = pdb_ads_ld(state); 1026 if (ld == NULL) { 1027 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN); 1028 } 1029 1030 filter = talloc_asprintf(talloc_tos(), 1031 "(&(objectsid=%s)(objectclass=group))", 1032 sid_string_talloc(talloc_tos(), &map->sid)); 1033 if (filter == NULL) { 1034 return NT_STATUS_NO_MEMORY; 1035 } 1036 status = pdb_ads_getgrfilter(m, &existing_map, filter, 1037 talloc_tos(), &existing); 1038 TALLOC_FREE(filter); 1039 1040 if (!tldap_entry_dn(existing, &dn)) { 1041 return NT_STATUS_LDAP(TLDAP_DECODING_ERROR); 1042 } 1043 1044 ret = true; 1045 1046 ret &= tldap_make_mod_fmt( 1047 existing, talloc_tos(), &mods, &num_mods, "description", 1048 "%s", map->comment); 1049 ret &= tldap_make_mod_fmt( 1050 existing, talloc_tos(), &mods, &num_mods, "samaccountname", 1051 "%s", map->nt_name); 1052 1053 if (!ret) { 1054 return NT_STATUS_NO_MEMORY; 1055 } 1056 1057 if (num_mods == 0) { 1058 TALLOC_FREE(existing); 1059 return NT_STATUS_OK; 1060 } 1061 1062 rc = tldap_modify(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1063 if (rc != TLDAP_SUCCESS) { 1064 DEBUG(10, ("ldap_modify for %s failed: %s\n", dn, 1065 tldap_errstr(talloc_tos(), ld, rc))); 1066 TALLOC_FREE(existing); 1067 return NT_STATUS_LDAP(rc); 1068 } 1069 TALLOC_FREE(existing); 1070 return NT_STATUS_OK; 1071 } 1072 1073 static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m, 1074 struct dom_sid sid) 1075 { 881 1076 return NT_STATUS_NOT_IMPLEMENTED; 882 1077 } 883 1078 884 static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,885 DOM_SID sid)886 {887 return NT_STATUS_NOT_IMPLEMENTED;888 }889 890 1079 static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m, 891 const DOM_SID*sid,1080 const struct dom_sid *sid, 892 1081 enum lsa_SidType sid_name_use, 893 1082 GROUP_MAP **pp_rmap, … … 900 1089 static NTSTATUS pdb_ads_enum_group_members(struct pdb_methods *m, 901 1090 TALLOC_CTX *mem_ctx, 902 const DOM_SID*group,1091 const struct dom_sid *group, 903 1092 uint32 **pmembers, 904 1093 size_t *pnum_members) … … 913 1102 uint32_t *members; 914 1103 915 sidstr = sid_binstring(talloc_tos(), group);1104 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), group); 916 1105 NT_STATUS_HAVE_NO_MEMORY(sidstr); 917 1106 … … 936 1125 } 937 1126 938 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) { 939 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1127 if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) { 1128 *pmembers = NULL; 1129 *pnum_members = 0; 1130 return NT_STATUS_OK; 940 1131 } 941 1132 … … 962 1153 TALLOC_CTX *mem_ctx, 963 1154 struct samu *user, 964 DOM_SID**pp_sids,1155 struct dom_sid **pp_sids, 965 1156 gid_t **pp_gids, 966 size_t *p_num_groups)1157 uint32_t *p_num_groups) 967 1158 { 968 1159 struct pdb_ads_state *state = talloc_get_type_abort( 969 1160 m->private_data, struct pdb_ads_state); 970 struct pdb_ads_samu_private *priv = pdb_ads_get_samu_private( 971 m, user); 1161 struct pdb_ads_samu_private *priv; 972 1162 const char *attrs[1] = { "objectSid" }; 973 1163 struct tldap_message **groups; … … 977 1167 gid_t *gids; 978 1168 979 rc = pdb_ads_search_fmt( 980 state, state->domaindn, TLDAP_SCOPE_SUB, 981 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups, 982 "(&(member=%s)(grouptype=%d)(objectclass=group))", 983 priv->dn, GTYPE_SECURITY_GLOBAL_GROUP); 984 if (rc != TLDAP_SUCCESS) { 985 DEBUG(10, ("ldap_search failed %s\n", 986 tldap_errstr(talloc_tos(), state->ld, rc))); 987 return NT_STATUS_LDAP(rc); 988 } 989 990 count = talloc_array_length(groups); 991 992 group_sids = talloc_array(mem_ctx, struct dom_sid, count); 1169 priv = pdb_ads_get_samu_private(m, user); 1170 if (priv != NULL) { 1171 rc = pdb_ads_search_fmt( 1172 state, state->domaindn, TLDAP_SCOPE_SUB, 1173 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups, 1174 "(&(member=%s)(grouptype=%d)(objectclass=group))", 1175 priv->dn, GTYPE_SECURITY_GLOBAL_GROUP); 1176 if (rc != TLDAP_SUCCESS) { 1177 DEBUG(10, ("ldap_search failed %s\n", 1178 tldap_errstr(talloc_tos(), state->ld, rc))); 1179 return NT_STATUS_LDAP(rc); 1180 } 1181 count = talloc_array_length(groups); 1182 } else { 1183 /* 1184 * This happens for artificial samu users 1185 */ 1186 DEBUG(10, ("Could not get pdb_ads_samu_private\n")); 1187 count = 0; 1188 } 1189 1190 group_sids = talloc_array(mem_ctx, struct dom_sid, count+1); 993 1191 if (group_sids == NULL) { 994 1192 return NT_STATUS_NO_MEMORY; 995 1193 } 996 gids = talloc_array(mem_ctx, gid_t, count );1194 gids = talloc_array(mem_ctx, gid_t, count+1); 997 1195 if (gids == NULL) { 998 1196 TALLOC_FREE(group_sids); 999 1197 return NT_STATUS_NO_MEMORY; 1000 1198 } 1001 num_groups = 0; 1199 1200 sid_copy(&group_sids[0], pdb_get_group_sid(user)); 1201 if (!sid_to_gid(&group_sids[0], &gids[0])) { 1202 TALLOC_FREE(gids); 1203 TALLOC_FREE(group_sids); 1204 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1205 } 1206 num_groups = 1; 1002 1207 1003 1208 for (i=0; i<count; i++) { … … 1039 1244 char *groupdn, *memberdn; 1040 1245 struct tldap_mod *mods; 1246 int num_mods; 1041 1247 int rc; 1042 1248 NTSTATUS status; … … 1062 1268 1063 1269 mods = NULL; 1064 1065 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op, 1270 num_mods = 0; 1271 1272 if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op, 1066 1273 "member", memberdn)) { 1067 1274 TALLOC_FREE(frame); … … 1069 1276 } 1070 1277 1071 rc = tldap_modify(ld, groupdn, 1,mods, NULL, 0, NULL, 0);1278 rc = tldap_modify(ld, groupdn, mods, num_mods, NULL, 0, NULL, 0); 1072 1279 TALLOC_FREE(frame); 1073 1280 if (rc != TLDAP_SUCCESS) { 1074 1281 DEBUG(10, ("ldap_modify failed: %s\n", 1075 1282 tldap_errstr(talloc_tos(), state->ld, rc))); 1076 if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) { 1283 if ((mod_op == TLDAP_MOD_ADD) && 1284 (rc == TLDAP_ALREADY_EXISTS)) { 1077 1285 return NT_STATUS_MEMBER_IN_GROUP; 1078 1286 } 1079 if (rc == TLDAP_NO_SUCH_ATTRIBUTE) { 1287 if ((mod_op == TLDAP_MOD_DELETE) && 1288 (rc == TLDAP_UNWILLING_TO_PERFORM)) { 1080 1289 return NT_STATUS_MEMBER_NOT_IN_GROUP; 1081 1290 } … … 1131 1340 1132 1341 ok &= tldap_make_mod_fmt( 1133 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",1342 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 1134 1343 name); 1135 1344 ok &= tldap_make_mod_fmt( 1136 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "group");1345 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group"); 1137 1346 ok &= tldap_make_mod_fmt( 1138 NULL, talloc_tos(), & num_mods, &mods, "groupType",1347 NULL, talloc_tos(), &mods, &num_mods, "groupType", 1139 1348 "%d", (int)GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); 1140 1349 … … 1144 1353 } 1145 1354 1146 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);1355 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1147 1356 if (rc != TLDAP_SUCCESS) { 1148 1357 DEBUG(10, ("ldap_add failed %s\n", … … 1183 1392 1184 1393 static NTSTATUS pdb_ads_delete_alias(struct pdb_methods *m, 1185 const DOM_SID*sid)1394 const struct dom_sid *sid) 1186 1395 { 1187 1396 struct pdb_ads_state *state = talloc_get_type_abort( … … 1189 1398 struct tldap_context *ld; 1190 1399 struct tldap_message **alias; 1191 char *sidstr, *dn ;1400 char *sidstr, *dn = NULL; 1192 1401 int rc; 1193 1402 … … 1197 1406 } 1198 1407 1199 sidstr = sid_binstring(talloc_tos(), sid);1408 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1200 1409 if (sidstr == NULL) { 1201 1410 return NT_STATUS_NO_MEMORY; … … 1212 1421 DEBUG(10, ("ldap_search failed: %s\n", 1213 1422 tldap_errstr(talloc_tos(), state->ld, rc))); 1214 TALLOC_FREE(dn);1215 1423 return NT_STATUS_LDAP(rc); 1216 1424 } … … 1230 1438 DEBUG(10, ("ldap_delete failed: %s\n", 1231 1439 tldap_errstr(talloc_tos(), state->ld, rc))); 1232 TALLOC_FREE(dn);1233 1440 return NT_STATUS_LDAP(rc); 1234 1441 } … … 1238 1445 1239 1446 static NTSTATUS pdb_ads_set_aliasinfo(struct pdb_methods *m, 1240 const DOM_SID*sid,1447 const struct dom_sid *sid, 1241 1448 struct acct_info *info) 1242 1449 { … … 1258 1465 } 1259 1466 1260 sidstr = sid_binstring(talloc_tos(), sid);1467 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1261 1468 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1262 1469 … … 1292 1499 1293 1500 ok &= tldap_make_mod_fmt( 1294 msg[0], msg, & num_mods, &mods, "description",1501 msg[0], msg, &mods, &num_mods, "description", 1295 1502 "%s", info->acct_desc); 1296 1503 ok &= tldap_make_mod_fmt( 1297 msg[0], msg, & num_mods, &mods, "samAccountName",1504 msg[0], msg, &mods, &num_mods, "samAccountName", 1298 1505 "%s", info->acct_name); 1299 1506 if (!ok) { … … 1307 1514 } 1308 1515 1309 rc = tldap_modify(ld, dn, num_mods,mods, NULL, 0, NULL, 0);1516 rc = tldap_modify(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1310 1517 TALLOC_FREE(msg); 1311 1518 if (rc != TLDAP_SUCCESS) { … … 1325 1532 int rc; 1326 1533 1327 sidstr = sid_binstring(talloc_tos(), sid);1534 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1328 1535 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1329 1536 … … 1362 1569 1363 1570 static NTSTATUS pdb_ads_mod_aliasmem(struct pdb_methods *m, 1364 const DOM_SID*alias,1365 const DOM_SID*member,1571 const struct dom_sid *alias, 1572 const struct dom_sid *member, 1366 1573 int mod_op) 1367 1574 { … … 1371 1578 TALLOC_CTX *frame = talloc_stackframe(); 1372 1579 struct tldap_mod *mods; 1580 int num_mods; 1373 1581 int rc; 1374 1582 char *aliasdn, *memberdn; … … 1396 1604 1397 1605 mods = NULL; 1398 1399 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op, 1606 num_mods = 0; 1607 1608 if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op, 1400 1609 "member", memberdn)) { 1401 1610 TALLOC_FREE(frame); … … 1403 1612 } 1404 1613 1405 rc = tldap_modify(ld, aliasdn, 1,mods, NULL, 0, NULL, 0);1614 rc = tldap_modify(ld, aliasdn, mods, num_mods, NULL, 0, NULL, 0); 1406 1615 TALLOC_FREE(frame); 1407 1616 if (rc != TLDAP_SUCCESS) { … … 1421 1630 1422 1631 static NTSTATUS pdb_ads_add_aliasmem(struct pdb_methods *m, 1423 const DOM_SID*alias,1424 const DOM_SID*member)1632 const struct dom_sid *alias, 1633 const struct dom_sid *member) 1425 1634 { 1426 1635 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_ADD); … … 1428 1637 1429 1638 static NTSTATUS pdb_ads_del_aliasmem(struct pdb_methods *m, 1430 const DOM_SID*alias,1431 const DOM_SID*member)1639 const struct dom_sid *alias, 1640 const struct dom_sid *member) 1432 1641 { 1433 1642 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_DELETE); … … 1466 1675 1467 1676 static NTSTATUS pdb_ads_enum_aliasmem(struct pdb_methods *m, 1468 const DOM_SID*alias,1677 const struct dom_sid *alias, 1469 1678 TALLOC_CTX *mem_ctx, 1470 DOM_SID**pmembers,1679 struct dom_sid **pmembers, 1471 1680 size_t *pnum_members) 1472 1681 { … … 1480 1689 struct dom_sid *members; 1481 1690 1482 sidstr = sid_binstring(talloc_tos(), alias);1691 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), alias); 1483 1692 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1484 1693 … … 1503 1712 } 1504 1713 1505 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) { 1506 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1714 if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) { 1715 *pmembers = NULL; 1716 *pnum_members = 0; 1717 return NT_STATUS_OK; 1507 1718 } 1508 1719 … … 1526 1737 static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m, 1527 1738 TALLOC_CTX *mem_ctx, 1528 const DOM_SID*domain_sid,1529 const DOM_SID*members,1739 const struct dom_sid *domain_sid, 1740 const struct dom_sid *members, 1530 1741 size_t num_members, 1531 1742 uint32_t **palias_rids, … … 1535 1746 m->private_data, struct pdb_ads_state); 1536 1747 const char *attrs[1] = { "objectSid" }; 1537 struct tldap_message **msg ;1748 struct tldap_message **msg = NULL; 1538 1749 uint32_t *alias_rids = NULL; 1539 1750 size_t num_alias_rids = 0; … … 1621 1832 1622 1833 static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m, 1623 const DOM_SID*domain_sid,1834 const struct dom_sid *domain_sid, 1624 1835 int num_rids, 1625 1836 uint32 *rids, … … 1649 1860 sid_compose(&sid, domain_sid, rids[i]); 1650 1861 1651 sidstr = sid_binstring(talloc_tos(), &sid);1862 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid); 1652 1863 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1653 1864 … … 1697 1908 1698 1909 static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m, 1699 const DOM_SID*domain_sid,1910 const struct dom_sid *domain_sid, 1700 1911 int num_names, 1701 1912 const char **pp_names, … … 1777 1988 struct pdb_search *search, 1778 1989 const char *filter, 1990 uint32_t acct_flags, 1779 1991 struct pdb_ads_search_state **pstate) 1780 1992 { … … 1791 2003 return false; 1792 2004 } 2005 sstate->acct_flags = acct_flags; 1793 2006 1794 2007 rc = pdb_ads_search_fmt( … … 1816 2029 struct samr_displayentry *e; 1817 2030 struct dom_sid sid; 2031 uint32_t ctrl; 1818 2032 1819 2033 e = &sstate->entries[sstate->num_entries]; … … 1825 2039 } 1826 2040 sid_peek_rid(&sid, &e->rid); 1827 e->acct_flags = ACB_NORMAL; 1828 e->account_name = tldap_talloc_single_attribute( 1829 users[i], "samAccountName", sstate->entries); 2041 2042 if (tldap_pull_uint32(users[i], "userAccountControl", &ctrl)) { 2043 2044 e->acct_flags = ds_uf2acb(ctrl); 2045 2046 DEBUG(10, ("pdb_ads_search_filter: Found %x, " 2047 "filter %x\n", (int)e->acct_flags, 2048 (int)sstate->acct_flags)); 2049 2050 2051 if ((sstate->acct_flags != 0) && 2052 ((sstate->acct_flags & e->acct_flags) == 0)) { 2053 continue; 2054 } 2055 2056 if (e->acct_flags & (ACB_WSTRUST|ACB_SVRTRUST)) { 2057 e->acct_flags |= ACB_NORMAL; 2058 } 2059 } else { 2060 e->acct_flags = ACB_NORMAL; 2061 } 2062 2063 if (e->rid == DOMAIN_RID_GUEST) { 2064 /* 2065 * Guest is specially crafted in s3. Make 2066 * QueryDisplayInfo match QueryUserInfo 2067 */ 2068 e->account_name = lp_guestaccount(); 2069 e->fullname = lp_guestaccount(); 2070 e->description = ""; 2071 e->acct_flags = ACB_NORMAL; 2072 } else { 2073 e->account_name = tldap_talloc_single_attribute( 2074 users[i], "samAccountName", sstate->entries); 2075 e->fullname = tldap_talloc_single_attribute( 2076 users[i], "displayName", sstate->entries); 2077 e->description = tldap_talloc_single_attribute( 2078 users[i], "description", sstate->entries); 2079 } 1830 2080 if (e->account_name == NULL) { 1831 2081 return false; 1832 2082 } 1833 e->fullname = tldap_talloc_single_attribute(1834 users[i], "displayName", sstate->entries);1835 2083 if (e->fullname == NULL) { 1836 2084 e->fullname = ""; 1837 2085 } 1838 e->description = tldap_talloc_single_attribute(1839 users[i], "description", sstate->entries);1840 2086 if (e->description == NULL) { 1841 2087 e->description = ""; … … 1860 2106 { 1861 2107 struct pdb_ads_search_state *sstate; 2108 char *filter; 1862 2109 bool ret; 1863 2110 1864 ret = pdb_ads_search_filter(m, search, "(objectclass=user)", &sstate); 2111 DEBUG(10, ("pdb_ads_search_users got flags %x\n", acct_flags)); 2112 2113 if (acct_flags & ACB_NORMAL) { 2114 filter = talloc_asprintf( 2115 talloc_tos(), 2116 "(&(objectclass=user)(sAMAccountType=%d))", 2117 ATYPE_NORMAL_ACCOUNT); 2118 } else if (acct_flags & ACB_WSTRUST) { 2119 filter = talloc_asprintf( 2120 talloc_tos(), 2121 "(&(objectclass=user)(sAMAccountType=%d))", 2122 ATYPE_WORKSTATION_TRUST); 2123 } else { 2124 filter = talloc_strdup(talloc_tos(), "(objectclass=user)"); 2125 } 2126 if (filter == NULL) { 2127 return false; 2128 } 2129 2130 ret = pdb_ads_search_filter(m, search, filter, acct_flags, &sstate); 2131 TALLOC_FREE(filter); 1865 2132 if (!ret) { 1866 2133 return false; 1867 2134 } 1868 sstate->acct_flags = acct_flags;1869 2135 return true; 1870 2136 } … … 1883 2149 return false; 1884 2150 } 1885 ret = pdb_ads_search_filter(m, search, filter, &sstate);2151 ret = pdb_ads_search_filter(m, search, filter, 0, &sstate); 1886 2152 TALLOC_FREE(filter); 1887 2153 if (!ret) { 1888 2154 return false; 1889 2155 } 1890 sstate->acct_flags = 0;1891 2156 return true; 1892 2157 } … … 1894 2159 static bool pdb_ads_search_aliases(struct pdb_methods *m, 1895 2160 struct pdb_search *search, 1896 const DOM_SID*sid)2161 const struct dom_sid *sid) 1897 2162 { 1898 2163 struct pdb_ads_search_state *sstate; … … 1909 2174 return false; 1910 2175 } 1911 ret = pdb_ads_search_filter(m, search, filter, &sstate);2176 ret = pdb_ads_search_filter(m, search, filter, 0, &sstate); 1912 2177 TALLOC_FREE(filter); 1913 2178 if (!ret) { 1914 2179 return false; 1915 2180 } 1916 sstate->acct_flags = 0;1917 2181 return true; 1918 2182 } 1919 2183 1920 2184 static bool pdb_ads_uid_to_sid(struct pdb_methods *m, uid_t uid, 1921 DOM_SID*sid)2185 struct dom_sid *sid) 1922 2186 { 1923 2187 struct pdb_ads_state *state = talloc_get_type_abort( … … 1928 2192 1929 2193 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, 1930 DOM_SID*sid)2194 struct dom_sid *sid) 1931 2195 { 1932 2196 struct pdb_ads_state *state = talloc_get_type_abort( … … 1936 2200 } 1937 2201 1938 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const DOM_SID*sid,2202 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid, 1939 2203 union unid_t *id, enum lsa_SidType *type) 1940 2204 { 1941 2205 struct pdb_ads_state *state = talloc_get_type_abort( 1942 2206 m->private_data, struct pdb_ads_state); 2207 const char *attrs[4] = { "objectClass", "samAccountType", 2208 "uidNumber", "gidNumber" }; 1943 2209 struct tldap_message **msg; 1944 char *sidstr ;1945 uint32_t rid;2210 char *sidstr, *base; 2211 uint32_t atype; 1946 2212 int rc; 1947 1948 /* 1949 * This is a big, big hack: Just hard-code the rid as uid/gid. 1950 */ 1951 1952 sid_peek_rid(sid, &rid); 1953 1954 sidstr = sid_binstring(talloc_tos(), sid); 2213 bool ret = false; 2214 2215 sidstr = sid_binstring_hex(sid); 1955 2216 if (sidstr == NULL) { 1956 2217 return false; 1957 2218 } 2219 base = talloc_asprintf(talloc_tos(), "<SID=%s>", sidstr); 2220 SAFE_FREE(sidstr); 1958 2221 1959 2222 rc = pdb_ads_search_fmt( 1960 state, state->domaindn, TLDAP_SCOPE_SUB, 1961 NULL, 0, 0, talloc_tos(), &msg, 1962 "(&(objectsid=%s)(objectclass=user))", sidstr); 1963 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) { 1964 id->uid = rid; 2223 state, base, TLDAP_SCOPE_BASE, 2224 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg, 2225 "(objectclass=*)"); 2226 TALLOC_FREE(base); 2227 2228 if (rc != TLDAP_SUCCESS) { 2229 DEBUG(10, ("pdb_ads_search_fmt failed: %s\n", 2230 tldap_errstr(talloc_tos(), state->ld, rc))); 2231 return false; 2232 } 2233 if (talloc_array_length(msg) != 1) { 2234 DEBUG(10, ("Got %d objects, expected 1\n", 2235 (int)talloc_array_length(msg))); 2236 goto fail; 2237 } 2238 if (!tldap_pull_uint32(msg[0], "samAccountType", &atype)) { 2239 DEBUG(10, ("samAccountType not found\n")); 2240 goto fail; 2241 } 2242 if (atype == ATYPE_ACCOUNT) { 2243 uint32_t uid; 1965 2244 *type = SID_NAME_USER; 1966 TALLOC_FREE(sidstr); 1967 return true; 1968 } 1969 1970 rc = pdb_ads_search_fmt( 1971 state, state->domaindn, TLDAP_SCOPE_SUB, 1972 NULL, 0, 0, talloc_tos(), &msg, 1973 "(&(objectsid=%s)(objectclass=group))", sidstr); 1974 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) { 1975 id->gid = rid; 2245 if (!tldap_pull_uint32(msg[0], "uidNumber", &uid)) { 2246 DEBUG(10, ("Did not find uidNumber\n")); 2247 goto fail; 2248 } 2249 id->uid = uid; 2250 } else { 2251 uint32_t gid; 1976 2252 *type = SID_NAME_DOM_GRP; 1977 TALLOC_FREE(sidstr); 1978 return true; 1979 } 1980 1981 TALLOC_FREE(sidstr); 1982 return false; 2253 if (!tldap_pull_uint32(msg[0], "gidNumber", &gid)) { 2254 DEBUG(10, ("Did not find gidNumber\n")); 2255 goto fail; 2256 } 2257 id->gid = gid; 2258 } 2259 ret = true; 2260 fail: 2261 TALLOC_FREE(msg); 2262 return ret; 1983 2263 } 1984 2264 … … 1995 2275 static bool pdb_ads_get_trusteddom_pw(struct pdb_methods *m, 1996 2276 const char *domain, char** pwd, 1997 DOM_SID*sid,2277 struct dom_sid *sid, 1998 2278 time_t *pass_last_set_time) 1999 2279 { … … 2003 2283 static bool pdb_ads_set_trusteddom_pw(struct pdb_methods *m, 2004 2284 const char* domain, const char* pwd, 2005 const DOM_SID*sid)2285 const struct dom_sid *sid) 2006 2286 { 2007 2287 return false; … … 2202 2482 ZERO_STRUCT(state->socket_address); 2203 2483 state->socket_address.sun_family = AF_UNIX; 2204 str ncpy(state->socket_address.sun_path, location,2205 sizeof(state->socket_address.sun_path) - 1);2484 strlcpy(state->socket_address.sun_path, location, 2485 sizeof(state->socket_address.sun_path)); 2206 2486 2207 2487 ld = pdb_ads_ld(state); … … 2231 2511 state->configdn = tldap_talloc_single_attribute( 2232 2512 rootdse, "configurationNamingContext", state); 2233 if (state-> domaindn == NULL) {2513 if (state->configdn == NULL) { 2234 2514 DEBUG(10, ("Could not get configurationNamingContext\n")); 2235 2515 status = NT_STATUS_INTERNAL_DB_CORRUPTION; … … 2320 2600 NTSTATUS status; 2321 2601 2322 m = talloc( talloc_autofree_context(), struct pdb_methods);2602 m = talloc(NULL, struct pdb_methods); 2323 2603 if (m == NULL) { 2324 2604 return NT_STATUS_NO_MEMORY;
Note:
See TracChangeset
for help on using the changeset viewer.
