diff options
| author | Günther Deschner <gd@samba.org> | 2016-08-17 11:58:02 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2022-12-16 20:38:32 +0000 |
| commit | 39e8489dfc51b2293afa13d58b167819b46918dc (patch) | |
| tree | 1969bf1ac7da4d1cec3f3694fc75de750b95c9ad | |
| parent | 89828c64c9a8114bb5f596bc007a7c126e803d80 (diff) | |
| download | samba-39e8489dfc51b2293afa13d58b167819b46918dc.tar.gz | |
s3-librpc: add ads.idl and convert ads_struct to talloc.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
| -rw-r--r-- | lib/param/loadparm.h | 11 | ||||
| -rw-r--r-- | lib/param/param_table.c | 1 | ||||
| -rw-r--r-- | libgpo/pygpo.c | 6 | ||||
| -rw-r--r-- | source3/include/ads.h | 90 | ||||
| -rw-r--r-- | source3/lib/netapi/joindomain.c | 4 | ||||
| -rw-r--r-- | source3/libads/ads_proto.h | 5 | ||||
| -rwxr-xr-x | source3/libads/ldap.c | 17 | ||||
| -rw-r--r-- | source3/libads/ndr.c | 97 | ||||
| -rw-r--r-- | source3/libads/sasl_wrapping.c | 4 | ||||
| -rw-r--r-- | source3/libnet/libnet_join.c | 10 | ||||
| -rw-r--r-- | source3/librpc/idl/ads.idl | 128 | ||||
| -rw-r--r-- | source3/librpc/idl/libnet_join.idl | 5 | ||||
| -rw-r--r-- | source3/librpc/idl/wscript_build | 9 | ||||
| -rw-r--r-- | source3/librpc/ndr/ndr_ads.c | 32 | ||||
| -rw-r--r-- | source3/librpc/wscript_build | 7 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 1 | ||||
| -rw-r--r-- | source3/printing/nt_printing_ads.c | 6 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/idmap_ad.c | 1 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_ads.c | 4 | ||||
| -rw-r--r-- | source3/wscript_build | 2 | ||||
| -rw-r--r-- | source4/libcli/ldap/ldap_bind.c | 1 | ||||
| -rw-r--r-- | source4/librpc/wscript_build | 1 |
23 files changed, 217 insertions, 231 deletions
diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index b1641ba88d2..98263f0e62b 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -203,17 +203,6 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, -/* ads auth control flags */ -#define ADS_AUTH_DISABLE_KERBEROS 0x0001 -#define ADS_AUTH_NO_BIND 0x0002 -#define ADS_AUTH_ANON_BIND 0x0004 -#define ADS_AUTH_SIMPLE_BIND 0x0008 -#define ADS_AUTH_ALLOW_NTLMSSP 0x0010 -#define ADS_AUTH_SASL_SIGN 0x0020 -#define ADS_AUTH_SASL_SEAL 0x0040 -#define ADS_AUTH_SASL_FORCE 0x0080 -#define ADS_AUTH_USER_CREDS 0x0100 - enum ldap_server_require_strong_auth { LDAP_SERVER_REQUIRE_STRONG_AUTH_NO, LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS, diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 3ffa4bcc411..cd6e3403a4c 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -36,6 +36,7 @@ #include "libds/common/roles.h" #include "source4/lib/tls/tls.h" #include "auth/credentials/credentials.h" +#include "source3/librpc/gen_ndr/ads.h" #ifndef N_ #define N_(x) x diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index 485c96f4f2d..3070e0a6394 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -229,9 +229,9 @@ static PyObject* py_ads_connect(ADS *self, PyErr_SetString(PyExc_RuntimeError, "Uninitialized"); return NULL; } - TALLOC_FREE(self->ads_ptr->auth.user_name); - TALLOC_FREE(self->ads_ptr->auth.password); - TALLOC_FREE(self->ads_ptr->auth.realm); + ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.user_name); + ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.password); + ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.realm); if (self->cli_creds) { self->ads_ptr->auth.user_name = talloc_strdup(self->ads_ptr, cli_credentials_get_username(self->cli_creds)); diff --git a/source3/include/ads.h b/source3/include/ads.h index 808554310a4..6c9e57b9ed0 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -8,6 +8,7 @@ #include "libads/ads_status.h" #include "smb_ldap.h" +#include "librpc/gen_ndr/ads.h" struct ads_saslwrap; @@ -18,92 +19,7 @@ struct ads_saslwrap_ops { void (*disconnect)(struct ads_saslwrap *); }; -enum ads_saslwrap_type { - ADS_SASLWRAP_TYPE_PLAIN = 1, - ADS_SASLWRAP_TYPE_SIGN = 2, - ADS_SASLWRAP_TYPE_SEAL = 4 -}; - -struct ads_saslwrap { - /* expected SASL wrapping type */ - enum ads_saslwrap_type wrap_type; - /* SASL wrapping operations */ - const struct ads_saslwrap_ops *wrap_ops; -#ifdef HAVE_LDAP_SASL_WRAPPING - Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */ -#endif /* HAVE_LDAP_SASL_WRAPPING */ - TALLOC_CTX *mem_ctx; - void *wrap_private_data; - struct { - uint32_t ofs; - uint32_t needed; - uint32_t left; -#define ADS_SASL_WRAPPING_IN_MAX_WRAPPED 0x0FFFFFFF - uint32_t max_wrapped; - uint32_t min_wrapped; - uint32_t size; - uint8_t *buf; - } in; - struct { - uint32_t ofs; - uint32_t left; -#define ADS_SASL_WRAPPING_OUT_MAX_WRAPPED 0x00A00000 - uint32_t max_unwrapped; - uint32_t sig_size; - uint32_t size; - uint8_t *buf; - } out; -}; - -typedef struct ads_struct { - /* info needed to find the server */ - struct { - char *realm; - char *workgroup; - char *ldap_server; - bool gc; /* Is this a global catalog server? */ - bool no_fallback; /* Bail if the ldap_server is not available */ - } server; - - /* info needed to authenticate */ - struct { - char *realm; - char *password; - char *user_name; - char *kdc_server; - unsigned flags; - int time_offset; - char *ccache_name; - time_t tgt_expire; - time_t tgs_expire; - time_t renewable; - } auth; - - /* info derived from the servers config */ - struct { - uint32_t flags; /* cldap flags identifying the services. */ - char *realm; - char *bind_path; - char *ldap_server_name; - char *server_site_name; - char *client_site_name; - time_t current_time; - char *schema_path; - char *config_path; - int ldap_page_size; - } config; - - /* info about the current LDAP connection */ -#ifdef HAVE_LDAP - struct ads_saslwrap ldap_wrap_data; - struct { - LDAP *ld; - struct sockaddr_storage ss; /* the ip of the active connection, if any */ - time_t last_attempt; /* last attempt to reconnect, monotonic clock */ - int port; - } ldap; -#endif /* HAVE_LDAP */ -} ADS_STRUCT; +typedef struct ads_struct ADS_STRUCT; #ifdef HAVE_ADS typedef LDAPMod **ADS_MODLIST; @@ -151,4 +67,6 @@ typedef struct { #include "libads/kerberos_proto.h" +#define ADS_TALLOC_CONST_FREE(PTR) do { talloc_free(discard_const(PTR)); PTR = NULL; } while (0); + #endif /* _INCLUDE_ADS_H_ */ diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index ced16031d44..a2c66877b0c 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -434,7 +434,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx, goto out; } - TALLOC_FREE(ads->auth.user_name); + ADS_TALLOC_CONST_FREE(ads->auth.user_name); if (r->in.account) { ads->auth.user_name = talloc_strdup(ads, r->in.account); if (ads->auth.user_name == NULL) { @@ -454,7 +454,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx, } } - TALLOC_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.password); if (r->in.password) { ads->auth.password = talloc_strdup(ads, r->in.password); if (ads->auth.password == NULL) { diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index 76396aabc34..ceefcd6d807 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -199,11 +199,6 @@ ADS_STATUS ads_ranged_search(ADS_STRUCT *ads, char ***strings, size_t *num_strings); -/* The following definitions come from libads/ndr.c */ - -struct ndr_print; -void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r); - /* The following definitions come from libads/sasl.c */ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index da5a924cde0..a01b1193013 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -33,6 +33,7 @@ #include "../librpc/gen_ndr/netlogon.h" #include "lib/param/loadparm.h" #include "libsmb/namequery.h" +#include "../librpc/gen_ndr/ndr_ads.h" #ifdef HAVE_LDAP @@ -259,6 +260,7 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads, bool ret = false; char addr[INET6_ADDRSTRLEN]; ADS_STATUS status; + char *dn; print_sockaddr(addr, sizeof(addr), ss); @@ -273,12 +275,12 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads, /* Fill in the ads->config values */ - TALLOC_FREE(ads->config.realm); - TALLOC_FREE(ads->config.bind_path); - TALLOC_FREE(ads->config.ldap_server_name); - TALLOC_FREE(ads->config.server_site_name); - TALLOC_FREE(ads->config.client_site_name); - TALLOC_FREE(ads->server.workgroup); + ADS_TALLOC_CONST_FREE(ads->config.realm); + ADS_TALLOC_CONST_FREE(ads->config.bind_path); + ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name); + ADS_TALLOC_CONST_FREE(ads->config.server_site_name); + ADS_TALLOC_CONST_FREE(ads->config.client_site_name); + ADS_TALLOC_CONST_FREE(ads->server.workgroup); if (!check_cldap_reply_required_flags(cldap_reply->server_type, ads->config.flags)) { @@ -303,13 +305,14 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads, goto out; } - status = ads_build_dn(ads->config.realm, ads, &ads->config.bind_path); + status = ads_build_dn(ads->config.realm, ads, &dn); if (!ADS_ERR_OK(status)) { DBG_DEBUG("Failed to build bind path: %s\n", ads_errstr(status)); ret = false; goto out; } + ads->config.bind_path = dn; if (*cldap_reply->server_site) { ads->config.server_site_name = diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c deleted file mode 100644 index 4c454443e2c..00000000000 --- a/source3/libads/ndr.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - debug print helpers - - Copyright (C) Guenther Deschner 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "ads.h" -#include "../librpc/gen_ndr/ndr_netlogon.h" -#include "../librpc/ndr/libndr.h" -#include "lib/param/loadparm.h" - -static void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) -{ - ndr_print_uint32(ndr, name, r); - ndr->depth++; - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_DISABLE_KERBEROS", ADS_AUTH_DISABLE_KERBEROS, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_NO_BIND", ADS_AUTH_NO_BIND, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ANON_BIND", ADS_AUTH_ANON_BIND, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SIMPLE_BIND", ADS_AUTH_SIMPLE_BIND, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ALLOW_NTLMSSP", ADS_AUTH_ALLOW_NTLMSSP, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SIGN", ADS_AUTH_SASL_SIGN, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SEAL", ADS_AUTH_SASL_SEAL, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_FORCE", ADS_AUTH_SASL_FORCE, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_USER_CREDS", ADS_AUTH_USER_CREDS, r); - ndr->depth--; -} - -void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r) -{ - ndr_print_struct(ndr, name, "ads_struct"); - ndr->depth++; - ndr_print_struct(ndr, name, "server"); - ndr->depth++; - ndr_print_string(ndr, "realm", r->server.realm); - ndr_print_string(ndr, "workgroup", r->server.workgroup); - ndr_print_string(ndr, "ldap_server", r->server.ldap_server); - ndr_print_bool(ndr, "gc", r->server.gc); - ndr_print_bool(ndr, "no_fallback", r->server.no_fallback); - ndr->depth--; - ndr_print_struct(ndr, name, "auth"); - ndr->depth++; - ndr_print_string(ndr, "realm", r->auth.realm); -#ifdef DEBUG_PASSWORD - ndr_print_string(ndr, "password", r->auth.password); -#else - ndr_print_string(ndr, "password", "(PASSWORD omitted)"); -#endif - ndr_print_string(ndr, "user_name", r->auth.user_name); - ndr_print_string(ndr, "kdc_server", r->auth.kdc_server); - ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags); - ndr_print_uint32(ndr, "time_offset", r->auth.time_offset); - ndr_print_string(ndr, "ccache_name", r->auth.ccache_name); - ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire); - ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire); - ndr_print_time_t(ndr, "renewable", r->auth.renewable); - ndr->depth--; - ndr_print_struct(ndr, name, "config"); - ndr->depth++; - ndr_print_netr_DsR_DcFlags(ndr, "flags", r->config.flags); - ndr_print_string(ndr, "realm", r->config.realm); - ndr_print_string(ndr, "bind_path", r->config.bind_path); - ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name); - ndr_print_string(ndr, "server_site_name", r->config.server_site_name); - ndr_print_string(ndr, "client_site_name", r->config.client_site_name); - ndr_print_time_t(ndr, "current_time", r->config.current_time); - ndr_print_string(ndr, "schema_path", r->config.schema_path); - ndr_print_string(ndr, "config_path", r->config.config_path); - ndr->depth--; -#ifdef HAVE_LDAP - ndr_print_struct(ndr, name, "ldap"); - ndr->depth++; - ndr_print_ptr(ndr, "ld", r->ldap.ld); - ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss); - ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt); - ndr_print_uint32(ndr, "port", r->ldap.port); - ndr_print_ads_saslwrap_struct(ndr, "saslwrap", &(r->ldap_wrap_data)); - ndr->depth--; - ndr->depth--; -#endif /* HAVE_LDAP */ - ndr->depth--; -} diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c index 1dbd357a8de..7a58765007c 100644 --- a/source3/libads/sasl_wrapping.c +++ b/source3/libads/sasl_wrapping.c @@ -58,7 +58,7 @@ static int ads_saslwrap_setup(Sockbuf_IO_Desc *sbiod, void *arg) { struct ads_saslwrap *wrap = (struct ads_saslwrap *)arg; - wrap->sbiod = sbiod; + wrap->sbiod = (struct Sockbuf_IO_Desc *)sbiod; sbiod->sbiod_pvt = wrap; @@ -336,7 +336,7 @@ ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld, return status; } - wrap->wrap_ops = ops; + wrap->wrap_ops = discard_const(ops); wrap->wrap_private_data = private_data; return ADS_SUCCESS; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d48833d6197..3bff7ec1412 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -171,7 +171,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, } if (user_name) { - TALLOC_FREE(my_ads->auth.user_name); + ADS_TALLOC_CONST_FREE(my_ads->auth.user_name); my_ads->auth.user_name = talloc_strdup(my_ads, user_name); if (my_ads->auth.user_name == NULL) { status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); @@ -179,7 +179,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, } if ((cp = strchr_m(my_ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; - TALLOC_FREE(my_ads->auth.realm); + ADS_TALLOC_CONST_FREE(my_ads->auth.realm); my_ads->auth.realm = talloc_asprintf_strupper_m(my_ads, "%s", cp); if (my_ads->auth.realm == NULL) { status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); @@ -189,7 +189,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, } if (password) { - TALLOC_FREE(my_ads->auth.password); + ADS_TALLOC_CONST_FREE(my_ads->auth.password); my_ads->auth.password = talloc_strdup(my_ads, password); if (my_ads->auth.password == NULL) { status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); @@ -198,7 +198,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, } if (ccname != NULL) { - TALLOC_FREE(my_ads->auth.ccache_name); + ADS_TALLOC_CONST_FREE(my_ads->auth.ccache_name); my_ads->auth.ccache_name = talloc_strdup(my_ads, ccname); if (my_ads->auth.ccache_name == NULL) { status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); @@ -1045,7 +1045,7 @@ static ADS_STATUS libnet_join_post_processing_ads_modify(TALLOC_CTX *mem_ctx, if (r->in.ads->auth.ccache_name != NULL) { ads_kdestroy(r->in.ads->auth.ccache_name); - TALLOC_FREE(r->in.ads->auth.ccache_name); + ADS_TALLOC_CONST_FREE(r->in.ads->auth.ccache_name); } TALLOC_FREE(r->in.ads); diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl new file mode 100644 index 00000000000..4c91b1dbe0a --- /dev/null +++ b/source3/librpc/idl/ads.idl @@ -0,0 +1,128 @@ +#include "idl_types.h" +#include "config.h" + +/* + ads interface definition +*/ + +cpp_quote("#include <system/network.h>") + +[ + pointer_default(unique) +] +interface ads +{ + typedef [public] enum { + ADS_SASLWRAP_TYPE_PLAIN = 1, + ADS_SASLWRAP_TYPE_SIGN = 2, + ADS_SASLWRAP_TYPE_SEAL = 4 + } ads_saslwrap_type; + + /* ads auth control flags */ + typedef [public] bitmap { + ADS_AUTH_DISABLE_KERBEROS = 0x0001, + ADS_AUTH_NO_BIND = 0x0002, + ADS_AUTH_ANON_BIND = 0x0004, + ADS_AUTH_SIMPLE_BIND = 0x0008, + ADS_AUTH_ALLOW_NTLMSSP = 0x0010, + ADS_AUTH_SASL_SIGN = 0x0020, + ADS_AUTH_SASL_SEAL = 0x0040, + ADS_AUTH_SASL_FORCE = 0x0080, + ADS_AUTH_USER_CREDS = 0x0100 + } ads_auth_flags; + + const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF; + const int ADS_SASL_WRAPPING_OUT_MAX_WRAPPED = 0x00A00000; + + typedef [nopull,nopush] struct { + string realm; + string workgroup; + string ldap_server; + boolean8 gc; /* Is this a global catalog server? */ + boolean8 no_fallback; /* Bail if the ldap_server is not available */ + } ads_server; + + typedef [nopull,nopush] struct { + string realm; + string password; + string user_name; + string kdc_server; + ads_auth_flags flags; + int time_offset; + string ccache_name; + time_t tgt_expire; + time_t tgs_expire; + time_t renewable; + } ads_auth; + + typedef [nopull,nopush] struct { + uint32 flags; /* cldap flags identifying the services. */ + string realm; + string bind_path; + string ldap_server_name; + string server_site_name; + string client_site_name; + time_t current_time; + string schema_path; + string config_path; + int ldap_page_size; + } ads_config; + + typedef [nopull,nopush] struct { + uint32 ofs; + uint32 needed; + uint32 left; + uint32 max_wrapped; + uint32 min_wrapped; + uint32 size; + uint8 *buf; + } ads_ldap_buf_in; + + typedef [nopull,nopush] struct { + uint32 ofs; + uint32 left; + uint32 max_unwrapped; + uint32 sig_size; + uint32 size; + uint8 *buf; + } ads_ldap_buf_out; + + typedef [nopull,nopush] struct { + ads_saslwrap_type wrap_type; + [ignore] ads_saslwrap_ops *wrap_ops; +#ifdef HAVE_LDAP_SASL_WRAPPING + [ignore] Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */ +#endif /* HAVE_LDAP_SASL_WRAPPING */ + [ignore] TALLOC_CTX *mem_ctx; + [ignore] void *wrap_private_data; + ads_ldap_buf_in in; + ads_ldap_buf_out out; + } ads_saslwrap; + + typedef [nopull,nopush] struct { + [ignore] ldap *ld; + sockaddr_storage ss; /* the ip of the active connection, if any */ + time_t last_attempt; /* last attempt to reconnect, monotonic clock */ + int port; + } ads_ldap; + + typedef [public,nopull,nopush] struct { + /* info needed to find the server */ + ads_server server; + + /* info needed to authenticate */ + ads_auth auth; + + /* info derived from the servers config */ + ads_config config; + +#ifdef HAVE_LDAP + ads_saslwrap ldap_wrap_data; + /* info about the current LDAP connection */ + ads_ldap ldap; +#endif /* HAVE_LDAP */ + + } ads_struct; +} + + diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl index f1dc603ba8d..4c8e65805e8 100644 --- a/source3/librpc/idl/libnet_join.idl +++ b/source3/librpc/idl/libnet_join.idl @@ -1,14 +1,13 @@ #include "idl_types.h" -import "wkssvc.idl", "security.idl", "misc.idl", "netlogon.idl", "ODJ.idl"; +import "wkssvc.idl", "security.idl", "misc.idl", "netlogon.idl", "ODJ.idl", "ads.idl"; /* libnetjoin interface definition */ [ - pointer_default(unique), - helper("ads.h") + pointer_default(unique) ] interface libnetjoin { diff --git a/source3/librpc/idl/wscript_build b/source3/librpc/idl/wscript_build index 9332a8d5668..f5ed8ae723e 100644 --- a/source3/librpc/idl/wscript_build +++ b/source3/librpc/idl/wscript_build @@ -22,3 +22,12 @@ bld.SAMBA_PIDL_LIST('PIDL', options='--includedir=%s --header --ndr-parser' % topinclude, output_dir='../gen_ndr', generate_tables=False) + +absinclude=os.path.join(bld.srcnode.abspath(), 'bin/default/include') + +bld.SAMBA_PIDL_LIST('PIDL', + ''' + ads.idl + ''', + options='--includedir=%s --includedir=%s --header --ndr-parser' % (topinclude, absinclude), + output_dir='../gen_ndr') diff --git a/source3/librpc/ndr/ndr_ads.c b/source3/librpc/ndr/ndr_ads.c new file mode 100644 index 00000000000..d19f8621c15 --- /dev/null +++ b/source3/librpc/ndr/ndr_ads.c @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + + routines for marshalling/unmarshalling ads structures + + Copyright (C) Guenther Deschner 2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_ads.h" + +enum ndr_err_code ndr_pull_ads_struct(struct ndr_pull *ndr, int ndr_flags, struct ads_struct *r) +{ + return NDR_ERR_SUCCESS; +} +enum ndr_err_code ndr_push_ads_struct(struct ndr_push *ndr, int ndr_flags, const struct ads_struct *r) +{ + return NDR_ERR_SUCCESS; +} diff --git a/source3/librpc/wscript_build b/source3/librpc/wscript_build index 40b4eaf1108..5cd55307286 100644 --- a/source3/librpc/wscript_build +++ b/source3/librpc/wscript_build @@ -9,7 +9,7 @@ bld.SAMBA3_SUBSYSTEM('NDR_LIBNETAPI', bld.SAMBA3_SUBSYSTEM('NDR_LIBNET_JOIN', source='gen_ndr/ndr_libnet_join.c', - public_deps='ndr krb5samba NDR_ODJ' + public_deps='ndr krb5samba NDR_ODJ NDR_ADS' ) bld.SAMBA3_SUBSYSTEM("NDR_RPC_HOST", @@ -41,3 +41,8 @@ bld.SAMBA3_SUBSYSTEM('NDR_PERFCOUNT', public_deps='ndr' ) +bld.SAMBA3_SUBSYSTEM('NDR_ADS', + source='gen_ndr/ndr_ads.c ndr/ndr_ads.c', + public_deps='ndr' + ) + diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index a0c9249b777..ad24ae7e9e7 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -78,6 +78,7 @@ #include "lib/util/string_wrappers.h" #include "auth/credentials/credentials.h" #include "source3/lib/substitute.h" +#include "source3/librpc/gen_ndr/ads.h" #ifdef HAVE_SYS_SYSCTL_H #include <sys/sysctl.h> diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c index ff41baad5a2..0056786ad49 100644 --- a/source3/printing/nt_printing_ads.c +++ b/source3/printing/nt_printing_ads.c @@ -235,7 +235,7 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, old_krb5ccname = getenv(KRB5_ENV_CCNAME); setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); - TALLOC_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.password); machine_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (machine_password != NULL) { @@ -698,7 +698,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx, } old_krb5ccname = getenv(KRB5_ENV_CCNAME); setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); - TALLOC_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.password); machine_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (machine_password != NULL) { @@ -768,7 +768,7 @@ WERROR check_published_printers(struct messaging_context *msg_ctx) } old_krb5ccname = getenv(KRB5_ENV_CCNAME); setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); - TALLOC_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.password); machine_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (machine_password != NULL) { diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 53c06a9e2c5..4bca90d5c8c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -663,7 +663,7 @@ retry: if (c->opt_password) { use_in_memory_ccache(); - TALLOC_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.password); ads->auth.password = talloc_strdup(ads, c->opt_password); if (ads->auth.password == NULL) { TALLOC_FREE(ads); @@ -671,7 +671,7 @@ retry: } } - TALLOC_FREE(ads->auth.user_name); + ADS_TALLOC_CONST_FREE(ads->auth.user_name); ads->auth.user_name = talloc_strdup(ads, c->opt_user_name); if (ads->auth.user_name == NULL) { TALLOC_FREE(ads); @@ -704,7 +704,7 @@ retry: */ if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; - TALLOC_FREE(ads->auth.realm); + ADS_TALLOC_CONST_FREE(ads->auth.realm); ads->auth.realm = talloc_asprintf_strupper_m(ads, "%s", cp); if (ads->auth.realm == NULL) { TALLOC_FREE(ads); diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 1f0dd54456c..d08052e8a97 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -33,6 +33,7 @@ #include "libcli/security/dom_sid.h" #include "source3/libads/sitename_cache.h" #include "source3/libads/kerberos_proto.h" +#include "source3/librpc/gen_ndr/ads.h" struct idmap_ad_schema_names; diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index d2b0962ac71..7d45355f245 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -125,8 +125,8 @@ static ADS_STATUS ads_cached_connection_connect(const char *target_realm, goto out; } - TALLOC_FREE(ads->auth.password); - TALLOC_FREE(ads->auth.realm); + ADS_TALLOC_CONST_FREE(ads->auth.password); + ADS_TALLOC_CONST_FREE(ads->auth.realm); ads->auth.renewable = renewable; ads->auth.password = talloc_strdup(ads, password); diff --git a/source3/wscript_build b/source3/wscript_build index e59ea573840..97c6b5c17fc 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -504,7 +504,6 @@ bld.SAMBA3_LIBRARY('ads', libads/ldap_utils.c libads/ldap_schema.c libads/util.c - libads/ndr.c libads/net_ads_setspn.c ''', deps=''' @@ -520,6 +519,7 @@ bld.SAMBA3_LIBRARY('ads', DCUTIL smbldap trusts_util + NDR_ADS ''', private_library=True) diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index 1008ff21b63..5c018535cce 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -33,6 +33,7 @@ #include "lib/stream/packet.h" #include "param/param.h" #include "param/loadparm.h" +#include "librpc/gen_ndr/ads.h" struct ldap_simple_creds { const char *dn; diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build index a2fb5783c47..a1c97cbddb3 100644 --- a/source4/librpc/wscript_build +++ b/source4/librpc/wscript_build @@ -132,6 +132,7 @@ bld.SAMBA_SUBSYSTEM('ndr-table', NDR_SECRETS NDR_LEASES_DB NDR_ODJ + NDR_ADS ''', depends_on='GEN_NDR_TABLES' ) |