static RET_CODE ads_dvbad_module_init(void) { RET_CODE ret = ERR_FAILURE; module_config.channel_frequency = ad_maintp.tp_freq; module_config.channel_symbolrate = ad_maintp.tp_sym; module_config.channel_qam = ad_maintp.nim_modulate; module_config.flash_size = (u32)DVB_LOGO_MAX_LEN; module_config.flash_start_addr = (u8*)DVB_LOGO_START_ADDR; module_config.pic_in = ADS_PIC_IN_SDRAM; module_config.task_priority = PRIORITY_LEVEL_DEFAULT; module_config.platform_type = ADS_PLATFORM_SD; DVB_ADS_PRINTF("ADS:ads_module_config.flash_start_adr= 0x%x, flash_size = 0x%x \n", (unsigned int)module_config.flash_start_addr, (unsigned int)module_config.flash_size); //according to the different ad to get the ads_id which will be used in the other func ads_id = ads_adt_dvbad_attach(IN &module_config); ret=ads_init(ads_id,&module_config); if(ret != SUCCESS) { return ret; } ret = ads_open(ads_id); if (ret != SUCCESS) return ret; GxCore_ThreadDelay(100); memset(version,0,25); ads_io_ctrl(ads_id, ADS_IOCMD_AD_VERSION_GET, version); DVB_ADS_PRINTF("ad Version:%s\n",version); return SUCCESS; }
int main( int argc, char **argv ) { _DBG( ( "Calling ads_init()\r\n" ) ); ads_init( argc, argv ); _DBG( ( "After ads_init()\r\n" ) ); #else int main( void ) { #endif _DBG(("Calling Initialize\n")); Initialize(); _DBG(("Calling RemoteConnect\n")); RemoteConnect(); _DBG(("Calling Session\n")); Session(); _DBG(("Calling TrapFini\n")); TrapFini(); _DBG(("Calling RemoteDisco\n")); RemoteDisco(); _DBG(("Calling RemoteUnLink\n")); RemoteUnLinkX(); _DBG(("After calling RemoteUnLink\n")); #ifdef ACAD LetACADDie(); #endif return( 0 ); }
static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } ads_connect(ads); if (!ads || !ads->config.realm) { d_printf("Didn't find the ldap server!\n"); return -1; } d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip)); d_printf("LDAP server name: %s\n", ads->config.ldap_server_name); d_printf("Realm: %s\n", ads->config.realm); d_printf("Bind Path: %s\n", ads->config.bind_path); d_printf("LDAP port: %d\n", ads->ldap_port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); d_printf("KDC server: %s\n", ads->auth.kdc_server ); d_printf("Server time offset: %d\n", ads->auth.time_offset ); return 0; }
WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer, struct GUID *pguid) { ADS_STRUCT *ads = NULL; char *old_krb5ccname = NULL; char *printer_dn; WERROR result; ADS_STATUS ads_status; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { return WERR_NOMEM; } ads = ads_init(lp_realm(), lp_workgroup(), NULL); if (ads == NULL) { result = WERR_SERVER_UNAVAILABLE; goto out; } old_krb5ccname = getenv(KRB5_ENV_CCNAME); setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); SAFE_FREE(ads->auth.password); ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); ads_status = ads_connect(ads); if (!ADS_ERR_OK(ads_status)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_status))); result = WERR_ACCESS_DENIED; goto out; } result = nt_printer_dn_lookup(tmp_ctx, ads, printer, &printer_dn); if (!W_ERROR_IS_OK(result)) { goto out; } result = nt_printer_guid_retrieve_internal(ads, printer_dn, pguid); out: TALLOC_FREE(tmp_ctx); ads_destroy(&ads); ads_kdestroy("MEMORY:prtpub_cache"); unsetenv(KRB5_ENV_CCNAME); if (old_krb5ccname != NULL) { setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0); } return result; }
/* this implements the CLDAP based netlogon lookup requests for finding the domain controller of a ADS domain */ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } ads_connect(ads); if (!ads || !ads->config.realm) { d_printf("Didn't find the cldap server!\n"); return -1; } return ads_cldap_netlogon(ads); }
static RET_CODE ads_xsm_module_init() { #ifndef WIN32 RET_CODE ret = ERR_FAILURE; module_config.channel_frequency = ad_maintp.tp_freq; module_config.channel_symbolrate = ad_maintp.tp_sym; module_config.channel_qam = ad_maintp.nim_modulate; module_config.flash_start_adr= dm_get_block_addr(class_get_handle_by_id(DM_CLASS_ID), DEC_RW_ADS_BLOCK_ID); //module_config.flash_start_adr= 0; module_config.nvram_read= nvram_read; module_config.nvram_write= nvram_write; module_config.nvram_erase= nvram_erase; module_config.nvram_erase2 = nvram_erase2; module_config.flash_size= dm_get_block_size(class_get_handle_by_id(DM_CLASS_ID), DEC_RW_ADS_BLOCK_ID); module_config.p_dmx_dev = dev_find_identifier(NULL, DEV_IDT_TYPE, SYS_DEV_TYPE_PTI); module_config.pic_in = ADS_PIC_IN_SDRAM; module_config.task_prio_start= AD_TASK_PRIO_START; module_config.task_prio_end= AD_TASK_PRIO_END; module_config.display_ad = ui_adv_xsm_display; module_config.hide_ad = ui_adv_xsm_hide; module_config.read_gif = ui_adv_set_pic; module_config.platform_type = ADS_PLATFORM_SD; OS_PRINTF("ADS:ads_module_config.flash_start_adr===0x%x, flash_size = 0x%x \n", module_config.flash_start_adr, module_config.flash_size); ret = ads_adt_xsm_attach(&module_config, &adm_id); MT_ASSERT(SUCCESS == ret); ret=ads_init(ADS_ID_ADT_XSM, &module_config); if(ret != SUCCESS) { return ret; } ads_module_open(ADS_ID_ADT_XSM); mtos_task_delay_ms(100); return SUCCESS; #endif }
static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name) { #if 1 /* AR7 */ return False; #else ADS_STRUCT *ads; if (!realm && strequal(domain, lp_workgroup())) realm = lp_realm(); ads = ads_init(realm, domain, NULL); if (!ads) return False; DEBUG(4,("ads_dc_name: domain=%s\n", domain)); #ifdef HAVE_ADS /* we don't need to bind, just connect */ ads->auth.flags |= ADS_AUTH_NO_BIND; ads_connect(ads); #endif if (!ads->config.realm) { ads_destroy(&ads); return False; } fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); *dc_ip = ads->ldap_ip; ads_destroy(&ads); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", srv_name, inet_ntoa(*dc_ip))); return True; #endif /* AR7 */ }
static NTSTATUS _idmap_adex_init(struct idmap_domain *dom) { ADS_STRUCT *ads = NULL; ADS_STATUS status; static NTSTATUS init_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct dom_sid domain_sid; fstring dcname; struct sockaddr_storage ip; struct likewise_cell *lwcell; if (NT_STATUS_IS_OK(init_status)) return NT_STATUS_OK; /* Silently fail if we are not a member server in security = ads */ if ((lp_server_role() != ROLE_DOMAIN_MEMBER) || (lp_security() != SEC_ADS)) { init_status = NT_STATUS_INVALID_SERVER_STATE; BAIL_ON_NTSTATUS_ERROR(init_status); } /* fetch our domain SID first */ if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { init_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; BAIL_ON_NTSTATUS_ERROR(init_status); } /* reuse the same ticket cache as winbindd */ setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1); /* Establish a connection to a DC */ if ((ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL) { init_status = NT_STATUS_NO_MEMORY; BAIL_ON_NTSTATUS_ERROR(init_status); } ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); ads->auth.realm = SMB_STRDUP(lp_realm()); /* get the DC name here to setup the server affinity cache and local krb5.conf */ get_dc_name(lp_workgroup(), lp_realm(), dcname, &ip); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { DEBUG(0, ("_idmap_adex_init: ads_connect() failed! (%s)\n", ads_errstr(status))); } init_status = ads_ntstatus(status); BAIL_ON_NTSTATUS_ERROR(init_status); /* Find out cell membership */ init_status = cell_locate_membership(ads); if (!NT_STATUS_IS_OK(init_status)) { DEBUG(0,("LWI: Fail to locate cell membership (%s).", nt_errstr(init_status))); goto done; } /* Fill in the cell information */ lwcell = cell_list_head(); init_status = cell_lookup_settings(lwcell); BAIL_ON_NTSTATUS_ERROR(init_status); /* Miscellaneous setup. E.g. set up the list of GC servers and domain list for our forest (does not actually connect). */ init_status = gc_init_list(); BAIL_ON_NTSTATUS_ERROR(init_status); init_status = domain_init_list(); BAIL_ON_NTSTATUS_ERROR(init_status); done: if (!NT_STATUS_IS_OK(init_status)) { DEBUG(1,("Likewise initialization failed (%s)\n", nt_errstr(init_status))); } /* cleanup */ if (!NT_STATUS_IS_OK(init_status)) { cell_list_destroy(); /* init_status stores the failure reason but we need to return success or else idmap_init() will drop us from the backend list */ return NT_STATUS_OK; } init_status = NT_STATUS_OK; return init_status; }
static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name) { #if 1 /* AVM */ return False; #else ADS_STRUCT *ads; char *sitename; int i; if (!realm && strequal(domain, lp_workgroup())) { realm = lp_realm(); } sitename = sitename_fetch(realm); /* Try this 3 times then give up. */ for( i =0 ; i < 3; i++) { ads = ads_init(realm, domain, NULL); if (!ads) { SAFE_FREE(sitename); return False; } DEBUG(4,("ads_dc_name: domain=%s\n", domain)); #ifdef HAVE_ADS /* we don't need to bind, just connect */ ads->auth.flags |= ADS_AUTH_NO_BIND; ads_connect(ads); #endif if (!ads->config.realm) { SAFE_FREE(sitename); ads_destroy(&ads); return False; } /* Now we've found a server, see if our sitename has changed. If so, we need to re-do the DNS query to ensure we only find servers in our site. */ if (stored_sitename_changed(realm, sitename)) { SAFE_FREE(sitename); sitename = sitename_fetch(realm); ads_destroy(&ads); /* Ensure we don't cache the DC we just connected to. */ namecache_delete(realm, 0x1C); namecache_delete(domain, 0x1C); continue; } #ifdef HAVE_KRB5 if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC)) { if (ads_closest_dc(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs to use this KDC. */ create_local_private_krb5_conf_for_domain(realm, domain, sitename, ads->ldap_ip); } else { /* use an off site KDC */ create_local_private_krb5_conf_for_domain(realm, domain, NULL, ads->ldap_ip); } } #endif break; } if (i == 3) { DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n", sitename ? sitename : "")); SAFE_FREE(sitename); return False; } SAFE_FREE(sitename); fstrcpy(srv_name, ads->config.ldap_server_name); strupper_m(srv_name); *dc_ip = ads->ldap_ip; ads_destroy(&ads); DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n", srv_name, inet_ntoa(*dc_ip))); return True; #endif /* AVM */ }
/* return our ads connections structure for a domain. We keep the connection open to make things faster */ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) { ADS_STRUCT *ads; ADS_STATUS status; fstring dc_name; struct sockaddr_storage dc_ss; DEBUG(10,("ads_cached_connection\n")); if (domain->private_data) { time_t expire; time_t now = time(NULL); /* check for a valid structure */ ads = (ADS_STRUCT *)domain->private_data; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); DEBUG(7, ("Current tickets expire in %d seconds (at %d, time is now %d)\n", (uint32)expire-(uint32)now, (uint32) expire, (uint32) now)); if ( ads->config.realm && (expire > now)) { return ads; } else { /* we own this ADS_STRUCT so make sure it goes away */ DEBUG(7,("Deleting expired krb5 credential cache\n")); ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy("MEMORY:winbind_ccache"); domain->private_data = NULL; } } /* we don't want this to affect the users ccache */ setenv("KRB5CCNAME", "MEMORY:winbind_ccache", 1); ads = ads_init(domain->alt_name, domain->name, NULL); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", domain->name)); return NULL; } /* the machine acct password might have change - fetch it every time */ SAFE_FREE(ads->auth.password); SAFE_FREE(ads->auth.realm); if ( IS_DC ) { if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, NULL, NULL ) ) { ads_destroy( &ads ); return NULL; } ads->auth.realm = SMB_STRDUP( ads->server.realm ); strupper_m( ads->auth.realm ); } else { struct winbindd_domain *our_domain = domain; ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); /* always give preference to the alt_name in our primary domain if possible */ if ( !domain->primary ) our_domain = find_our_domain(); if ( our_domain->alt_name[0] != '\0' ) { ads->auth.realm = SMB_STRDUP( our_domain->alt_name ); strupper_m( ads->auth.realm ); } else ads->auth.realm = SMB_STRDUP( lp_realm() ); } ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME; /* Setup the server affinity cache. We don't reaally care about the name. Just setup affinity and the KRB5_CONFIG file. */ get_dc_name( ads->server.workgroup, ads->server.realm, dc_name, &dc_ss ); status = ads_connect(ads); if (!ADS_ERR_OK(status) || !ads->config.realm) { DEBUG(1,("ads_connect for domain %s failed: %s\n", domain->name, ads_errstr(status))); ads_destroy(&ads); /* if we get ECONNREFUSED then it might be a NT4 server, fall back to MSRPC */ if (status.error_type == ENUM_ADS_ERROR_SYSTEM && status.err.rc == ECONNREFUSED) { /* 'reconnect_methods' is the MS-RPC backend. */ DEBUG(1,("Trying MSRPC methods\n")); domain->backend = &reconnect_methods; } return NULL; } /* set the flag that says we don't own the memory even though we do so that ads_destroy() won't destroy the structure we pass back by reference */ ads->is_mine = False; domain->private_data = (void *)ads; return ads; }
NTSTATUS cell_connect(struct likewise_cell *c) { ADS_STRUCT *ads = NULL; ADS_STATUS ads_status; fstring dc_name; struct sockaddr_storage dcip; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; /* have to at least have the AD domain name */ if (!c->dns_domain) { nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; BAIL_ON_NTSTATUS_ERROR(nt_status); } /* clear out any old information */ if (c->conn) { ads_destroy(&c->conn); c->conn = NULL; } /* now setup the new connection */ ads = ads_init(c->dns_domain, NULL, NULL); BAIL_ON_PTR_ERROR(ads, nt_status); ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); ads->auth.realm = SMB_STRDUP(lp_realm()); /* Make the connection. We should already have an initial TGT using the machine creds */ if (cell_flags(c) & LWCELL_FLAG_GC_CELL) { ads_status = ads_connect_gc(ads); } else { /* Set up server affinity for normal cells and the client site name cache */ if (!get_dc_name("", c->dns_domain, dc_name, &dcip)) { nt_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; BAIL_ON_NTSTATUS_ERROR(nt_status); } ads_status = ads_connect(ads); } c->conn = ads; nt_status = ads_ntstatus(ads_status); done: if (!NT_STATUS_IS_OK(nt_status)) { ads_destroy(&ads); c->conn = NULL; } return nt_status; }
WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx, struct NetGetJoinableOUs *r) { #ifdef WITH_ADS NTSTATUS status; ADS_STATUS ads_status; ADS_STRUCT *ads = NULL; struct netr_DsRGetDCNameInfo *info = NULL; const char *dc = NULL; uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_RETURN_DNS_NAME; status = dsgetdcname(ctx, NULL, r->in.domain, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(ctx, "%s", get_friendly_nt_error_msg(status)); return ntstatus_to_werror(status); } dc = strip_hostname(info->dc_unc); ads = ads_init(info->domain_name, info->domain_name, dc); if (!ads) { return WERR_GENERAL_FAILURE; } SAFE_FREE(ads->auth.user_name); if (r->in.account) { ads->auth.user_name = SMB_STRDUP(r->in.account); } else if (ctx->username) { ads->auth.user_name = SMB_STRDUP(ctx->username); } SAFE_FREE(ads->auth.password); if (r->in.password) { ads->auth.password = SMB_STRDUP(r->in.password); } else if (ctx->password) { ads->auth.password = SMB_STRDUP(ctx->password); } ads_status = ads_connect_user_creds(ads); if (!ADS_ERR_OK(ads_status)) { ads_destroy(&ads); return WERR_DEFAULT_JOIN_REQUIRED; } ads_status = ads_get_joinable_ous(ads, ctx, (char ***)r->out.ous, (size_t *)r->out.ou_count); if (!ADS_ERR_OK(ads_status)) { ads_destroy(&ads); return WERR_DEFAULT_JOIN_REQUIRED; } ads_destroy(&ads); return WERR_OK; #else return WERR_NOT_SUPPORTED; #endif }
//extern void ads_show_logo(void); RET_CODE ads_module_init(void) { #ifndef WIN32 RET_CODE ret = ERR_FAILURE; OS_PRINTF("ADS: ise==init enter\n" ); //customize ads ads_event_info_t event_info; ads_event_id_t ads_event = ADS_EVT_NONE; u32 bticks=0; u32 adm_id; module_config.channel_frequency = ad_maintp.tp_freq; module_config.channel_symbolrate = ad_maintp.tp_sym; module_config.channel_qam = ad_maintp.nim_modulate; module_config.flash_start_adr= dm_get_block_addr(class_get_handle_by_id(DM_CLASS_ID), LOGO_BLOCK_ID_M3); //module_config.p_dmx_dev = dev_find_identifier(NULL, DEV_IDT_TYPE, SYS_DEV_TYPE_PTI); module_config.nvram_read= nvram_read; module_config.nvram_write= nvram_write; module_config.nvram_erase= nvram_erase; module_config.flash_size= dm_get_block_size(class_get_handle_by_id(DM_CLASS_ID), LOGO_BLOCK_ID_M3); module_config.pic_in = ADS_PIC_IN_SDRAM; module_config.task_prio_start= AD_TASK_PRIO_START; module_config.task_prio_end= AD_TASK_PRIO_END; module_config.read_gif = ui_adv_set_pic; module_config.read_float= ui_adv_set_float; OS_PRINTF("ADS: task_prio_start\n" ); OS_PRINTF("ADS:module_config.flash_start_adr===0x%x\n", module_config.flash_start_adr); ret = ads_adt_qz_attach(&module_config, &adm_id); MT_ASSERT(SUCCESS == ret); ret=ads_init(adm_id,&module_config); if(ret != SUCCESS && ret != ERR_TIMEOUT) { return ret; } //ads_show_logo(); //MT_ASSERT(SUCCESS == ret); bticks = mtos_ticks_get(); ret = ads_io_ctrl(adm_id, ADS_IOCMD_AD_SEARCH_SET, &module_config); OS_PRINTF("ADS: ioctrl ret===%d\n", ret); while(1) { ads_event_polling(&event_info); ads_event = ads_event_parse(event_info.events[adm_id]); //OS_PRINTF("ads_module_init while 1\n"); if(ads_event == ADS_S_ADSERACH_FINISHED) { break; } if ((mtos_ticks_get() - bticks) > 2000) { ret = ads_io_ctrl(ADS_ID_ADT_QZ, ADS_IOCMD_AD_EXIT_TIMEOUT, NULL); OS_PRINTF("ADS: search time out"); } mtos_task_sleep(500); } OS_PRINTF("ads_module_init while 4\n"); ads_module_open(adm_id); mtos_task_delay_ms(100); ret = SUCCESS; return ret; #endif }
/** * @brief Establish a connection to a DC * * @param[out] adsp ADS_STRUCT that will be created * @param[in] target_realm Realm of domain to connect to * @param[in] target_dom_name 'workgroup' name of domain to connect to * @param[in] ldap_server DNS name of server to connect to * @param[in] password Our machine acount secret * @param[in] auth_realm Realm of local domain for creating krb token * @param[in] renewable Renewable ticket time * * @return ADS_STATUS */ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp, const char *target_realm, const char *target_dom_name, const char *ldap_server, char *password, char *auth_realm, time_t renewable) { ADS_STRUCT *ads; ADS_STATUS status; struct sockaddr_storage dc_ss; fstring dc_name; if (auth_realm == NULL) { return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); } /* we don't want this to affect the users ccache */ setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1); ads = ads_init(target_realm, target_dom_name, ldap_server); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", target_dom_name)); return ADS_ERROR(LDAP_NO_MEMORY); } SAFE_FREE(ads->auth.password); SAFE_FREE(ads->auth.realm); ads->auth.renewable = renewable; ads->auth.password = password; ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP; ads->auth.realm = SMB_STRDUP(auth_realm); if (!strupper_m(ads->auth.realm)) { ads_destroy(&ads); return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR); } /* Setup the server affinity cache. We don't reaally care about the name. Just setup affinity and the KRB5_CONFIG file. */ get_dc_name(ads->server.workgroup, ads->server.realm, dc_name, &dc_ss); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { DEBUG(1,("ads_connect for domain %s failed: %s\n", target_dom_name, ads_errstr(status))); ads_destroy(&ads); return status; } /* set the flag that says we don't own the memory even though we do so that ads_destroy() won't destroy the structure we pass back by reference */ ads->is_mine = False; *adsp = ads; return status; }
static int net_ads_password(int argc, const char **argv) { ADS_STRUCT *ads; const char *auth_principal = opt_user_name; const char *auth_password = opt_password; char *realm = NULL; char *new_password = NULL; char *c, *prompt; const char *user; ADS_STATUS ret; if (opt_user_name == NULL || opt_password == NULL) { d_printf("You must supply an administrator username/password\n"); return -1; } if (argc < 1) { d_printf("ERROR: You must say which username to change password for\n"); return -1; } user = argv[0]; if (!strchr_m(user, '@')) { asprintf(&c, "%s@%s", argv[0], lp_realm()); user = c; } use_in_memory_ccache(); c = strchr(auth_principal, '@'); if (c) { realm = ++c; } else { realm = lp_realm(); } /* use the realm so we can eventually change passwords for users in realms other than default */ if (!(ads = ads_init(realm, NULL, NULL))) { return -1; } /* we don't actually need a full connect, but it's the easy way to fill in the KDC's addresss */ ads_connect(ads); if (!ads || !ads->config.realm) { d_printf("Didn't find the kerberos server!\n"); return -1; } if (argv[1]) { new_password = (char *)argv[1]; } else { asprintf(&prompt, "Enter new password for %s:", user); new_password = getpass(prompt); free(prompt); } ret = kerberos_set_password(ads->auth.kdc_server, auth_principal, auth_password, user, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { d_printf("Password change failed :-( ...\n"); ads_destroy(&ads); return -1; } d_printf("Password change for %s completed.\n", user); ads_destroy(&ads); return 0; }
static ADS_STRUCT *ads_startup(void) { ADS_STRUCT *ads; ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; char *cp; /* lp_realm() should be handled by a command line param, However, the join requires that realm be set in smb.conf and compares our realm with the remote server's so this is ok until someone needs more flexibility */ ads = ads_init(lp_realm(), opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; } if (opt_user_specified) { need_password = True; } retry: if (!opt_password && need_password && !opt_machine_pass) { char *prompt; asprintf(&prompt,"%s's password: "******"name@realm", * extract the realm and convert to upper case. * This is only used to establish the connection. */ if ((cp = strchr(ads->auth.user_name, '@'))!=0) { *cp++ = '\0'; ads->auth.realm = smb_xstrdup(cp); strupper_m(ads->auth.realm); } status = ads_connect(ads); if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { need_password = True; second_time = True; goto retry; } else { DEBUG(0,("ads_connect: %s\n", ads_errstr(status))); return NULL; } } return ads; }
WERROR nt_printer_publish(TALLOC_CTX *mem_ctx, const struct auth_serversupplied_info *session_info, struct messaging_context *msg_ctx, struct spoolss_PrinterInfo2 *pinfo2, int action) { uint32_t info2_mask = SPOOLSS_PRINTER_INFO_ATTRIBUTES; struct spoolss_SetPrinterInfo2 *sinfo2; ADS_STATUS ads_rc; ADS_STRUCT *ads = NULL; WERROR win_rc; sinfo2 = talloc_zero(mem_ctx, struct spoolss_SetPrinterInfo2); if (!sinfo2) { return WERR_NOMEM; } switch (action) { case DSPRINT_PUBLISH: case DSPRINT_UPDATE: pinfo2->attributes |= PRINTER_ATTRIBUTE_PUBLISHED; break; case DSPRINT_UNPUBLISH: pinfo2->attributes ^= PRINTER_ATTRIBUTE_PUBLISHED; break; default: win_rc = WERR_NOT_SUPPORTED; goto done; } sinfo2->attributes = pinfo2->attributes; win_rc = winreg_update_printer(mem_ctx, session_info, msg_ctx, pinfo2->sharename, info2_mask, sinfo2, NULL, NULL); if (!W_ERROR_IS_OK(win_rc)) { DEBUG(3, ("err %d saving data\n", W_ERROR_V(win_rc))); goto done; } TALLOC_FREE(sinfo2); ads = ads_init(lp_realm(), lp_workgroup(), NULL); if (!ads) { DEBUG(3, ("ads_init() failed\n")); win_rc = WERR_SERVER_UNAVAILABLE; goto done; } setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); SAFE_FREE(ads->auth.password); ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); /* ads_connect() will find the DC for us */ ads_rc = ads_connect(ads); if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc))); win_rc = WERR_ACCESS_DENIED; goto done; } switch (action) { case DSPRINT_PUBLISH: case DSPRINT_UPDATE: win_rc = nt_printer_publish_ads(msg_ctx, ads, pinfo2); break; case DSPRINT_UNPUBLISH: win_rc = nt_printer_unpublish_ads(ads, pinfo2->sharename); break; } done: ads_destroy(&ads); return win_rc; }
WERROR check_published_printers(struct messaging_context *msg_ctx) { ADS_STATUS ads_rc; ADS_STRUCT *ads = NULL; int snum; int n_services = lp_numservices(); TALLOC_CTX *tmp_ctx = NULL; struct auth_serversupplied_info *session_info = NULL; struct spoolss_PrinterInfo2 *pinfo2; NTSTATUS status; WERROR result; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return WERR_NOMEM; ads = ads_init(lp_realm(), lp_workgroup(), NULL); if (!ads) { DEBUG(3, ("ads_init() failed\n")); return WERR_SERVER_UNAVAILABLE; } setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1); SAFE_FREE(ads->auth.password); ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); /* ads_connect() will find the DC for us */ ads_rc = ads_connect(ads); if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc))); result = WERR_ACCESS_DENIED; goto done; } status = make_session_info_system(tmp_ctx, &session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("check_published_printers: " "Could not create system session_info\n")); result = WERR_ACCESS_DENIED; goto done; } for (snum = 0; snum < n_services; snum++) { if (!lp_snum_ok(snum) || !lp_print_ok(snum)) { continue; } result = winreg_get_printer(tmp_ctx, session_info, msg_ctx, lp_servicename(snum), &pinfo2); if (!W_ERROR_IS_OK(result)) { continue; } if (pinfo2->attributes & PRINTER_ATTRIBUTE_PUBLISHED) { nt_printer_publish_ads(msg_ctx, ads, pinfo2); } TALLOC_FREE(pinfo2); } result = WERR_OK; done: ads_destroy(&ads); ads_kdestroy("MEMORY:prtpub_cache"); talloc_free(tmp_ctx); return result; }
int ads_has_subscription(Env E, char *sub, char *id) { LDAP *ld = E->ldap; LDAPMessage *result, *e; char *regid = NULL; int i; int nv = 0; char filter[2048]; char *dn = NULL; int rc; int try; int ret = 0; /* Look for the account record */ snprintf(filter, 2048, "(&(uwNetID=%s)(uwActiveSubscription=%s))", id, sub); // syslog(LOG_DEBUG, "search: \"%s\"\n", filter); // long delays can disconnect us for (try=0; try<2; try++) { if (!(ld||(ld=ads_init(E)))) { syslog(LOG_ERR, "no ldap, cannot verify!"); return (-1); } if ((rc=ldap_search_s(ld, E->ads_base, LDAP_SCOPE_SUBTREE, filter, ads_attributes, 0, &result )) != LDAP_SUCCESS ) { if (try>0) report_error(rc, "ldap_search_s" ); ldap_msgfree( result ); ld = NULL; continue; } break; // success } if (try==2) { syslog(LOG_ERR, "no ldap, cannot verify!"); return (-1); } if (ldap_count_entries(ld, result)>0) { // this is not necessary e = ldap_first_entry( ld, result ); char *nid = get_attr_value(ld, e, "uwNetID"); syslog(LOG_DEBUG, "found: \"%s\"\n", nid); free(nid); ret = 1; } else { syslog(LOG_DEBUG, "not found"); } ldap_msgfree( result ); return (ret); } /* ----- connect and disconnect -------------------------- */ #ifdef LDAP_DEBUG static void set_ldap_debug() { if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &tegea_debug ) != LBER_OPT_SUCCESS ) { fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", tegea_debug ); } if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &tegea_debug ) != LDAP_OPT_SUCCESS ) { fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", tegea_debug ); } } #endif /* Callback from the sasl bind */ static int tsasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in) { sasl_interact_t *interact = in; /* Should loop through, ++interact, for full SASL stuff. */ if (interact->id != SASL_CB_LIST_END) { interact->result = (char *) interact->defresult; if (interact->defresult) interact->len = strlen(interact->defresult); else interact->len = 0; } return LDAP_SUCCESS; } static int set_int_option(LDAP *ld, int option, int iv) { int rc; if ( (rc=ldap_set_option( NULL, option, &iv )) != LDAP_SUCCESS ) { report_error(rc, "set int opt"); return (0); } return (1); }