データ構造 | |
struct | _attrib_map_entry |
struct | smbldap_state |
Struct to keep the state for all the ldap stuff [詳細] | |
struct | ldapsam_privates |
型定義 | |
typedef _attrib_map_entry | ATTRIB_MAP_ENTRY |
関数 | |
NTSTATUS | smbldap_init (TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) |
const char * | get_attr_key2string (ATTRIB_MAP_ENTRY table[], int key) |
const char ** | get_attr_list (TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[]) |
void | smbldap_set_mod (LDAPMod ***modlist, int modop, const char *attribute, const char *value) |
void | smbldap_make_mod (LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval) |
BOOL | smbldap_get_single_attribute (LDAP *ldap_struct, LDAPMessage *entry, const char *attribute, char *value, int max_len) |
BOOL | smbldap_get_single_pstring (LDAP *ldap_struct, LDAPMessage *entry, const char *attribute, pstring value) |
char * | smbldap_get_dn (LDAP *ld, LDAPMessage *entry) |
int | smbldap_modify (struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]) |
NTSTATUS | pdb_init_ldapsam_compat (struct pdb_methods **pdb_method, const char *location) |
void | private_data_free_fn (void **result) |
int | ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, const char *user, LDAPMessage **result, const char **attr) |
NTSTATUS | pdb_init_ldapsam (struct pdb_methods **pdb_method, const char *location) |
const char ** | get_userattr_list (TALLOC_CTX *mem_ctx, int schema_ver) |
char * | smbldap_talloc_single_attribute (LDAP *ldap_struct, LDAPMessage *entry, const char *attribute, TALLOC_CTX *mem_ctx) |
void | talloc_autofree_ldapmsg (TALLOC_CTX *mem_ctx, LDAPMessage *result) |
void | talloc_autofree_ldapmod (TALLOC_CTX *mem_ctx, LDAPMod **mod) |
const char * | smbldap_talloc_dn (TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry) |
変数 | |
ATTRIB_MAP_ENTRY | attrib_map_v22 [] |
ATTRIB_MAP_ENTRY | attrib_map_to_delete_v22 [] |
ATTRIB_MAP_ENTRY | attrib_map_v30 [] |
ATTRIB_MAP_ENTRY | attrib_map_to_delete_v30 [] |
ATTRIB_MAP_ENTRY | dominfo_attr_list [] |
ATTRIB_MAP_ENTRY | groupmap_attr_list [] |
ATTRIB_MAP_ENTRY | groupmap_attr_list_to_delete [] |
ATTRIB_MAP_ENTRY | idpool_attr_list [] |
ATTRIB_MAP_ENTRY | sidmap_attr_list [] |
ATTRIB_MAP_ENTRY | trustpw_attr_list [] |
typedef struct _attrib_map_entry ATTRIB_MAP_ENTRY |
NTSTATUS smbldap_init | ( | TALLOC_CTX * | mem_ctx, | |
const char * | location, | |||
struct smbldap_state ** | smbldap_state | |||
) |
参照先 smb_register_idle_event()・smbldap_idle_fn()・talloc_strdup().
参照元 idmap_ldap_alloc_init()・idmap_ldap_db_init()・net_sam_provision()・pdb_init_ldapsam_common().
01595 { 01596 *smbldap_state = TALLOC_ZERO_P(mem_ctx, struct smbldap_state); 01597 if (!*smbldap_state) { 01598 DEBUG(0, ("talloc() failed for ldapsam private_data!\n")); 01599 return NT_STATUS_NO_MEMORY; 01600 } 01601 01602 if (location) { 01603 (*smbldap_state)->uri = talloc_strdup(mem_ctx, location); 01604 } else { 01605 (*smbldap_state)->uri = "ldap://localhost"; 01606 } 01607 01608 (*smbldap_state)->event_id = 01609 smb_register_idle_event(smbldap_idle_fn, (void *)(*smbldap_state), 01610 SMBLDAP_IDLE_TIME); 01611 01612 if ((*smbldap_state)->event_id == SMB_EVENT_ID_INVALID) { 01613 DEBUG(0,("Failed to register LDAP idle event!\n")); 01614 return NT_STATUS_INVALID_HANDLE; 01615 } 01616 01617 return NT_STATUS_OK; 01618 }
const char* get_attr_key2string | ( | ATTRIB_MAP_ENTRY | table[], | |
int | key | |||
) |
参照元 add_new_domain_account_policies()・add_new_domain_info()・get_userattr_key2string()・idmap_ldap_allocate_id()・idmap_ldap_get_hwm()・idmap_ldap_set_hwm()・idmap_ldap_set_mapping()・idmap_ldap_sids_to_unixids()・idmap_ldap_unixids_to_sids()・init_group_from_ldap()・ldapsam_enum_aliasmem()・ldapsam_getgrgid()・ldapsam_getgrnam()・ldapsam_getgrsid()・ldapsam_modify_aliasmem()・pdb_init_ldapsam()・smbldap_search_domain_info()・verify_idpool().
00219 { 00220 int i = 0; 00221 00222 while ( table[i].attrib != LDAP_ATTR_LIST_END ) { 00223 if ( table[i].attrib == key ) 00224 return table[i].name; 00225 i++; 00226 } 00227 00228 return NULL; 00229 }
const char** get_attr_list | ( | TALLOC_CTX * | mem_ctx, | |
ATTRIB_MAP_ENTRY | table[] | |||
) |
参照先 name・talloc_strdup().
参照元 add_new_domain_info()・get_userattr_delete_list()・get_userattr_list()・idmap_ldap_allocate_id()・idmap_ldap_get_hwm()・idmap_ldap_set_hwm()・idmap_ldap_sids_to_unixids()・idmap_ldap_unixids_to_sids()・ldapsam_delete_group_mapping_entry()・ldapsam_map_posixgroup()・ldapsam_search_one_group()・ldapsam_setsamgrent()・ldapsam_update_group_mapping_entry()・smbldap_search_domain_info()・verify_idpool().
00237 { 00238 const char **names; 00239 int i = 0; 00240 00241 while ( table[i].attrib != LDAP_ATTR_LIST_END ) 00242 i++; 00243 i++; 00244 00245 names = TALLOC_ARRAY( mem_ctx, const char*, i ); 00246 if ( !names ) { 00247 DEBUG(0,("get_attr_list: out of memory\n")); 00248 return NULL; 00249 } 00250 00251 i = 0; 00252 while ( table[i].attrib != LDAP_ATTR_LIST_END ) { 00253 names[i] = talloc_strdup( names, table[i].name ); 00254 i++; 00255 } 00256 names[i] = NULL; 00257 00258 return names; 00259 }
void smbldap_set_mod | ( | LDAPMod *** | modlist, | |
int | modop, | |||
const char * | attribute, | |||
const char * | value | |||
) |
参照先 push_utf8_allocate()・smb_panic()・strequal().
参照元 add_new_domain_account_policies()・add_new_domain_info()・idmap_ldap_allocate_id()・idmap_ldap_set_hwm()・idmap_ldap_set_mapping()・ldapsam_add_sam_account()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_entry()・ldapsam_map_posixgroup()・ldapsam_modify_aliasmem()・ldapsam_modify_entry()・ldapsam_set_account_policy_in_ldap()・net_sam_provision()・pdb_nds_set_password()・smbldap_make_mod()・verify_idpool().
00390 { 00391 LDAPMod **mods; 00392 int i; 00393 int j; 00394 00395 mods = *modlist; 00396 00397 /* sanity checks on the mod values */ 00398 00399 if (attribute == NULL || *attribute == '\0') { 00400 return; 00401 } 00402 00403 #if 0 /* commented out after discussion with abartlet. Do not reenable. 00404 left here so other do not re-add similar code --jerry */ 00405 if (value == NULL || *value == '\0') 00406 return; 00407 #endif 00408 00409 if (mods == NULL) { 00410 mods = SMB_MALLOC_P(LDAPMod *); 00411 if (mods == NULL) { 00412 smb_panic("smbldap_set_mod: out of memory!\n"); 00413 /* notreached. */ 00414 abort(); 00415 } 00416 mods[0] = NULL; 00417 } 00418 00419 for (i = 0; mods[i] != NULL; ++i) { 00420 if (mods[i]->mod_op == modop && strequal(mods[i]->mod_type, attribute)) 00421 break; 00422 } 00423 00424 if (mods[i] == NULL) { 00425 mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2); 00426 if (mods == NULL) { 00427 smb_panic("smbldap_set_mod: out of memory!\n"); 00428 /* notreached. */ 00429 abort(); 00430 } 00431 mods[i] = SMB_MALLOC_P(LDAPMod); 00432 if (mods[i] == NULL) { 00433 smb_panic("smbldap_set_mod: out of memory!\n"); 00434 /* notreached. */ 00435 abort(); 00436 } 00437 mods[i]->mod_op = modop; 00438 mods[i]->mod_values = NULL; 00439 mods[i]->mod_type = SMB_STRDUP(attribute); 00440 mods[i + 1] = NULL; 00441 } 00442 00443 if (value != NULL) { 00444 char *utf8_value = NULL; 00445 00446 j = 0; 00447 if (mods[i]->mod_values != NULL) { 00448 for (; mods[i]->mod_values[j] != NULL; j++); 00449 } 00450 mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2); 00451 00452 if (mods[i]->mod_values == NULL) { 00453 smb_panic("smbldap_set_mod: out of memory!\n"); 00454 /* notreached. */ 00455 abort(); 00456 } 00457 00458 if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) { 00459 smb_panic("smbldap_set_mod: String conversion failure!\n"); 00460 /* notreached. */ 00461 abort(); 00462 } 00463 00464 mods[i]->mod_values[j] = utf8_value; 00465 00466 mods[i]->mod_values[j + 1] = NULL; 00467 } 00468 *modlist = mods; 00469 }
void smbldap_make_mod | ( | LDAP * | ldap_struct, | |
LDAPMessage * | existing, | |||
LDAPMod *** | mods, | |||
const char * | attribute, | |||
const char * | newval | |||
) |
参照先 smbldap_get_single_attribute()・smbldap_set_mod()・StrCaseCmp().
参照元 idmap_ldap_set_mapping()・init_ldap_from_sam()・ldapsam_get_new_rid()・ldapsam_map_posixgroup()・ldapsam_set_primary_group()・ldapsam_update_group_mapping_entry().
00479 { 00480 char oldval[2048]; /* current largest allowed value is mungeddial */ 00481 BOOL existed; 00482 00483 if (attribute == NULL) { 00484 /* This can actually happen for ldapsam_compat where we for 00485 * example don't have a password history */ 00486 return; 00487 } 00488 00489 if (existing != NULL) { 00490 existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval)); 00491 } else { 00492 existed = False; 00493 *oldval = '\0'; 00494 } 00495 00496 /* all of our string attributes are case insensitive */ 00497 00498 if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) { 00499 00500 /* Believe it or not, but LDAP will deny a delete and 00501 an add at the same time if the values are the 00502 same... */ 00503 DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n", attribute)); 00504 return; 00505 } 00506 00507 if (existed) { 00508 /* There has been no value before, so don't delete it. 00509 * Here's a possible race: We might end up with 00510 * duplicate attributes */ 00511 /* By deleting exactly the value we found in the entry this 00512 * should be race-free in the sense that the LDAP-Server will 00513 * deny the complete operation if somebody changed the 00514 * attribute behind our back. */ 00515 /* This will also allow modifying single valued attributes 00516 * in Novell NDS. In NDS you have to first remove attribute and then 00517 * you could add new value */ 00518 00519 DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval)); 00520 smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); 00521 } 00522 00523 /* Regardless of the real operation (add or modify) 00524 we add the new value here. We rely on deleting 00525 the old value, should it exist. */ 00526 00527 if ((newval != NULL) && (strlen(newval) > 0)) { 00528 DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute, newval)); 00529 smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); 00530 } 00531 }
BOOL smbldap_get_single_attribute | ( | LDAP * | ldap_struct, | |
LDAPMessage * | entry, | |||
const char * | attribute, | |||
char * | value, | |||
int | max_len | |||
) |
参照先 CH_UNIX・CH_UTF8・convert_string()・values.
参照元 init_sam_from_ldap()・ldapsam_extract_rid_from_entry()・smbldap_get_single_pstring()・smbldap_make_mod().
00268 { 00269 char **values; 00270 00271 if ( !attribute ) 00272 return False; 00273 00274 value[0] = '\0'; 00275 00276 if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { 00277 DEBUG (10, ("smbldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute)); 00278 00279 return False; 00280 } 00281 00282 if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len, False) == (size_t)-1) { 00283 DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n", 00284 attribute, values[0])); 00285 ldap_value_free(values); 00286 return False; 00287 } 00288 00289 ldap_value_free(values); 00290 #ifdef DEBUG_PASSWORDS 00291 DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", attribute, value)); 00292 #endif 00293 return True; 00294 }
BOOL smbldap_get_single_pstring | ( | LDAP * | ldap_struct, | |
LDAPMessage * | entry, | |||
const char * | attribute, | |||
pstring | value | |||
) |
参照先 smbldap_get_single_attribute().
参照元 init_group_from_ldap()・init_sam_from_ldap()・ldapsam_get_entry_timestamp()・pdb_init_ldapsam().
00298 { 00299 return smbldap_get_single_attribute(ldap_struct, entry, 00300 attribute, value, 00301 sizeof(pstring)); 00302 }
char* smbldap_get_dn | ( | LDAP * | ld, | |
LDAPMessage * | entry | |||
) |
参照先 pull_utf8_allocate().
参照元 init_sam_from_ldap()・ldapsam_add_sam_account()・ldapsam_modify_aliasmem()・ldapsam_update_sam_account()・pdb_init_ldapsam()・pdb_nds_update_login_attempts().
01624 { 01625 char *utf8_dn, *unix_dn; 01626 01627 utf8_dn = ldap_get_dn(ld, entry); 01628 if (!utf8_dn) { 01629 DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); 01630 return NULL; 01631 } 01632 if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) { 01633 DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn)); 01634 return NULL; 01635 } 01636 ldap_memfree(utf8_dn); 01637 return unix_dn; 01638 }
int smbldap_modify | ( | struct smbldap_state * | ldap_state, | |
const char * | dn, | |||
LDAPMod * | attrs[] | |||
) |
参照先 another_ldap_try()・smbldap_state::ldap_struct・LDAP_SUCCESS・push_utf8_allocate().
参照元 add_new_domain_account_policies()・idmap_ldap_allocate_id()・idmap_ldap_set_hwm()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_entry()・ldapsam_get_new_rid()・ldapsam_map_posixgroup()・ldapsam_modify_aliasmem()・ldapsam_modify_entry()・ldapsam_set_account_policy_in_ldap()・ldapsam_set_primary_group()・ldapsam_update_group_mapping_entry()・pdb_nds_set_password()・verify_idpool().
01369 { 01370 int rc = LDAP_SERVER_DOWN; 01371 int attempts = 0; 01372 char *utf8_dn; 01373 time_t endtime = time(NULL)+lp_ldap_timeout(); 01374 01375 SMB_ASSERT(ldap_state); 01376 01377 DEBUG(5,("smbldap_modify: dn => [%s]\n", dn )); 01378 01379 if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { 01380 return LDAP_NO_MEMORY; 01381 } 01382 01383 while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { 01384 rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs); 01385 if (rc != LDAP_SUCCESS) { 01386 char *ld_error = NULL; 01387 int ld_errno; 01388 01389 ldap_get_option(ldap_state->ldap_struct, 01390 LDAP_OPT_ERROR_NUMBER, &ld_errno); 01391 01392 ldap_get_option(ldap_state->ldap_struct, 01393 LDAP_OPT_ERROR_STRING, &ld_error); 01394 DEBUG(10, ("Failed to modify dn: %s, error: %d (%s) " 01395 "(%s)\n", dn, ld_errno, 01396 ldap_err2string(rc), 01397 ld_error ? ld_error : "unknown")); 01398 SAFE_FREE(ld_error); 01399 01400 if (ld_errno == LDAP_SERVER_DOWN) { 01401 ldap_unbind(ldap_state->ldap_struct); 01402 ldap_state->ldap_struct = NULL; 01403 } 01404 } 01405 } 01406 01407 SAFE_FREE(utf8_dn); 01408 return rc; 01409 }
NTSTATUS pdb_init_ldapsam_compat | ( | struct pdb_methods ** | pdb_method, | |
const char * | location | |||
) |
pdb_ldap.c の 5576 行で定義されています。
参照先 ldapsam_privates::domain_sid・get_global_sam_sid()・pdb_init_ldapsam_common()・ldapsam_privates::schema_ver・sid_copy()・talloc_strdup()・trim_char().
参照元 pdb_init_NDS_ldapsam_compat()・pdb_ldap_init().
05577 { 05578 NTSTATUS nt_status; 05579 struct ldapsam_privates *ldap_state; 05580 char *uri = talloc_strdup( NULL, location ); 05581 05582 trim_char( uri, '\"', '\"' ); 05583 nt_status = pdb_init_ldapsam_common( pdb_method, uri ); 05584 if ( uri ) 05585 TALLOC_FREE( uri ); 05586 05587 if ( !NT_STATUS_IS_OK(nt_status) ) { 05588 return nt_status; 05589 } 05590 05591 (*pdb_method)->name = "ldapsam_compat"; 05592 05593 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); 05594 ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT; 05595 05596 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 05597 05598 return NT_STATUS_OK; 05599 }
void private_data_free_fn | ( | void ** | result | ) |
int ldapsam_search_suffix_by_name | ( | struct ldapsam_privates * | ldap_state, | |
const char * | user, | |||
LDAPMessage ** | result, | |||
const char ** | attr | |||
) |
pdb_ldap.c の 320 行で定義されています。
参照先 all_string_sub()・escape_ldap_string_alloc()・get_objclass_filter()・pstr_sprintf()・ldapsam_privates::schema_ver・smbldap_search_suffix()・ldapsam_privates::smbldap_state.
参照元 ldapsam_add_sam_account()・ldapsam_delete_sam_account()・ldapsam_getsampwnam()・ldapsam_update_sam_account()・pdb_nds_update_login_attempts().
00324 { 00325 pstring filter; 00326 char *escape_user = escape_ldap_string_alloc(user); 00327 00328 if (!escape_user) { 00329 return LDAP_NO_MEMORY; 00330 } 00331 00332 /* 00333 * in the filter expression, replace %u with the real name 00334 * so in ldap filter, %u MUST exist :-) 00335 */ 00336 pstr_sprintf(filter, "(&%s%s)", "(uid=%u)", 00337 get_objclass_filter(ldap_state->schema_ver)); 00338 00339 /* 00340 * have to use this here because $ is filtered out 00341 * in pstring_sub 00342 */ 00343 00344 00345 all_string_sub(filter, "%u", escape_user, sizeof(pstring)); 00346 SAFE_FREE(escape_user); 00347 00348 return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result); 00349 }
NTSTATUS pdb_init_ldapsam | ( | struct pdb_methods ** | pdb_method, | |
const char * | location | |||
) |
pdb_ldap.c の 5605 行で定義されています。
参照先 algorithmic_rid_base()・ldapsam_privates::domain_dn・ldapsam_privates::domain_name・ldapsam_privates::domain_sid・dominfo_attr_list・get_attr_key2string()・get_global_sam_sid()・get_userattr_key2string()・smbldap_state::ldap_struct・ldapsam_add_aliasmem()・ldapsam_add_groupmem()・ldapsam_alias_memberships()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_del_aliasmem()・ldapsam_del_groupmem()・ldapsam_delete_dom_group()・ldapsam_delete_user()・ldapsam_enum_aliasmem()・ldapsam_enum_group_members()・ldapsam_enum_group_memberships()・ldapsam_lookup_rids()・ldapsam_search_aliases()・ldapsam_search_groups()・ldapsam_search_users()・ldapsam_set_primary_group()・ldapsam_sid_to_id()・lp_parm_bool()・pdb_init_ldapsam_common()・ldapsam_privates::schema_ver・secrets_fetch_domain_sid()・secrets_store_domain_sid()・sid_copy()・sid_equal()・sid_to_string()・smb_xstrdup()・smbldap_get_dn()・smbldap_get_single_pstring()・smbldap_search_domain_info()・ldapsam_privates::smbldap_state・string_to_sid()・talloc_strdup()・trim_char().
参照元 pdb_init_NDS_ldapsam()・pdb_ldap_init().
05606 { 05607 NTSTATUS nt_status; 05608 struct ldapsam_privates *ldap_state; 05609 uint32 alg_rid_base; 05610 pstring alg_rid_base_string; 05611 LDAPMessage *result = NULL; 05612 LDAPMessage *entry = NULL; 05613 DOM_SID ldap_domain_sid; 05614 DOM_SID secrets_domain_sid; 05615 pstring domain_sid_string; 05616 char *dn; 05617 char *uri = talloc_strdup( NULL, location ); 05618 05619 trim_char( uri, '\"', '\"' ); 05620 nt_status = pdb_init_ldapsam_common(pdb_method, uri); 05621 if ( uri ) 05622 TALLOC_FREE( uri ); 05623 05624 if (!NT_STATUS_IS_OK(nt_status)) { 05625 return nt_status; 05626 } 05627 05628 (*pdb_method)->name = "ldapsam"; 05629 05630 (*pdb_method)->add_aliasmem = ldapsam_add_aliasmem; 05631 (*pdb_method)->del_aliasmem = ldapsam_del_aliasmem; 05632 (*pdb_method)->enum_aliasmem = ldapsam_enum_aliasmem; 05633 (*pdb_method)->enum_alias_memberships = ldapsam_alias_memberships; 05634 (*pdb_method)->search_users = ldapsam_search_users; 05635 (*pdb_method)->search_groups = ldapsam_search_groups; 05636 (*pdb_method)->search_aliases = ldapsam_search_aliases; 05637 05638 if (lp_parm_bool(-1, "ldapsam", "trusted", False)) { 05639 (*pdb_method)->enum_group_members = ldapsam_enum_group_members; 05640 (*pdb_method)->enum_group_memberships = 05641 ldapsam_enum_group_memberships; 05642 (*pdb_method)->lookup_rids = ldapsam_lookup_rids; 05643 (*pdb_method)->sid_to_id = ldapsam_sid_to_id; 05644 05645 if (lp_parm_bool(-1, "ldapsam", "editposix", False)) { 05646 (*pdb_method)->create_user = ldapsam_create_user; 05647 (*pdb_method)->delete_user = ldapsam_delete_user; 05648 (*pdb_method)->create_dom_group = ldapsam_create_dom_group; 05649 (*pdb_method)->delete_dom_group = ldapsam_delete_dom_group; 05650 (*pdb_method)->add_groupmem = ldapsam_add_groupmem; 05651 (*pdb_method)->del_groupmem = ldapsam_del_groupmem; 05652 (*pdb_method)->set_unix_primary_group = ldapsam_set_primary_group; 05653 } 05654 } 05655 05656 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); 05657 ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; 05658 05659 /* Try to setup the Domain Name, Domain SID, algorithmic rid base */ 05660 05661 nt_status = smbldap_search_domain_info(ldap_state->smbldap_state, 05662 &result, 05663 ldap_state->domain_name, True); 05664 05665 if ( !NT_STATUS_IS_OK(nt_status) ) { 05666 DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain " 05667 "info, nor add one to the domain\n")); 05668 DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, " 05669 "will be unable to allocate new users/groups, " 05670 "and will risk BDCs having inconsistant SIDs\n")); 05671 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 05672 return NT_STATUS_OK; 05673 } 05674 05675 /* Given that the above might fail, everything below this must be 05676 * optional */ 05677 05678 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 05679 result); 05680 if (!entry) { 05681 DEBUG(0, ("pdb_init_ldapsam: Could not get domain info " 05682 "entry\n")); 05683 ldap_msgfree(result); 05684 return NT_STATUS_UNSUCCESSFUL; 05685 } 05686 05687 dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); 05688 if (!dn) { 05689 ldap_msgfree(result); 05690 return NT_STATUS_UNSUCCESSFUL; 05691 } 05692 05693 ldap_state->domain_dn = smb_xstrdup(dn); 05694 ldap_memfree(dn); 05695 05696 if (smbldap_get_single_pstring( 05697 ldap_state->smbldap_state->ldap_struct, 05698 entry, 05699 get_userattr_key2string(ldap_state->schema_ver, 05700 LDAP_ATTR_USER_SID), 05701 domain_sid_string)) { 05702 BOOL found_sid; 05703 if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) { 05704 DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be " 05705 "read as a valid SID\n", domain_sid_string)); 05706 ldap_msgfree(result); 05707 return NT_STATUS_INVALID_PARAMETER; 05708 } 05709 found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, 05710 &secrets_domain_sid); 05711 if (!found_sid || !sid_equal(&secrets_domain_sid, 05712 &ldap_domain_sid)) { 05713 fstring new_sid_str, old_sid_str; 05714 DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain " 05715 "%s based on pdb_ldap results %s -> %s\n", 05716 ldap_state->domain_name, 05717 sid_to_string(old_sid_str, 05718 &secrets_domain_sid), 05719 sid_to_string(new_sid_str, 05720 &ldap_domain_sid))); 05721 05722 /* reset secrets.tdb sid */ 05723 secrets_store_domain_sid(ldap_state->domain_name, 05724 &ldap_domain_sid); 05725 DEBUG(1, ("New global sam SID: %s\n", 05726 sid_to_string(new_sid_str, 05727 get_global_sam_sid()))); 05728 } 05729 sid_copy(&ldap_state->domain_sid, &ldap_domain_sid); 05730 } 05731 05732 if (smbldap_get_single_pstring( 05733 ldap_state->smbldap_state->ldap_struct, 05734 entry, 05735 get_attr_key2string( dominfo_attr_list, 05736 LDAP_ATTR_ALGORITHMIC_RID_BASE ), 05737 alg_rid_base_string)) { 05738 alg_rid_base = (uint32)atol(alg_rid_base_string); 05739 if (alg_rid_base != algorithmic_rid_base()) { 05740 DEBUG(0, ("The value of 'algorithmic RID base' has " 05741 "changed since the LDAP\n" 05742 "database was initialised. Aborting. \n")); 05743 ldap_msgfree(result); 05744 return NT_STATUS_UNSUCCESSFUL; 05745 } 05746 } 05747 ldap_msgfree(result); 05748 05749 return NT_STATUS_OK; 05750 }
const char** get_userattr_list | ( | TALLOC_CTX * | mem_ctx, | |
int | schema_ver | |||
) |
pdb_ldap.c の 116 行で定義されています。
参照先 attrib_map_v22・attrib_map_v30・get_attr_list().
参照元 ldapsam_add_sam_account()・ldapsam_get_ldap_user_by_sid()・ldapsam_getsampwnam()・ldapsam_setsampwent()・ldapsam_update_sam_account()・pdb_nds_update_login_attempts().
00117 { 00118 switch ( schema_ver ) { 00119 case SCHEMAVER_SAMBAACCOUNT: 00120 return get_attr_list( mem_ctx, attrib_map_v22 ); 00121 00122 case SCHEMAVER_SAMBASAMACCOUNT: 00123 return get_attr_list( mem_ctx, attrib_map_v30 ); 00124 default: 00125 DEBUG(0,("get_userattr_list: unknown schema version specified!\n")); 00126 break; 00127 } 00128 00129 return NULL; 00130 }
char* smbldap_talloc_single_attribute | ( | LDAP * | ldap_struct, | |
LDAPMessage * | entry, | |||
const char * | attribute, | |||
TALLOC_CTX * | mem_ctx | |||
) |
参照先 pull_utf8_talloc()・result・values.
参照元 idmap_ldap_allocate_id()・idmap_ldap_get_hwm()・idmap_ldap_sids_to_unixids()・idmap_ldap_unixids_to_sids()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_dom_group()・ldapsam_get_new_rid()・ldapsam_lookup_rids().
00307 { 00308 char **values; 00309 char *result; 00310 00311 if (attribute == NULL) { 00312 return NULL; 00313 } 00314 00315 values = ldap_get_values(ldap_struct, entry, attribute); 00316 00317 if (values == NULL) { 00318 DEBUG(10, ("attribute %s does not exist\n", attribute)); 00319 return NULL; 00320 } 00321 00322 if (ldap_count_values(values) != 1) { 00323 DEBUG(10, ("attribute %s has %d values, expected only one\n", 00324 attribute, ldap_count_values(values))); 00325 ldap_value_free(values); 00326 return NULL; 00327 } 00328 00329 if (pull_utf8_talloc(mem_ctx, &result, values[0]) == (size_t)-1) { 00330 DEBUG(10, ("pull_utf8_talloc failed\n")); 00331 ldap_value_free(values); 00332 return NULL; 00333 } 00334 00335 ldap_value_free(values); 00336 00337 #ifdef DEBUG_PASSWORDS 00338 DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", 00339 attribute, result)); 00340 #endif 00341 return result; 00342 }
void talloc_autofree_ldapmsg | ( | TALLOC_CTX * | mem_ctx, | |
LDAPMessage * | result | |||
) |
参照先 handle・ldapmsg_destructor().
参照元 idmap_ldap_allocate_id()・idmap_ldap_get_hwm()・idmap_ldap_set_hwm()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_dom_group()・ldapsam_delete_group_mapping_entry()・ldapsam_delete_user()・ldapsam_get_new_rid()・ldapsam_getsampwnam()・ldapsam_getsampwsid()・ldapsam_lookup_rids()・ldapsam_map_posixgroup()・ldapsam_set_primary_group()・ldapsam_update_group_mapping_entry()・ldapsam_update_sam_account()・pdb_nds_update_login_attempts().
00350 { 00351 LDAPMessage **handle; 00352 00353 if (result == NULL) { 00354 return; 00355 } 00356 00357 handle = TALLOC_P(mem_ctx, LDAPMessage *); 00358 SMB_ASSERT(handle != NULL); 00359 00360 *handle = result; 00361 talloc_set_destructor(handle, ldapmsg_destructor); 00362 }
void talloc_autofree_ldapmod | ( | TALLOC_CTX * | mem_ctx, | |
LDAPMod ** | mod | |||
) |
参照先 handle・ldapmod_destructor().
参照元 ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_entry()・ldapsam_get_new_rid()・ldapsam_map_posixgroup()・ldapsam_update_group_mapping_entry()・net_sam_provision().
00370 { 00371 LDAPMod ***handle; 00372 00373 if (mod == NULL) { 00374 return; 00375 } 00376 00377 handle = TALLOC_P(mem_ctx, LDAPMod **); 00378 SMB_ASSERT(handle != NULL); 00379 00380 *handle = mod; 00381 talloc_set_destructor(handle, ldapmod_destructor); 00382 }
const char* smbldap_talloc_dn | ( | TALLOC_CTX * | mem_ctx, | |
LDAP * | ld, | |||
LDAPMessage * | entry | |||
) |
参照先 pull_utf8_talloc().
参照元 idmap_ldap_allocate_id()・idmap_ldap_set_hwm()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_dom_group()・ldapsam_delete_entry()・ldapsam_delete_user()・ldapsam_get_new_rid()・ldapsam_lookup_rids()・ldapsam_map_posixgroup()・ldapsam_set_primary_group()・ldapsam_update_group_mapping_entry().
01642 { 01643 char *utf8_dn, *unix_dn; 01644 01645 utf8_dn = ldap_get_dn(ld, entry); 01646 if (!utf8_dn) { 01647 DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); 01648 return NULL; 01649 } 01650 if (pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn) == (size_t)-1) { 01651 DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 " 01652 "[%s]\n", utf8_dn)); 01653 return NULL; 01654 } 01655 ldap_memfree(utf8_dn); 01656 return unix_dn; 01657 }