static RET_CODE ads_dvbad_module_init(void)
{
RET_CODE ret = ERR_FAILURE;
module_config.channel_frequency = ad_maintp.tp_freq;
module_config.channel_symbolrate = ad_maintp.tp_sym;
module_config.channel_qam = ad_maintp.nim_modulate;
module_config.flash_size = (u32)DVB_LOGO_MAX_LEN;
module_config.flash_start_addr = (u8*)DVB_LOGO_START_ADDR;
module_config.pic_in = ADS_PIC_IN_SDRAM;
module_config.task_priority = PRIORITY_LEVEL_DEFAULT;
module_config.platform_type = ADS_PLATFORM_SD;
DVB_ADS_PRINTF("ADS:ads_module_config.flash_start_adr= 0x%x, flash_size = 0x%x \n", (unsigned int)module_config.flash_start_addr, (unsigned int)module_config.flash_size);
//according to the different ad to get the ads_id which will be used in the other func
ads_id = ads_adt_dvbad_attach(IN &module_config);
ret=ads_init(ads_id,&module_config);
if(ret != SUCCESS)
{
return ret;
}
ret = ads_open(ads_id);
if (ret != SUCCESS)
return ret;
GxCore_ThreadDelay(100);
memset(version,0,25);
ads_io_ctrl(ads_id, ADS_IOCMD_AD_VERSION_GET, version);
DVB_ADS_PRINTF("ad Version:%s\n",version);
return SUCCESS;
}
int main( int argc, char **argv )
{
_DBG( ( "Calling ads_init()\r\n" ) );
ads_init( argc, argv );
_DBG( ( "After ads_init()\r\n" ) );
#else
int main( void )
{
#endif
_DBG(("Calling Initialize\n"));
Initialize();
_DBG(("Calling RemoteConnect\n"));
RemoteConnect();
_DBG(("Calling Session\n"));
Session();
_DBG(("Calling TrapFini\n"));
TrapFini();
_DBG(("Calling RemoteDisco\n"));
RemoteDisco();
_DBG(("Calling RemoteUnLink\n"));
RemoteUnLinkX();
_DBG(("After calling RemoteUnLink\n"));
#ifdef ACAD
LetACADDie();
#endif
return( 0 );
}
static int net_ads_info(int argc, const char **argv)
{
ADS_STRUCT *ads;
ads = ads_init(NULL, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
}
ads_connect(ads);
if (!ads || !ads->config.realm) {
d_printf("Didn't find the ldap server!\n");
return -1;
}
d_printf("LDAP server: %s\n", inet_ntoa(ads->ldap_ip));
d_printf("LDAP server name: %s\n", ads->config.ldap_server_name);
d_printf("Realm: %s\n", ads->config.realm);
d_printf("Bind Path: %s\n", ads->config.bind_path);
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
d_printf("KDC server: %s\n", ads->auth.kdc_server );
d_printf("Server time offset: %d\n", ads->auth.time_offset );
return 0;
}
WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
struct GUID *pguid)
{
ADS_STRUCT *ads = NULL;
char *old_krb5ccname = NULL;
char *printer_dn;
WERROR result;
ADS_STATUS ads_status;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
return WERR_NOMEM;
}
ads = ads_init(lp_realm(), lp_workgroup(), NULL);
if (ads == NULL) {
result = WERR_SERVER_UNAVAILABLE;
goto out;
}
old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
SAFE_FREE(ads->auth.password);
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
ads_status = ads_connect(ads);
if (!ADS_ERR_OK(ads_status)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_status)));
result = WERR_ACCESS_DENIED;
goto out;
}
result = nt_printer_dn_lookup(tmp_ctx, ads, printer, &printer_dn);
if (!W_ERROR_IS_OK(result)) {
goto out;
}
result = nt_printer_guid_retrieve_internal(ads, printer_dn, pguid);
out:
TALLOC_FREE(tmp_ctx);
ads_destroy(&ads);
ads_kdestroy("MEMORY:prtpub_cache");
unsetenv(KRB5_ENV_CCNAME);
if (old_krb5ccname != NULL) {
setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0);
}
return result;
}
/*
this implements the CLDAP based netlogon lookup requests
for finding the domain controller of a ADS domain
*/
static int net_ads_lookup(int argc, const char **argv)
{
ADS_STRUCT *ads;
ads = ads_init(NULL, opt_target_workgroup, opt_host);
if (ads) {
ads->auth.flags |= ADS_AUTH_NO_BIND;
}
ads_connect(ads);
if (!ads || !ads->config.realm) {
d_printf("Didn't find the cldap server!\n");
return -1;
}
return ads_cldap_netlogon(ads);
}
static RET_CODE ads_xsm_module_init()
{
#ifndef WIN32
RET_CODE ret = ERR_FAILURE;
module_config.channel_frequency = ad_maintp.tp_freq;
module_config.channel_symbolrate = ad_maintp.tp_sym;
module_config.channel_qam = ad_maintp.nim_modulate;
module_config.flash_start_adr= dm_get_block_addr(class_get_handle_by_id(DM_CLASS_ID), DEC_RW_ADS_BLOCK_ID);
//module_config.flash_start_adr= 0;
module_config.nvram_read= nvram_read;
module_config.nvram_write= nvram_write;
module_config.nvram_erase= nvram_erase;
module_config.nvram_erase2 = nvram_erase2;
module_config.flash_size= dm_get_block_size(class_get_handle_by_id(DM_CLASS_ID), DEC_RW_ADS_BLOCK_ID);
module_config.p_dmx_dev = dev_find_identifier(NULL, DEV_IDT_TYPE, SYS_DEV_TYPE_PTI);
module_config.pic_in = ADS_PIC_IN_SDRAM;
module_config.task_prio_start= AD_TASK_PRIO_START;
module_config.task_prio_end= AD_TASK_PRIO_END;
module_config.display_ad = ui_adv_xsm_display;
module_config.hide_ad = ui_adv_xsm_hide;
module_config.read_gif = ui_adv_set_pic;
module_config.platform_type = ADS_PLATFORM_SD;
OS_PRINTF("ADS:ads_module_config.flash_start_adr===0x%x, flash_size = 0x%x \n", module_config.flash_start_adr, module_config.flash_size);
ret = ads_adt_xsm_attach(&module_config, &adm_id);
MT_ASSERT(SUCCESS == ret);
ret=ads_init(ADS_ID_ADT_XSM, &module_config);
if(ret != SUCCESS)
{
return ret;
}
ads_module_open(ADS_ID_ADT_XSM);
mtos_task_delay_ms(100);
return SUCCESS;
#endif
}
static BOOL ads_dc_name(const char *domain, const char *realm, struct in_addr *dc_ip, fstring srv_name)
{
#if 1 /* AR7 */
return False;
#else
ADS_STRUCT *ads;
if (!realm && strequal(domain, lp_workgroup()))
realm = lp_realm();
ads = ads_init(realm, domain, NULL);
if (!ads)
return False;
DEBUG(4,("ads_dc_name: domain=%s\n", domain));
#ifdef HAVE_ADS
/* we don't need to bind, just connect */
ads->auth.flags |= ADS_AUTH_NO_BIND;
ads_connect(ads);
#endif
if (!ads->config.realm) {
ads_destroy(&ads);
return False;
}
fstrcpy(srv_name, ads->config.ldap_server_name);
strupper_m(srv_name);
*dc_ip = ads->ldap_ip;
ads_destroy(&ads);
DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
srv_name, inet_ntoa(*dc_ip)));
return True;
#endif /* AR7 */
}
static NTSTATUS _idmap_adex_init(struct idmap_domain *dom)
{
ADS_STRUCT *ads = NULL;
ADS_STATUS status;
static NTSTATUS init_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
struct dom_sid domain_sid;
fstring dcname;
struct sockaddr_storage ip;
struct likewise_cell *lwcell;
if (NT_STATUS_IS_OK(init_status))
return NT_STATUS_OK;
/* Silently fail if we are not a member server in security = ads */
if ((lp_server_role() != ROLE_DOMAIN_MEMBER) ||
(lp_security() != SEC_ADS)) {
init_status = NT_STATUS_INVALID_SERVER_STATE;
BAIL_ON_NTSTATUS_ERROR(init_status);
}
/* fetch our domain SID first */
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
init_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
BAIL_ON_NTSTATUS_ERROR(init_status);
}
/* reuse the same ticket cache as winbindd */
setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
/* Establish a connection to a DC */
if ((ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL) {
init_status = NT_STATUS_NO_MEMORY;
BAIL_ON_NTSTATUS_ERROR(init_status);
}
ads->auth.password =
secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
ads->auth.realm = SMB_STRDUP(lp_realm());
/* get the DC name here to setup the server affinity cache and
local krb5.conf */
get_dc_name(lp_workgroup(), lp_realm(), dcname, &ip);
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(0, ("_idmap_adex_init: ads_connect() failed! (%s)\n",
ads_errstr(status)));
}
init_status = ads_ntstatus(status);
BAIL_ON_NTSTATUS_ERROR(init_status);
/* Find out cell membership */
init_status = cell_locate_membership(ads);
if (!NT_STATUS_IS_OK(init_status)) {
DEBUG(0,("LWI: Fail to locate cell membership (%s).",
nt_errstr(init_status)));
goto done;
}
/* Fill in the cell information */
lwcell = cell_list_head();
init_status = cell_lookup_settings(lwcell);
BAIL_ON_NTSTATUS_ERROR(init_status);
/* Miscellaneous setup. E.g. set up the list of GC
servers and domain list for our forest (does not actually
connect). */
init_status = gc_init_list();
BAIL_ON_NTSTATUS_ERROR(init_status);
init_status = domain_init_list();
BAIL_ON_NTSTATUS_ERROR(init_status);
done:
if (!NT_STATUS_IS_OK(init_status)) {
DEBUG(1,("Likewise initialization failed (%s)\n",
nt_errstr(init_status)));
}
/* cleanup */
if (!NT_STATUS_IS_OK(init_status)) {
cell_list_destroy();
/* init_status stores the failure reason but we need to
return success or else idmap_init() will drop us from the
backend list */
return NT_STATUS_OK;
}
init_status = NT_STATUS_OK;
return init_status;
}
static BOOL ads_dc_name(const char *domain,
const char *realm,
struct in_addr *dc_ip,
fstring srv_name)
{
#if 1 /* AVM */
return False;
#else
ADS_STRUCT *ads;
char *sitename;
int i;
if (!realm && strequal(domain, lp_workgroup())) {
realm = lp_realm();
}
sitename = sitename_fetch(realm);
/* Try this 3 times then give up. */
for( i =0 ; i < 3; i++) {
ads = ads_init(realm, domain, NULL);
if (!ads) {
SAFE_FREE(sitename);
return False;
}
DEBUG(4,("ads_dc_name: domain=%s\n", domain));
#ifdef HAVE_ADS
/* we don't need to bind, just connect */
ads->auth.flags |= ADS_AUTH_NO_BIND;
ads_connect(ads);
#endif
if (!ads->config.realm) {
SAFE_FREE(sitename);
ads_destroy(&ads);
return False;
}
/* Now we've found a server, see if our sitename
has changed. If so, we need to re-do the DNS query
to ensure we only find servers in our site. */
if (stored_sitename_changed(realm, sitename)) {
SAFE_FREE(sitename);
sitename = sitename_fetch(realm);
ads_destroy(&ads);
/* Ensure we don't cache the DC we just connected to. */
namecache_delete(realm, 0x1C);
namecache_delete(domain, 0x1C);
continue;
}
#ifdef HAVE_KRB5
if (is_our_primary_domain(domain) && (ads->config.flags & ADS_KDC)) {
if (ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
create_local_private_krb5_conf_for_domain(realm,
domain,
sitename,
ads->ldap_ip);
} else {
/* use an off site KDC */
create_local_private_krb5_conf_for_domain(realm,
domain,
NULL,
ads->ldap_ip);
}
}
#endif
break;
}
if (i == 3) {
DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n",
sitename ? sitename : ""));
SAFE_FREE(sitename);
return False;
}
SAFE_FREE(sitename);
fstrcpy(srv_name, ads->config.ldap_server_name);
strupper_m(srv_name);
*dc_ip = ads->ldap_ip;
ads_destroy(&ads);
DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
srv_name, inet_ntoa(*dc_ip)));
return True;
#endif /* AVM */
}
/*
return our ads connections structure for a domain. We keep the connection
open to make things faster
*/
static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
{
ADS_STRUCT *ads;
ADS_STATUS status;
fstring dc_name;
struct sockaddr_storage dc_ss;
DEBUG(10,("ads_cached_connection\n"));
if (domain->private_data) {
time_t expire;
time_t now = time(NULL);
/* check for a valid structure */
ads = (ADS_STRUCT *)domain->private_data;
expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
DEBUG(7, ("Current tickets expire in %d seconds (at %d, time is now %d)\n",
(uint32)expire-(uint32)now, (uint32) expire, (uint32) now));
if ( ads->config.realm && (expire > now)) {
return ads;
} else {
/* we own this ADS_STRUCT so make sure it goes away */
DEBUG(7,("Deleting expired krb5 credential cache\n"));
ads->is_mine = True;
ads_destroy( &ads );
ads_kdestroy("MEMORY:winbind_ccache");
domain->private_data = NULL;
}
}
/* we don't want this to affect the users ccache */
setenv("KRB5CCNAME", "MEMORY:winbind_ccache", 1);
ads = ads_init(domain->alt_name, domain->name, NULL);
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", domain->name));
return NULL;
}
/* the machine acct password might have change - fetch it every time */
SAFE_FREE(ads->auth.password);
SAFE_FREE(ads->auth.realm);
if ( IS_DC ) {
if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, NULL, NULL ) ) {
ads_destroy( &ads );
return NULL;
}
ads->auth.realm = SMB_STRDUP( ads->server.realm );
strupper_m( ads->auth.realm );
}
else {
struct winbindd_domain *our_domain = domain;
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
/* always give preference to the alt_name in our
primary domain if possible */
if ( !domain->primary )
our_domain = find_our_domain();
if ( our_domain->alt_name[0] != '\0' ) {
ads->auth.realm = SMB_STRDUP( our_domain->alt_name );
strupper_m( ads->auth.realm );
}
else
ads->auth.realm = SMB_STRDUP( lp_realm() );
}
ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
/* Setup the server affinity cache. We don't reaally care
about the name. Just setup affinity and the KRB5_CONFIG
file. */
get_dc_name( ads->server.workgroup, ads->server.realm, dc_name, &dc_ss );
status = ads_connect(ads);
if (!ADS_ERR_OK(status) || !ads->config.realm) {
DEBUG(1,("ads_connect for domain %s failed: %s\n",
domain->name, ads_errstr(status)));
ads_destroy(&ads);
/* if we get ECONNREFUSED then it might be a NT4
server, fall back to MSRPC */
if (status.error_type == ENUM_ADS_ERROR_SYSTEM &&
status.err.rc == ECONNREFUSED) {
/* 'reconnect_methods' is the MS-RPC backend. */
DEBUG(1,("Trying MSRPC methods\n"));
domain->backend = &reconnect_methods;
}
return NULL;
}
/* set the flag that says we don't own the memory even
though we do so that ads_destroy() won't destroy the
structure we pass back by reference */
ads->is_mine = False;
domain->private_data = (void *)ads;
return ads;
}
NTSTATUS cell_connect(struct likewise_cell *c)
{
ADS_STRUCT *ads = NULL;
ADS_STATUS ads_status;
fstring dc_name;
struct sockaddr_storage dcip;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
/* have to at least have the AD domain name */
if (!c->dns_domain) {
nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
BAIL_ON_NTSTATUS_ERROR(nt_status);
}
/* clear out any old information */
if (c->conn) {
ads_destroy(&c->conn);
c->conn = NULL;
}
/* now setup the new connection */
ads = ads_init(c->dns_domain, NULL, NULL);
BAIL_ON_PTR_ERROR(ads, nt_status);
ads->auth.password =
secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
ads->auth.realm = SMB_STRDUP(lp_realm());
/* Make the connection. We should already have an initial
TGT using the machine creds */
if (cell_flags(c) & LWCELL_FLAG_GC_CELL) {
ads_status = ads_connect_gc(ads);
} else {
/* Set up server affinity for normal cells and the client
site name cache */
if (!get_dc_name("", c->dns_domain, dc_name, &dcip)) {
nt_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
BAIL_ON_NTSTATUS_ERROR(nt_status);
}
ads_status = ads_connect(ads);
}
c->conn = ads;
nt_status = ads_ntstatus(ads_status);
done:
if (!NT_STATUS_IS_OK(nt_status)) {
ads_destroy(&ads);
c->conn = NULL;
}
return nt_status;
}
WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
struct NetGetJoinableOUs *r)
{
#ifdef WITH_ADS
NTSTATUS status;
ADS_STATUS ads_status;
ADS_STRUCT *ads = NULL;
struct netr_DsRGetDCNameInfo *info = NULL;
const char *dc = NULL;
uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
DS_RETURN_DNS_NAME;
status = dsgetdcname(ctx, NULL, r->in.domain,
NULL, NULL, flags, &info);
if (!NT_STATUS_IS_OK(status)) {
libnetapi_set_error_string(ctx, "%s",
get_friendly_nt_error_msg(status));
return ntstatus_to_werror(status);
}
dc = strip_hostname(info->dc_unc);
ads = ads_init(info->domain_name, info->domain_name, dc);
if (!ads) {
return WERR_GENERAL_FAILURE;
}
SAFE_FREE(ads->auth.user_name);
if (r->in.account) {
ads->auth.user_name = SMB_STRDUP(r->in.account);
} else if (ctx->username) {
ads->auth.user_name = SMB_STRDUP(ctx->username);
}
SAFE_FREE(ads->auth.password);
if (r->in.password) {
ads->auth.password = SMB_STRDUP(r->in.password);
} else if (ctx->password) {
ads->auth.password = SMB_STRDUP(ctx->password);
}
ads_status = ads_connect_user_creds(ads);
if (!ADS_ERR_OK(ads_status)) {
ads_destroy(&ads);
return WERR_DEFAULT_JOIN_REQUIRED;
}
ads_status = ads_get_joinable_ous(ads, ctx,
(char ***)r->out.ous,
(size_t *)r->out.ou_count);
if (!ADS_ERR_OK(ads_status)) {
ads_destroy(&ads);
return WERR_DEFAULT_JOIN_REQUIRED;
}
ads_destroy(&ads);
return WERR_OK;
#else
return WERR_NOT_SUPPORTED;
#endif
}
//extern void ads_show_logo(void);
RET_CODE ads_module_init(void)
{
#ifndef WIN32
RET_CODE ret = ERR_FAILURE;
OS_PRINTF("ADS: ise==init enter\n" );
//customize ads
ads_event_info_t event_info;
ads_event_id_t ads_event = ADS_EVT_NONE;
u32 bticks=0;
u32 adm_id;
module_config.channel_frequency = ad_maintp.tp_freq;
module_config.channel_symbolrate = ad_maintp.tp_sym;
module_config.channel_qam = ad_maintp.nim_modulate;
module_config.flash_start_adr= dm_get_block_addr(class_get_handle_by_id(DM_CLASS_ID), LOGO_BLOCK_ID_M3);
//module_config.p_dmx_dev = dev_find_identifier(NULL, DEV_IDT_TYPE, SYS_DEV_TYPE_PTI);
module_config.nvram_read= nvram_read;
module_config.nvram_write= nvram_write;
module_config.nvram_erase= nvram_erase;
module_config.flash_size= dm_get_block_size(class_get_handle_by_id(DM_CLASS_ID), LOGO_BLOCK_ID_M3);
module_config.pic_in = ADS_PIC_IN_SDRAM;
module_config.task_prio_start= AD_TASK_PRIO_START;
module_config.task_prio_end= AD_TASK_PRIO_END;
module_config.read_gif = ui_adv_set_pic;
module_config.read_float= ui_adv_set_float;
OS_PRINTF("ADS: task_prio_start\n" );
OS_PRINTF("ADS:module_config.flash_start_adr===0x%x\n", module_config.flash_start_adr);
ret = ads_adt_qz_attach(&module_config, &adm_id);
MT_ASSERT(SUCCESS == ret);
ret=ads_init(adm_id,&module_config);
if(ret != SUCCESS && ret != ERR_TIMEOUT)
{
return ret;
}
//ads_show_logo();
//MT_ASSERT(SUCCESS == ret);
bticks = mtos_ticks_get();
ret = ads_io_ctrl(adm_id, ADS_IOCMD_AD_SEARCH_SET, &module_config);
OS_PRINTF("ADS: ioctrl ret===%d\n", ret);
while(1)
{
ads_event_polling(&event_info);
ads_event = ads_event_parse(event_info.events[adm_id]);
//OS_PRINTF("ads_module_init while 1\n");
if(ads_event == ADS_S_ADSERACH_FINISHED)
{
break;
}
if ((mtos_ticks_get() - bticks) > 2000)
{
ret = ads_io_ctrl(ADS_ID_ADT_QZ, ADS_IOCMD_AD_EXIT_TIMEOUT, NULL);
OS_PRINTF("ADS: search time out");
}
mtos_task_sleep(500);
}
OS_PRINTF("ads_module_init while 4\n");
ads_module_open(adm_id);
mtos_task_delay_ms(100);
ret = SUCCESS;
return ret;
#endif
}
/**
* @brief Establish a connection to a DC
*
* @param[out] adsp ADS_STRUCT that will be created
* @param[in] target_realm Realm of domain to connect to
* @param[in] target_dom_name 'workgroup' name of domain to connect to
* @param[in] ldap_server DNS name of server to connect to
* @param[in] password Our machine acount secret
* @param[in] auth_realm Realm of local domain for creating krb token
* @param[in] renewable Renewable ticket time
*
* @return ADS_STATUS
*/
static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
const char *target_realm,
const char *target_dom_name,
const char *ldap_server,
char *password,
char *auth_realm,
time_t renewable)
{
ADS_STRUCT *ads;
ADS_STATUS status;
struct sockaddr_storage dc_ss;
fstring dc_name;
if (auth_realm == NULL) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
/* we don't want this to affect the users ccache */
setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1);
ads = ads_init(target_realm, target_dom_name, ldap_server);
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", target_dom_name));
return ADS_ERROR(LDAP_NO_MEMORY);
}
SAFE_FREE(ads->auth.password);
SAFE_FREE(ads->auth.realm);
ads->auth.renewable = renewable;
ads->auth.password = password;
ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
ads->auth.realm = SMB_STRDUP(auth_realm);
if (!strupper_m(ads->auth.realm)) {
ads_destroy(&ads);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* Setup the server affinity cache. We don't reaally care
about the name. Just setup affinity and the KRB5_CONFIG
file. */
get_dc_name(ads->server.workgroup, ads->server.realm, dc_name, &dc_ss);
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_connect for domain %s failed: %s\n",
target_dom_name, ads_errstr(status)));
ads_destroy(&ads);
return status;
}
/* set the flag that says we don't own the memory even
though we do so that ads_destroy() won't destroy the
structure we pass back by reference */
ads->is_mine = False;
*adsp = ads;
return status;
}
static int net_ads_password(int argc, const char **argv)
{
ADS_STRUCT *ads;
const char *auth_principal = opt_user_name;
const char *auth_password = opt_password;
char *realm = NULL;
char *new_password = NULL;
char *c, *prompt;
const char *user;
ADS_STATUS ret;
if (opt_user_name == NULL || opt_password == NULL) {
d_printf("You must supply an administrator username/password\n");
return -1;
}
if (argc < 1) {
d_printf("ERROR: You must say which username to change password for\n");
return -1;
}
user = argv[0];
if (!strchr_m(user, '@')) {
asprintf(&c, "%s@%s", argv[0], lp_realm());
user = c;
}
use_in_memory_ccache();
c = strchr(auth_principal, '@');
if (c) {
realm = ++c;
} else {
realm = lp_realm();
}
/* use the realm so we can eventually change passwords for users
in realms other than default */
if (!(ads = ads_init(realm, NULL, NULL))) {
return -1;
}
/* we don't actually need a full connect, but it's the easy way to
fill in the KDC's addresss */
ads_connect(ads);
if (!ads || !ads->config.realm) {
d_printf("Didn't find the kerberos server!\n");
return -1;
}
if (argv[1]) {
new_password = (char *)argv[1];
} else {
asprintf(&prompt, "Enter new password for %s:", user);
new_password = getpass(prompt);
free(prompt);
}
ret = kerberos_set_password(ads->auth.kdc_server, auth_principal,
auth_password, user, new_password, ads->auth.time_offset);
if (!ADS_ERR_OK(ret)) {
d_printf("Password change failed :-( ...\n");
ads_destroy(&ads);
return -1;
}
d_printf("Password change for %s completed.\n", user);
ads_destroy(&ads);
return 0;
}
static ADS_STRUCT *ads_startup(void)
{
ADS_STRUCT *ads;
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
char *cp;
/* lp_realm() should be handled by a command line param,
However, the join requires that realm be set in smb.conf
and compares our realm with the remote server's so this is
ok until someone needs more flexibility */
ads = ads_init(lp_realm(), opt_target_workgroup, opt_host);
if (!opt_user_name) {
opt_user_name = "administrator";
}
if (opt_user_specified) {
need_password = True;
}
retry:
if (!opt_password && need_password && !opt_machine_pass) {
char *prompt;
asprintf(&prompt,"%s's password: "******"name@realm",
* extract the realm and convert to upper case.
* This is only used to establish the connection.
*/
if ((cp = strchr(ads->auth.user_name, '@'))!=0) {
*cp++ = '\0';
ads->auth.realm = smb_xstrdup(cp);
strupper_m(ads->auth.realm);
}
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
second_time = True;
goto retry;
} else {
DEBUG(0,("ads_connect: %s\n", ads_errstr(status)));
return NULL;
}
}
return ads;
}
WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
const struct auth_serversupplied_info *session_info,
struct messaging_context *msg_ctx,
struct spoolss_PrinterInfo2 *pinfo2,
int action)
{
uint32_t info2_mask = SPOOLSS_PRINTER_INFO_ATTRIBUTES;
struct spoolss_SetPrinterInfo2 *sinfo2;
ADS_STATUS ads_rc;
ADS_STRUCT *ads = NULL;
WERROR win_rc;
sinfo2 = talloc_zero(mem_ctx, struct spoolss_SetPrinterInfo2);
if (!sinfo2) {
return WERR_NOMEM;
}
switch (action) {
case DSPRINT_PUBLISH:
case DSPRINT_UPDATE:
pinfo2->attributes |= PRINTER_ATTRIBUTE_PUBLISHED;
break;
case DSPRINT_UNPUBLISH:
pinfo2->attributes ^= PRINTER_ATTRIBUTE_PUBLISHED;
break;
default:
win_rc = WERR_NOT_SUPPORTED;
goto done;
}
sinfo2->attributes = pinfo2->attributes;
win_rc = winreg_update_printer(mem_ctx, session_info, msg_ctx,
pinfo2->sharename, info2_mask,
sinfo2, NULL, NULL);
if (!W_ERROR_IS_OK(win_rc)) {
DEBUG(3, ("err %d saving data\n", W_ERROR_V(win_rc)));
goto done;
}
TALLOC_FREE(sinfo2);
ads = ads_init(lp_realm(), lp_workgroup(), NULL);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
win_rc = WERR_SERVER_UNAVAILABLE;
goto done;
}
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
SAFE_FREE(ads->auth.password);
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
/* ads_connect() will find the DC for us */
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
win_rc = WERR_ACCESS_DENIED;
goto done;
}
switch (action) {
case DSPRINT_PUBLISH:
case DSPRINT_UPDATE:
win_rc = nt_printer_publish_ads(msg_ctx, ads, pinfo2);
break;
case DSPRINT_UNPUBLISH:
win_rc = nt_printer_unpublish_ads(ads, pinfo2->sharename);
break;
}
done:
ads_destroy(&ads);
return win_rc;
}
WERROR check_published_printers(struct messaging_context *msg_ctx)
{
ADS_STATUS ads_rc;
ADS_STRUCT *ads = NULL;
int snum;
int n_services = lp_numservices();
TALLOC_CTX *tmp_ctx = NULL;
struct auth_serversupplied_info *session_info = NULL;
struct spoolss_PrinterInfo2 *pinfo2;
NTSTATUS status;
WERROR result;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return WERR_NOMEM;
ads = ads_init(lp_realm(), lp_workgroup(), NULL);
if (!ads) {
DEBUG(3, ("ads_init() failed\n"));
return WERR_SERVER_UNAVAILABLE;
}
setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
SAFE_FREE(ads->auth.password);
ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
/* ads_connect() will find the DC for us */
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
result = WERR_ACCESS_DENIED;
goto done;
}
status = make_session_info_system(tmp_ctx, &session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("check_published_printers: "
"Could not create system session_info\n"));
result = WERR_ACCESS_DENIED;
goto done;
}
for (snum = 0; snum < n_services; snum++) {
if (!lp_snum_ok(snum) || !lp_print_ok(snum)) {
continue;
}
result = winreg_get_printer(tmp_ctx, session_info, msg_ctx,
lp_servicename(snum),
&pinfo2);
if (!W_ERROR_IS_OK(result)) {
continue;
}
if (pinfo2->attributes & PRINTER_ATTRIBUTE_PUBLISHED) {
nt_printer_publish_ads(msg_ctx, ads, pinfo2);
}
TALLOC_FREE(pinfo2);
}
result = WERR_OK;
done:
ads_destroy(&ads);
ads_kdestroy("MEMORY:prtpub_cache");
talloc_free(tmp_ctx);
return result;
}
int ads_has_subscription(Env E, char *sub, char *id)
{
LDAP *ld = E->ldap;
LDAPMessage *result, *e;
char *regid = NULL;
int i;
int nv = 0;
char filter[2048];
char *dn = NULL;
int rc;
int try;
int ret = 0;
/* Look for the account record */
snprintf(filter, 2048, "(&(uwNetID=%s)(uwActiveSubscription=%s))", id, sub);
// syslog(LOG_DEBUG, "search: \"%s\"\n", filter);
// long delays can disconnect us
for (try=0; try<2; try++) {
if (!(ld||(ld=ads_init(E)))) {
syslog(LOG_ERR, "no ldap, cannot verify!");
return (-1);
}
if ((rc=ldap_search_s(ld, E->ads_base, LDAP_SCOPE_SUBTREE,
filter, ads_attributes, 0, &result )) != LDAP_SUCCESS ) {
if (try>0) report_error(rc, "ldap_search_s" );
ldap_msgfree( result );
ld = NULL;
continue;
}
break; // success
}
if (try==2) {
syslog(LOG_ERR, "no ldap, cannot verify!");
return (-1);
}
if (ldap_count_entries(ld, result)>0) {
// this is not necessary
e = ldap_first_entry( ld, result );
char *nid = get_attr_value(ld, e, "uwNetID");
syslog(LOG_DEBUG, "found: \"%s\"\n", nid);
free(nid);
ret = 1;
} else {
syslog(LOG_DEBUG, "not found");
}
ldap_msgfree( result );
return (ret);
}
/* ----- connect and disconnect -------------------------- */
#ifdef LDAP_DEBUG
static void set_ldap_debug()
{
if( ber_set_option( NULL, LBER_OPT_DEBUG_LEVEL, &tegea_debug )
!= LBER_OPT_SUCCESS ) {
fprintf( stderr, "Could not set LBER_OPT_DEBUG_LEVEL %d\n", tegea_debug );
}
if( ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &tegea_debug )
!= LDAP_OPT_SUCCESS ) {
fprintf( stderr, "Could not set LDAP_OPT_DEBUG_LEVEL %d\n", tegea_debug );
}
}
#endif
/* Callback from the sasl bind */
static int tsasl_interact(LDAP *ld, unsigned flags, void *defaults, void *in)
{
sasl_interact_t *interact = in;
/* Should loop through, ++interact, for full SASL stuff. */
if (interact->id != SASL_CB_LIST_END) {
interact->result = (char *) interact->defresult;
if (interact->defresult)
interact->len = strlen(interact->defresult);
else
interact->len = 0;
}
return LDAP_SUCCESS;
}
static int set_int_option(LDAP *ld, int option, int iv)
{
int rc;
if ( (rc=ldap_set_option( NULL, option, &iv )) != LDAP_SUCCESS ) {
report_error(rc, "set int opt");
return (0);
}
return (1);
}