2 Unix SMB/CIFS implementation.
3 ads (active directory) utility library
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* return a ldap dn path from a string, given separators and field name
27 ADS_STATUS ads_build_path(const char *realm,
41 r = SMB_STRDUP(realm);
43 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
47 if (strchr(sep, *p)) {
52 len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
54 ret = (char *)SMB_MALLOC(len);
57 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
60 if (strlcpy(ret,field, len) >= len) {
64 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
66 p=strtok_r(r, sep, &saveptr);
68 if (strlcat(ret, p, len) >= len) {
71 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
74 while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
78 retval = asprintf(&s, "%s%s,%s", field, p, ret);
80 retval = asprintf(&s, "%s,%s%s", ret, field, p);
84 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
95 return ADS_ERROR_NT(NT_STATUS_OK);
98 /* return a dn of the form "dc=AA,dc=BB,dc=CC" from a
99 realm of the form AA.BB.CC
102 ADS_STATUS ads_build_dn(const char *realm, TALLOC_CTX *mem_ctx, char **_dn)
107 status = ads_build_path(realm, ".", "dc=", 0, &dn);
108 if (!ADS_ERR_OK(status)) {
113 *_dn = talloc_strdup(mem_ctx, dn);
116 return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
119 return ADS_ERROR_NT(NT_STATUS_OK);
122 /* return a DNS name in the for aa.bb.cc from the DN
123 "dc=AA,dc=BB,dc=CC". caller must free
125 char *ads_build_domain(const char *dn)
127 char *dnsdomain = NULL;
129 /* result should always be shorter than the DN */
131 if ( (dnsdomain = SMB_STRDUP( dn )) == NULL ) {
132 DEBUG(0,("ads_build_domain: malloc() failed!\n"));
136 if (!strlower_m( dnsdomain )) {
137 SAFE_FREE(dnsdomain);
141 all_string_sub( dnsdomain, "dc=", "", 0);
142 all_string_sub( dnsdomain, ",", ".", 0 );
147 static int ads_destructor(ADS_STRUCT *ads)
156 initialise a ADS_STRUCT, ready for some ads_ ops
158 ADS_STRUCT *ads_init(TALLOC_CTX *mem_ctx,
160 const char *workgroup,
161 const char *ldap_server,
162 enum ads_sasl_state_e sasl_state)
164 ADS_STRUCT *ads = NULL;
167 ads = talloc_zero(mem_ctx, ADS_STRUCT);
171 talloc_set_destructor(ads, ads_destructor);
177 ads->server.realm = talloc_strdup(ads, realm);
178 if (realm != NULL && ads->server.realm == NULL) {
179 DBG_WARNING("Out of memory\n");
184 ads->server.workgroup = talloc_strdup(ads, workgroup);
185 if (workgroup != NULL && ads->server.workgroup == NULL) {
186 DBG_WARNING("Out of memory\n");
191 ads->server.ldap_server = talloc_strdup(ads, ldap_server);
192 if (ldap_server != NULL && ads->server.ldap_server == NULL) {
193 DBG_WARNING("Out of memory\n");
198 wrap_flags = lp_client_ldap_sasl_wrapping();
200 if (wrap_flags & ADS_AUTH_SASL_LDAPS) {
201 sasl_state = ADS_SASL_PLAIN;
202 } else if (wrap_flags & ADS_AUTH_SASL_STARTTLS) {
203 sasl_state = ADS_SASL_PLAIN;
206 switch (sasl_state) {
210 wrap_flags |= ADS_AUTH_SASL_SIGN;
213 wrap_flags |= ADS_AUTH_SASL_SEAL;
217 ads->auth.flags = wrap_flags;
219 ads->auth.reconnect_state = talloc_zero(ads,
220 struct ads_reconnect_state);
221 if (ads->auth.reconnect_state == NULL) {
226 /* Start with the configured page size when the connection is new,
227 * we will drop it by half we get a timeout. */
228 ads->config.ldap_page_size = lp_ldap_page_size();
233 /****************************************************************
234 ****************************************************************/
236 bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, unsigned flags)
238 unsigned reset_flags;
239 unsigned other_flags;
245 reset_flags = ADS_AUTH_SASL_SIGN |
247 ADS_AUTH_SASL_LDAPS |
248 ADS_AUTH_SASL_STARTTLS;
250 other_flags = ads->auth.flags & ~reset_flags;
252 ads->auth.flags = flags | other_flags;