コード例 #1
0
ファイル: filexfer.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
GetPreferredDCAddress(
    PSTR  pszDomain,
    PSTR* ppszDCAddress
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PLWNET_DC_INFO pDCInfo = NULL;
    PSTR pszDCAddress = NULL;

    dwError = LWNetGetDCName(
                NULL,
                pszDomain,
                NULL,  //pszSiteName
                0,     //dwFlags
                &pDCInfo);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateString(
                  pDCInfo->pszDomainControllerName,
                  &pszDCAddress);
    BAIL_ON_MAC_ERROR(dwError);

    *ppszDCAddress = pszDCAddress;

cleanup:

    if (pDCInfo)
    {
        LWNetFreeDCInfo(pDCInfo);
    }

    return dwError;

error:

    *ppszDCAddress = NULL;

    LW_SAFE_FREE_STRING(pszDCAddress);

    goto cleanup;
}
コード例 #2
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
static
DWORD
ADUPutGPTINIFile(
    PSTR  pszFolderPath,
    PSTR  pszgPCFileSysPath
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR pszDestPath = NULL;
    PSTR pszDomainName = NULL;
    PSTR pszPolicyIdentifier = NULL;

    /* This routine expects the local layout of cached policy files to be found under LWDS_ADMIN_CACHE_DIR,
       here there should be sub-directories for each policy identifier and a file GPT.ini which has
       been updated to reflect the version information that needs to be copied to the AD DC.  This
       function will determine the policy identifier and build the path to the local GPT.INI file and
       the path to the GPT.INI file in the syvol location for the specific GPO.*/
    dwError =  ADUCrackFileSysPath(pszgPCFileSysPath,
                                    &pszDomainName,
                                    &pszDestPath,
                                    &pszPolicyIdentifier);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = ADUSMBPutFile(pszDomainName,
                            pszFolderPath,
                            (PSTR)"GPT.INI",
                            pszDestPath);
    BAIL_ON_MAC_ERROR(dwError);

cleanup:

    LW_SAFE_FREE_STRING(pszDomainName);
    LW_SAFE_FREE_STRING(pszPolicyIdentifier);
    LW_SAFE_FREE_STRING(pszDestPath);

    return dwError;

error:

    goto cleanup;
}
コード例 #3
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWDeleteNameValuePairBySectionName(
    PCFGSECTION pSectionList,
    PCSTR pszSectionName,
    PCSTR pszName
    )
{
    DWORD dwError = 0;
    PCFGSECTION pSection = NULL;

    if (IsNullOrEmptyString(pszSectionName) ||
        IsNullOrEmptyString(pszName)) {
        dwError = MAC_AD_ERROR_INVALID_PARAMETER;
        BAIL_ON_MAC_ERROR(dwError);
    }

    while (pSectionList) {
        if (!strcmp(pszSectionName, pszName)) {
            pSection = pSectionList;
            break;
        }
        pSectionList = pSectionList->pNext;
    }

    if (!pSection) {
        dwError = MAC_AD_ERROR_INVALID_RECORD_TYPE;
        goto error;
    }

    dwError = LWDeleteNameValuePairBySection(pSection, pszName);
    BAIL_ON_MAC_ERROR(dwError);

cleanup:

    return dwError;

error:

    goto cleanup;
}
コード例 #4
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUParseAndSetGPTVersion(
    PSTR  pszFilePath,
    DWORD dwGPTVersion
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    char szValue[256];
    PCFGSECTION pSectionList = NULL;

    memset(szValue, 0, sizeof(szValue));
	sprintf(szValue, "%d", dwGPTVersion);

    dwError = LWParseConfigFile(pszFilePath,
                                &pSectionList,
                                FALSE);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWSetConfigValueBySectionName(pSectionList,
                                            "General",
                                            "Version",
                                            szValue);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWSaveConfigSectionList(pszFilePath, pSectionList);
    BAIL_ON_MAC_ERROR(dwError);

cleanup:

    if (pSectionList) {
        LWFreeConfigSectionList(pSectionList);
    }

    return dwError;

error:

    goto cleanup;
}
コード例 #5
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUSetPolicyVersionInAD(
    PGROUP_POLICY_OBJECT pGPO,
    DWORD dwVersion)
{
    DWORD dwError = 0;
    PSTR pszDomainName = NULL;
    PSTR pszSourcePath = NULL;
    PSTR pszPolicyIdentifier = NULL;
    HANDLE hDirectory = (HANDLE)NULL;

    dwError =  ADUCrackFileSysPath(pGPO->pszgPCFileSysPath,
                                    &pszDomainName,
                                    &pszSourcePath,
                                    &pszPolicyIdentifier);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = ADUOpenLwLdapDirectory(pszDomainName, &hDirectory);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapPutUInt32(hDirectory, pGPO->pszPolicyDN, ADU_VERSION_NUMBER_ATTR, dwVersion);
    BAIL_ON_MAC_ERROR(dwError);

cleanup:

    LW_SAFE_FREE_STRING(pszDomainName);
    LW_SAFE_FREE_STRING(pszSourcePath);
    LW_SAFE_FREE_STRING(pszPolicyIdentifier);

    if (hDirectory)
        LwLdapCloseDirectory(hDirectory);

    return dwError;

error:

    goto cleanup;
}
コード例 #6
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWDeleteConfigSection(
    PCFGSECTION* ppSectionList,
    PCSTR pszSectionName
    )
{
    DWORD dwError = 0;
    PCFGSECTION pSection = NULL;
    PCFGSECTION pIterSection = *ppSectionList;
    PCFGSECTION pPrevSection = NULL;

    if (IsNullOrEmptyString(pszSectionName)) {
        dwError = MAC_AD_ERROR_INVALID_PARAMETER;
        BAIL_ON_MAC_ERROR(dwError);
    }

    while (pIterSection) {
        if (!strcmp(pszSectionName, pIterSection->pszName)) {
            pSection = pIterSection;
            break;
        }
        pPrevSection = pIterSection;
        pIterSection = pIterSection->pNext;
    }

    if (pSection) {

        if (!pPrevSection) {

            *ppSectionList = pSection->pNext;

        } else {

            pPrevSection->pNext = pSection->pNext;

        }

        LWFreeSection(pSection);
    }

cleanup:

    return dwError;

error:

    goto cleanup;
}
コード例 #7
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUParseAndGetGPTVersion(
    PSTR   pszFilePath,
    PDWORD pdwGPTVersion
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR pszValue = NULL;
    PCFGSECTION pSectionList = NULL;

    dwError = LWParseConfigFile(pszFilePath,
                                &pSectionList,
                                FALSE);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWGetConfigValueBySectionName(pSectionList,
                                            "General",
                                            "Version",
                                            &pszValue);
    if (dwError == MAC_AD_ERROR_SUCCESS) {
        if (!pszValue) {
            dwError = MAC_AD_ERROR_NO_SUCH_ATTRIBUTE;
        } else {
            *pdwGPTVersion = atoi(pszValue);
        }
    }

cleanup:

    if (pSectionList) {
        LWFreeConfigSectionList(pSectionList);
    }

    LW_SAFE_FREE_STRING(pszValue);

    return dwError;

error:

    if (pdwGPTVersion)
        *pdwGPTVersion = 0;

    goto cleanup;
}
コード例 #8
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWGetConfigValueBySection(
    PCFGSECTION pSection,
    PCSTR pszName,
    PSTR* ppszValue
    )
{
    DWORD dwError = 0;
    PNVPAIR pNVPair = NULL;

    *ppszValue = NULL;

    pNVPair = pSection->pNVPairList;
    while (pNVPair) {
        if (!strcmp(pNVPair->pszName, pszName))
            break;

        pNVPair = pNVPair->pNext;
    }

    if (!pNVPair) {
        dwError = MAC_AD_ERROR_INVALID_ATTRIBUTE_TYPE;
        goto cleanup; /* Not uncommon, no need to log error. */
    }

    if (pNVPair->pszValue) {

        dwError = LwAllocateString(pNVPair->pszValue, ppszValue);
        BAIL_ON_MAC_ERROR(dwError);

    }

cleanup:

    return dwError;

error:

    goto cleanup;
}
コード例 #9
0
DWORD
ADUKrb5SetDefaultCachePath(
    PSTR  pszCachePath,
    PSTR* ppszOrigCachePath
    )
{
    DWORD dwError       = 0;
    DWORD dwMajorStatus = 0;
    DWORD dwMinorStatus = 0;
    PSTR  pszOrigCachePath = NULL;

	// Avoid library conflicts with Mac OSX library
    dwMajorStatus = lw_gss_krb5_ccache_name(
                            (OM_uint32 *)&dwMinorStatus,
                            pszCachePath,
                            (ppszOrigCachePath) ? (const char**)&pszOrigCachePath : NULL);
    BAIL_ON_SEC_ERROR(dwMajorStatus, dwMinorStatus);

    if (ppszOrigCachePath) {
        if (!IsNullOrEmptyString(pszOrigCachePath)) {
            dwError = LwAllocateString(pszOrigCachePath, ppszOrigCachePath);
            BAIL_ON_MAC_ERROR(dwError);
        } else {
            *ppszOrigCachePath = NULL;
        }
    }

cleanup:

    return dwError;

error:

    if (ppszOrigCachePath) {
        *ppszOrigCachePath = NULL;
    }

    goto cleanup;
}
コード例 #10
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
static
DWORD
ParseHeader(
    FILE* fp,
    PDWORD pdwSignature)
{
    DWORD dwError = 0;
    uint16_t wSignature = 0;

    if (1 != fread(&wSignature, sizeof(wSignature), 1, fp)) {
        dwError = errno;
        BAIL_ON_MAC_ERROR(dwError);
    }

    *pdwSignature = CONVERT_ENDIAN_WORD(wSignature);

cleanup:

    return dwError;

error:

    goto cleanup;
}
コード例 #11
0
DWORD
GetUserAttributes(
    HANDLE hDirectory,
    PSTR pszUserSID,
    PSTR pszDomainName,
    PGPUSER_AD_ATTRS * ppUserADAttrs
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR pszDirectoryRoot = NULL;
    PSTR szAttributeList[] = {"*", NULL};
    CHAR szQuery[1024];
    LDAPMessage *pUserMessage = NULL;
    LDAPMessage *pDomainMessage = NULL;
    long lCount = 0;
    PGPUSER_AD_ATTRS pUserADAttrs = NULL;

    dwError = ADUConvertDomainToDN(pszDomainName, &pszDirectoryRoot);
    BAIL_ON_MAC_ERROR(dwError);

    sprintf(szQuery, "(objectsid=%s)", pszUserSID);

    dwError = LwLdapDirectorySearch(
        hDirectory,
        pszDirectoryRoot,
        LDAP_SCOPE_SUBTREE,
        szQuery,
        szAttributeList,
        &pUserMessage);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapCountEntries(
        hDirectory,
        pUserMessage,
        &lCount
        );
    BAIL_ON_MAC_ERROR(dwError);

    if (lCount < 0) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    } else if (lCount == 0) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    } else if (lCount > 1) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapDirectorySearch(
        hDirectory,
        pszDirectoryRoot,
        LDAP_SCOPE_BASE,
        "(objectClass=*)",
        szAttributeList,
        &pDomainMessage);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapCountEntries(
        hDirectory,
        pDomainMessage,
        &lCount
        );
    BAIL_ON_MAC_ERROR(dwError);

    if (lCount < 0) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    } else if (lCount == 0) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    } else if (lCount > 1) {
        dwError = MAC_AD_ERROR_INVALID_NAME;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateMemory(sizeof(GPUSER_AD_ATTRS), (PVOID *) &pUserADAttrs);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateString(pszDomainName, &pUserADAttrs->pszADDomain);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "displayName",
                              &pUserADAttrs->pszDisplayName);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "givenName",
                              &pUserADAttrs->pszFirstName);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "sn",
                              &pUserADAttrs->pszLastName);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "userPrincipalName",
                              &pUserADAttrs->pszKerberosPrincipal);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "mail",
                              &pUserADAttrs->pszEMailAddress);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "msExchHomeServerName",
                              &pUserADAttrs->pszMSExchHomeServerName);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "homeMDB",
                              &pUserADAttrs->pszMSExchHomeMDB);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "telephoneNumber",
                              &pUserADAttrs->pszTelephoneNumber);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "facsimileTelephoneNumber",
                              &pUserADAttrs->pszFaxTelephoneNumber);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "mobile",
                              &pUserADAttrs->pszMobileTelephoneNumber);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "streetAddress",
                              &pUserADAttrs->pszStreetAddress);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "postOfficeBox",
                              &pUserADAttrs->pszPostOfficeBox);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "l",
                              &pUserADAttrs->pszCity);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "st",
                              &pUserADAttrs->pszState);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "postalCode",
                              &pUserADAttrs->pszPostalCode);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "co",
                              &pUserADAttrs->pszCountry);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "title",
                              &pUserADAttrs->pszTitle);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "company",
                              &pUserADAttrs->pszCompany);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "department",
                              &pUserADAttrs->pszDepartment);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "homeDirectory",
                              &pUserADAttrs->pszHomeDirectory);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "homeDrive",
                              &pUserADAttrs->pszHomeDrive);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "pwdLastSet",
                              &pUserADAttrs->pszPasswordLastSet);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pUserMessage,
                              "userAccountControl",
                              &pUserADAttrs->pszUserAccountControl);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    /* The settings below are found on the domain container for the user */
    dwError = LwLdapGetString(hDirectory,
                              pDomainMessage,
                              "maxPwdAge",
                              &pUserADAttrs->pszMaxMinutesUntilChangePassword);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pDomainMessage,
                              "minPwdAge",
                              &pUserADAttrs->pszMinMinutesUntilChangePassword);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pDomainMessage,
                              "lockoutThreshhold",
                              &pUserADAttrs->pszMaxFailedLoginAttempts);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pDomainMessage,
                              "pwdHistoryLength",
                              &pUserADAttrs->pszAllowedPasswordHistory);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                              pDomainMessage,
                              "minPwdLength",
                              &pUserADAttrs->pszMinCharsAllowedInPassword);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = MAC_AD_ERROR_SUCCESS;
    }
    BAIL_ON_MAC_ERROR(dwError);

    *ppUserADAttrs = pUserADAttrs;
    pUserADAttrs = NULL;

error:

    FreeUserAttributes(pUserADAttrs);

    if (pszDirectoryRoot) {
        LwFreeString(pszDirectoryRoot);
    }

    if (pUserMessage) {
        ldap_msgfree(pUserMessage);
    }

    if (pDomainMessage) {
        ldap_msgfree(pDomainMessage);
    }

    return dwError;
}
コード例 #12
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWCreateConfigSection(
    PCFGSECTION* ppSectionList,
    PCFGSECTION* pCreatedSection,
    PCSTR pszSectionName
    )
{
    DWORD dwError = 0;
    PCFGSECTION pSectionList = NULL;
    PCFGSECTION pSection = NULL;
    PCFGSECTION pTmpSection = NULL;

    if (!ppSectionList || IsNullOrEmptyString(pszSectionName)) {
        dwError = MAC_AD_ERROR_INVALID_PARAMETER;
        BAIL_ON_MAC_ERROR(dwError);
    }

    pSectionList = *ppSectionList;

    pSection = pSectionList;
    while (pSection)
    {
        if (!strcmp(pSection->pszName, pszSectionName))
        {
            break;
        }
    }

    if (!pSection) {
        dwError = LwAllocateMemory(sizeof(CFGSECTION), (PVOID*)&pSection);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = LwAllocateString(pszSectionName, &pSection->pszName);
        BAIL_ON_MAC_ERROR(dwError);

        if (!pSectionList) {

            pSectionList = pSection;

        } else {

            pTmpSection = pSectionList;
            while (pTmpSection->pNext)
                pTmpSection = pTmpSection->pNext;

            pTmpSection->pNext = pSection;

        }
    }

    *pCreatedSection = pSection;
    *ppSectionList = pSectionList;

cleanup:

    return dwError;

error:

    *pCreatedSection = NULL;

    if (pSection)
    {
        LWFreeSection(pSection);
    }

    goto cleanup;
}
コード例 #13
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWParseConfigFile(
    PCSTR pszFilePath,
    PCFGSECTION* ppCfgSectionList,
    BOOLEAN bWindowsDoubleByteFormat
    )
{
    DWORD dwError = 0;
    PCFGSECTION pSectionList = NULL;
    PCFGSECTION pSection = NULL;
    PNVPAIR pNVPair = NULL;
    FILE* fp = NULL;
    CHAR staticBuffer[1024+1];
    PSTR szBuf = NULL;
    DWORD dwLen = 0;
    PSTR pszTmp = NULL;
    PSTR pszName = NULL;
    PSTR pszValue = NULL;
    DWORD dwSignature = 0;
    /*DWORD nRead = 0;*/
    BOOLEAN bEOF = FALSE;

    if ((fp = fopen(pszFilePath, "r")) == NULL) {
        dwError = errno;
        goto error;
    }

    if (fcntl(fileno(fp), F_SETFD, FD_CLOEXEC) < 0) {
        dwError = errno;
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (bWindowsDoubleByteFormat) {
        dwError = ParseHeader(fp, &dwSignature);
        BAIL_ON_MAC_ERROR(dwError);

        if (dwSignature != 0xFEFF) {
            dwError = MAC_AD_ERROR_INVALID_TAG;
            BAIL_ON_MAC_ERROR(dwError);
        }
    }

    while (!bEOF) {
        LW_SAFE_FREE_STRING(szBuf);

        if (bWindowsDoubleByteFormat) {

            staticBuffer[0] = '\0';
            dwError = ReadNextDoubleByteLine(fp, staticBuffer, 1024, &bEOF);
            BAIL_ON_MAC_ERROR(dwError);
            dwError = LwAllocateString(staticBuffer, &szBuf);
            BAIL_ON_MAC_ERROR(dwError);

        } else {

            dwError = ReadNextLine(fp, &szBuf, &bEOF);
            BAIL_ON_MAC_ERROR(dwError);

        }

        LwStripWhitespace(szBuf, TRUE, TRUE);

        if (!(dwLen=strlen(szBuf)))
            continue;

        /* Skip comments for now */
        if (szBuf[0] == '#' ||
            szBuf[0] == ';')
            continue;

        if (szBuf[0]       == '[' &&
            szBuf[dwLen-1] == ']') {

            if (pSection) {
                pSection->pNext = pSectionList;
                pSectionList = pSection;
                pSection = NULL;
            }

            dwError = LwAllocateMemory(sizeof(CFGSECTION), (PVOID*)&pSection);
            BAIL_ON_MAC_ERROR(dwError);

            szBuf[dwLen-1] = '\0';

            dwError = LwAllocateString(szBuf+1, &pSection->pszName);
            BAIL_ON_MAC_ERROR(dwError);

            LwStripWhitespace(pSection->pszName, TRUE, TRUE);

        } else {

            if (!pSection) {
                dwError = MAC_AD_ERROR_NO_SUCH_ATTRIBUTE;
                BAIL_ON_MAC_ERROR(dwError);
            }

            if ((pszTmp = strchr(szBuf, '=')) == NULL) {
                continue;
            }

            if (pszTmp == szBuf) {
                dwError = MAC_AD_ERROR_INVALID_TAG;
                BAIL_ON_MAC_ERROR(dwError);
            }

            dwError = LwAllocateMemory(pszTmp-szBuf+1, (PVOID*)&pszName);
            BAIL_ON_MAC_ERROR(dwError);

            strncpy(pszName, szBuf, pszTmp-szBuf);

            pszTmp++;
            while (*pszTmp != '\0' && isspace((int)*pszTmp))
                pszTmp++;

            if (*pszTmp != '\0') {
                dwError = LwAllocateString(pszTmp, &pszValue);
                BAIL_ON_MAC_ERROR(dwError);
            }

            dwError = LwAllocateMemory(sizeof(NVPAIR), (PVOID*)&pNVPair);
            BAIL_ON_MAC_ERROR(dwError);

            LwStripWhitespace(pszName, TRUE, TRUE);
            LwStripWhitespace(pszValue, TRUE, TRUE);

            pNVPair->pszName = pszName; pszName = NULL;
            pNVPair->pszValue = pszValue; pszValue = NULL;

            pNVPair->pNext = pSection->pNVPairList;
            pSection->pNVPairList = pNVPair;
            pNVPair = NULL;

        }
    }

    if (pSection) {
        pSection->pNext = pSectionList;
        pSectionList = pSection;
        pSection = NULL;
    }

    pSectionList = ReverseSectionsAndNVPairs(pSectionList);

    *ppCfgSectionList = pSectionList;

    fclose(fp); fp = NULL;

cleanup:

    LW_SAFE_FREE_STRING(szBuf);

    if (fp) {
        fclose(fp);
    }

    LW_SAFE_FREE_STRING(pszName);
    LW_SAFE_FREE_STRING(pszValue);

    return dwError;

error:

    *ppCfgSectionList = NULL;

    if (pSectionList)
    {
       LWFreeConfigSectionList(pSectionList);
    }

    if (pSection)
    {
        LWFreeSection(pSection);
    }

    if (pNVPair)
    {
        LWFreeNVPair(pNVPair);
    }

    goto cleanup;
}
コード例 #14
0
DWORD
ADUKrb5GetUserCachePathAndSID(
    PCSTR pszUserUPN,
    PSTR* ppszCachePath,
    PSTR* ppszHomeDirPath,
    PSTR* ppszSID,
    uid_t* pUid
    )
{
    DWORD dwError = 0;
    char szPath[PATH_MAX];
    PSTR  pszCachePath = NULL;
    PSTR  pszHomeDirPath = NULL;
    PSTR  pszSID = NULL;
    HANDLE hLsaConnection = (HANDLE) NULL;
    PLSA_USER_INFO_0 pUserInfo_0 = NULL;

    dwError = LsaOpenServer(&hLsaConnection);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LsaFindUserByName(hLsaConnection, pszUserUPN, 0, (PVOID*) &pUserInfo_0);
    BAIL_ON_MAC_ERROR(dwError);

    memset(szPath, 0, sizeof(szPath));
    sprintf(szPath, "FILE:/tmp/krb5cc_%ld",(long)pUserInfo_0->uid);

    dwError = LwAllocateString(szPath, &pszCachePath);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateString(pUserInfo_0->pszSid, &pszSID);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateString(pUserInfo_0->pszHomedir, &pszHomeDirPath);
    BAIL_ON_MAC_ERROR(dwError);

    if (ppszCachePath)
    {
        *ppszCachePath = pszCachePath;
        pszCachePath = NULL;
    }

    if (ppszSID)
    {
        *ppszSID = pszSID;
        pszSID = NULL;
    }

    if (ppszHomeDirPath)
    {
        *ppszHomeDirPath = pszHomeDirPath;
        pszHomeDirPath = NULL;
    }

    if (pUid)
    {
        *pUid = pUserInfo_0->uid;
    }

cleanup:

    if (pszCachePath)
        LwFreeString(pszCachePath);

    if (pszSID)
        LwFreeString(pszSID);

    if (pszHomeDirPath)
        LwFreeString(pszHomeDirPath);

    if (pUserInfo_0)
        LsaFreeUserInfo(0, pUserInfo_0);

    if (hLsaConnection != (HANDLE)NULL)
        LsaCloseServer(hLsaConnection);

    return dwError;

error:

    if (ppszCachePath)
        *ppszCachePath = NULL;

    if (ppszSID)
        *ppszSID = NULL;

    if (ppszHomeDirPath)
        *ppszHomeDirPath = NULL;

    if (pUid)
        *pUid = -1;

    goto cleanup;
}
コード例 #15
0
ファイル: filexfer.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUCrackFileSysPath(
    PCSTR  pszFileSysPath,
    PSTR * ppszDomainName,
    PSTR * ppszSourcePath,
    PSTR * ppszPolicyIdentifier
    )
{
    DWORD dwError = 0;
    PSTR pTemp = NULL;
    char szDomainName[256];
    char szPolicyId[256];
    PSTR pSysVol = NULL;
    PSTR pPolicy = NULL;
    PSTR pszDomainName = NULL;
    PSTR pszSourcePath = NULL;
    PSTR pszPolicyIdentifier = NULL;

    pTemp = (PSTR)pszFileSysPath + 2;
    pSysVol = strchr(pTemp, '\\');

    /* TODO: make sure pSysVol points to \\sysvol\\ */
    memset(szDomainName, 0, sizeof(szDomainName));
    strncpy(szDomainName, pTemp, pSysVol - pTemp);
    szDomainName[pSysVol - pTemp] = 0;

    dwError = LwAllocateString(szDomainName, &pszDomainName);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateString(pSysVol + sizeof("\\sysvol\\") - 1, &pszSourcePath);
    BAIL_ON_MAC_ERROR(dwError);

    pTemp = pSysVol + sizeof("\\sysvol\\");
    pPolicy = strchr(pTemp, '{');

    /* TODO: make sure pPolicy points to end of \\sysvol\\{ */
    if ( pPolicy && strlen(pPolicy) >= 38 ) {
        strcpy(szPolicyId, pPolicy);
        szPolicyId[38] = 0;
    } else {
        dwError = MAC_AD_ERROR_INVALID_ATTRIBUTE_TYPE;
        BAIL_ON_MAC_ERROR(dwError);
    }

    dwError = LwAllocateString(szPolicyId, &pszPolicyIdentifier);
    BAIL_ON_MAC_ERROR(dwError);

    *ppszDomainName = pszDomainName;
    *ppszSourcePath = pszSourcePath;
    *ppszPolicyIdentifier = pszPolicyIdentifier;

    return dwError;

cleanup:

    LW_SAFE_FREE_STRING(pszDomainName);
    LW_SAFE_FREE_STRING(pszSourcePath);
    LW_SAFE_FREE_STRING(pszPolicyIdentifier);

    *ppszDomainName = NULL;
    *ppszSourcePath = NULL;
    *ppszPolicyIdentifier = NULL;

    return dwError;

error:

    goto cleanup;
}
コード例 #16
0
DWORD
CacheUserLoginMessage(
    PSTR pszHomeDirPath,
    PSTR pszMessage
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR pszFileDir = NULL;
    PSTR pszFilePath = NULL;
    BOOLEAN bDirExists = FALSE;
    FILE * fp = NULL;
    int len = 0;

    if (!pszMessage || strlen(pszMessage) == 0)
    {
        goto error;
    }

    if (!pszHomeDirPath || strlen(pszHomeDirPath) == 0)
    {
        goto error;
    }

    LOG("Saving user login message to [homedir: %s]", pszHomeDirPath);

    dwError = LwAllocateStringPrintf(&pszFileDir, "%s/Library/Preferences", pszHomeDirPath);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateStringPrintf(&pszFilePath, "%s/login-message", pszFileDir);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists);
    BAIL_ON_MAC_ERROR(dwError);

    if (bDirExists == FALSE)
    {
        dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH);
        BAIL_ON_MAC_ERROR(dwError);
    }

    fp = fopen(pszFilePath, "w");
    if (fp)
    {
        len = fwrite(pszMessage, sizeof(char), strlen(pszMessage), fp);
        if (len < strlen(pszMessage))
        {
            dwError = ENOMEM;
            BAIL_ON_MAC_ERROR(dwError);
        }
    }

error:

    LW_SAFE_FREE_STRING(pszFilePath);
    LW_SAFE_FREE_STRING(pszFileDir);

    if (fp)
    {
        fclose(fp);
    }

    return dwError;
}
コード例 #17
0
DWORD
CollectCurrentADAttributesForUser(
    PSTR pszUserUPN,
    PSTR pszUserDomain,
    PSTR pszMessage,
    BOOLEAN bOnlineLogon
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PGPUSER_AD_ATTRS pUserADAttrs = NULL;
    PADU_CRED_CONTEXT pCredContext = NULL;
    BOOLEAN bDeactivateCredContext = FALSE;
    PSTR    pszOrigCachePath = NULL;
    HANDLE hDirectory = (HANDLE)NULL;

    dwError = ADUBuildCredContext(
                    NULL,
                    pszUserUPN,
                    bOnlineLogon,
                    &pCredContext);
    BAIL_ON_MAC_ERROR(dwError);

    /* Update user logon message which is accessed and reported with LoginHook script */
    dwError = CacheUserLoginMessage(pCredContext->pszHomeDirPath, pszMessage);
    BAIL_ON_MAC_ERROR(dwError);

    if (bOnlineLogon)
    {
        LOG("Connecting to AD using these credentials: path: %s, user: %s, domain: %s", pCredContext->pszCachePath, pszUserUPN, pszUserDomain);

        /* Set default credentials to the user's */
        dwError = ADUInitKrb5(pszUserDomain);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = ADUKrb5SetDefaultCachePath(
                        pCredContext->pszCachePath,
                        &pszOrigCachePath);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = ADUActivateCredContext(pCredContext);
        BAIL_ON_MAC_ERROR(dwError);

        bDeactivateCredContext = TRUE;

        dwError = ADUOpenLwLdapDirectory(pszUserDomain, &hDirectory);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = GetUserAttributes(hDirectory,
                                    pCredContext->pszSID,
                                    pszUserDomain,
                                    &pUserADAttrs);
        if (dwError)
        {
            LOG("Error (%d) while reading user AD attributes from domain DC", dwError);
            BAIL_ON_MAC_ERROR(dwError);
        }

        dwError = CacheUserAttributes(pCredContext->uid, pUserADAttrs);
        if (dwError)
        {
            LOG("Error (%d) while saving user AD attributes to cache", dwError);
            BAIL_ON_MAC_ERROR(dwError);
        }
   
        dwError = FlushDirectoryServiceCache();
        if (dwError)
        {
            LOG("Failed to flush the Mac DirectoryService cache. Error: %d", dwError);
            BAIL_ON_MAC_ERROR(dwError);
        }
    }
    else
    {
        LOG("Offline logon, can't refresh AD user attributes for: user: %s, domain: %s", pszUserUPN, pszUserDomain);
    }

cleanup:

    FreeUserAttributes(pUserADAttrs);

    if (hDirectory != (HANDLE)NULL)
    {
        LwLdapCloseDirectory(hDirectory);
    }

    if (pCredContext)
    {
        if (bDeactivateCredContext)
        {
            ADUDeactivateCredContext(pCredContext);
        }

        ADUFreeCredContext(pCredContext);
    }

    if (pszOrigCachePath)
    {
        DWORD dwError2 = ADUKrb5SetDefaultCachePath(pszOrigCachePath, NULL);

        if (dwError2)
        {
            LOG_ERROR("Failed to revert kerberos cache path [code:%d]", dwError2);
        }

        LwFreeMemory(pszOrigCachePath);
    }

    return LWGetMacError(dwError);

error:

    goto cleanup;

}
コード例 #18
0
DWORD
ADUInitKrb5(
    PCSTR pszDomainName
    )
{
    DWORD dwError = 0;
    CHAR  szKrb5HostName[PATH_MAX];
    PSTR  pszKrb5CachePath = NULL;
    DWORD dwTicketExpiryTime = 0;
    char * szLocal = NULL;
    char * szDot = NULL;
    unsigned int   len = 0;
    BOOLEAN bInLock = FALSE;

    ENTER_KRB5_LOCK(bInLock);

    if (ADUKrb5TicketHasExpired()) {
        memset(szKrb5HostName, 0, sizeof(szKrb5HostName));

        if (gethostname(szKrb5HostName, sizeof(szKrb5HostName)) != 0)
        {
            dwError = MAC_AD_ERROR_INVALID_NAME;;
            BAIL_ON_MAC_ERROR(dwError);
        }

        len = strlen(szKrb5HostName);
        if ( len > strlen(".local") )
        {
            szLocal = &szKrb5HostName[len - strlen(".local")];
            if ( !strcasecmp( szLocal, ".local" ) )
            {
                szLocal[0] = '\0';
            }
        }

        /* Test to see if the name is still dotted. If so we will chop it down to
           just the hostname field. */
        szDot = strchr(szKrb5HostName, '.');
        if ( szDot )
        {
            szDot[0] = '\0';
        }

        strcat(szKrb5HostName, "$@");
        strcat(szKrb5HostName, pszDomainName);
        ADUStrToUpper(szKrb5HostName);

        dwError = ADUKrb5GetSystemCachePath(&pszKrb5CachePath);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = ADUKerb5GetTGTFromKeytab(szKrb5HostName, NULL, pszKrb5CachePath, &dwTicketExpiryTime);
        BAIL_ON_MAC_ERROR(dwError);

        gdwKrbTicketExpiryTime = dwTicketExpiryTime;
    }

cleanup:

    LEAVE_KRB5_LOCK(bInLock);

    return dwError;

error:

    goto cleanup;
}
コード例 #19
0
ファイル: cfgparser.c プロジェクト: bhanug/likewise-open
DWORD
LWSetConfigValueBySection(
    PCFGSECTION pSection,
    PCSTR pszName,
    PCSTR pszValue
    )
{
    DWORD dwError = 0;
    PNVPAIR pNVPair = NULL;
    PNVPAIR pTmpNVPair = NULL;

    pTmpNVPair = pSection->pNVPairList;
    while (pTmpNVPair) {
        if (!strcmp(pTmpNVPair->pszName, pszName)) {
            pNVPair = pTmpNVPair;
            break;
        }
        pTmpNVPair = pTmpNVPair->pNext;
    }

    if (pNVPair == NULL) {

        dwError = LwAllocateMemory(sizeof(NVPAIR), (PVOID*)&pNVPair);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = LwAllocateString(pszName, &pNVPair->pszName);
        BAIL_ON_MAC_ERROR(dwError);

        LwStripWhitespace(pNVPair->pszName, TRUE, TRUE);

        if (!IsNullOrEmptyString(pszValue)) {
            dwError = LwAllocateString(pszValue, &pNVPair->pszValue);
            BAIL_ON_MAC_ERROR(dwError);
        }

        if (!pSection->pNVPairList) {
            pSection->pNVPairList = pNVPair;
            pNVPair = NULL;

        } else {

            pTmpNVPair = pSection->pNVPairList;
            while (pTmpNVPair->pNext != NULL)
                pTmpNVPair = pTmpNVPair->pNext;

            pTmpNVPair->pNext = pNVPair;
            pNVPair = NULL;

        }

    } else {

        if (pNVPair->pszValue) {

            LW_SAFE_FREE_STRING(pNVPair->pszValue);
            pNVPair->pszValue = NULL;

            if (!IsNullOrEmptyString(pszValue)) {
                dwError = LwAllocateString(pszValue, &pNVPair->pszValue);
                BAIL_ON_MAC_ERROR(dwError);
            }

        }

    }

cleanup:

    return dwError;

error:

    if (pNVPair) {
        LWFreeNVPair(pNVPair);
    }

    goto cleanup;
}
コード例 #20
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUGetMCXPolicy(
    HANDLE hDirectory,
    PCSTR pszDN,
    PCSTR pszGPOName,
    PGROUP_POLICY_OBJECT * ppGPO
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR szAttributeList[] = { "distinguishedName", NULL };
    char szQuery[512] = {0};
    PGROUP_POLICY_OBJECT pGPObject = NULL;
    LDAPMessage* pMessage = NULL;
    DWORD dwCount = 0;
    PSTR pszValue = NULL;

    sprintf(szQuery, "(&(objectclass=groupPolicyContainer)(%s=%s))", ADU_DISPLAY_NAME_ATTR, pszGPOName);

    dwError = LwLdapDirectorySearch(
        hDirectory,
        pszDN,
        LDAP_SCOPE_ONELEVEL,
        szQuery,
        szAttributeList,
        &pMessage);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapCountEntries(
        hDirectory,
        pMessage,
        &dwCount
        );
    BAIL_ON_MAC_ERROR(dwError);

    if (dwCount < 0) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    } else if (dwCount == 0) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    } else if (dwCount > 1) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                               pMessage,
                               "distinguishedName",
                               &pszValue);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateMemory(sizeof(GROUP_POLICY_OBJECT), (PVOID*)&pGPObject);
    BAIL_ON_MAC_ERROR(dwError);

    pGPObject->pszPolicyDN = pszValue;
    pszValue = NULL;

    *ppGPO = pGPObject;
    pGPObject = NULL;

cleanup:

    if (pMessage) {
        ldap_msgfree(pMessage);
    }

    LW_SAFE_FREE_STRING(pszValue);
    ADU_SAFE_FREE_GPO_LIST (pGPObject);

    return dwError;

error:

    if (ppGPO)
        *ppGPO = NULL;

    goto cleanup;
}
コード例 #21
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUGetPolicyInformation(
    HANDLE hDirectory,
    PCSTR pszPolicyDN,
    PGROUP_POLICY_OBJECT pGroupPolicyObject
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR szAttributeList[] =
        {ADU_DISPLAY_NAME_ATTR,
         ADU_FLAGS_ATTR,
         ADU_FILESYS_PATH_ATTR,
         ADU_FUNCTIONALITY_VERSION_ATTR,
         ADU_MACHINE_EXTENSION_NAMES_ATTR,
         ADU_USER_EXTENSION_NAMES_ATTR,
         ADU_WQL_FILTER_ATTR,
         ADU_VERSION_NUMBER_ATTR,
         NULL
        };
    LDAPMessage* pMessage = NULL;
    DWORD dwCount = 0;
    PSTR  pszValue = NULL;
    DWORD dwValue = 0;

    dwError = LwLdapDirectorySearch(
        hDirectory,
        pszPolicyDN,
        LDAP_SCOPE_BASE,
        (PSTR)"(objectclass=*)",
        szAttributeList,
        &pMessage);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapCountEntries(
        hDirectory,
        pMessage,
        &dwCount
        );
    BAIL_ON_MAC_ERROR(dwError);

    if (dwCount < 0) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    } else if (dwCount == 0) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    } else if (dwCount > 1) {
        dwError = MAC_AD_ERROR_NO_SUCH_POLICY;
    }
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapGetString(hDirectory,
                               pMessage,
                               ADU_DISPLAY_NAME_ATTR,
                               &pszValue);
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->pszDisplayName = pszValue;
    pszValue = NULL;

    dwError = LwLdapGetUInt32(hDirectory,
                               pMessage,
                               ADU_FLAGS_ATTR,
                               &dwValue);
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->dwFlags = dwValue;

    dwError = LwLdapGetString(hDirectory,
                               pMessage,
                               ADU_FILESYS_PATH_ATTR,
                               &pszValue);
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->pszgPCFileSysPath = pszValue;
    pszValue = NULL;

    dwError = LwLdapGetUInt32(hDirectory,
                               pMessage,
                               ADU_FUNCTIONALITY_VERSION_ATTR,
                               &dwValue);
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->gPCFunctionalityVersion = dwValue;

    dwError = LwLdapGetString(hDirectory,
                               pMessage,
                               ADU_MACHINE_EXTENSION_NAMES_ATTR,
                               &pszValue);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = 0;
    }
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->pszgPCMachineExtensionNames = pszValue;
    pszValue = NULL;

    dwError = LwLdapGetString(hDirectory,
                               pMessage,
                               ADU_USER_EXTENSION_NAMES_ATTR,
                               &pszValue);
    if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
    {
        dwError = 0;
    }
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->pszgPCUserExtensionNames = pszValue;
    pszValue = NULL;

    dwError = LwLdapGetUInt32(hDirectory,
                               pMessage,
                               ADU_VERSION_NUMBER_ATTR,
                               &dwValue);
    BAIL_ON_MAC_ERROR(dwError);
    pGroupPolicyObject->dwVersion = dwValue;

cleanup:

    LW_SAFE_FREE_STRING(pszValue);

    if (pMessage) {
        ldap_msgfree(pMessage);
    }

    return dwError;

error:

    LOG_ERROR("Failed to find policy or read GPO attributes for policy (%s)", pszPolicyDN);

    goto cleanup;
}
コード例 #22
0
ファイル: adinfo.c プロジェクト: FarazShaikh/LikewiseSMB2
DWORD
ADUGetAllMCXPolicies(
    HANDLE hDirectory,
    PCSTR pszDN,
    PGROUP_POLICY_OBJECT * ppGroupPolicyObjects
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR szAttributeList[] = { "distinguishedName", NULL };
    PGROUP_POLICY_OBJECT pGPObjectList = NULL;
    PGROUP_POLICY_OBJECT pGPObject = NULL;
    LDAPMessage* pMessage = NULL;
    LDAPMessage* pLDAPMessage = NULL;
    DWORD dwCount = 0;
    PSTR pszValue = NULL;

    dwError = LwLdapDirectorySearch(
        hDirectory,
        pszDN,
        LDAP_SCOPE_ONELEVEL,
        (PSTR)"(&(objectclass=groupPolicyContainer)(|(gPCMachineExtensionNames=*{B9BF896E-F9EB-49B5-8E67-11E2EDAED06C}*)(gPCUserExtensionNames=*{07E500C4-20FD-4829-8F38-B5FF63FA0493}*)))",
        szAttributeList,
        &pMessage);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwLdapCountEntries(
        hDirectory,
        pMessage,
        &dwCount
        );
    BAIL_ON_MAC_ERROR(dwError);

    if (dwCount > 0)
    {
        pLDAPMessage = LwLdapFirstEntry(hDirectory, pMessage);
    }

    while(pLDAPMessage != NULL)
    {
        dwError = LwLdapGetString(hDirectory,
                                   pLDAPMessage,
                                   "distinguishedName",
                                   &pszValue);
        BAIL_ON_MAC_ERROR(dwError);

        dwError = LwAllocateMemory(sizeof(GROUP_POLICY_OBJECT), (PVOID*)&pGPObject);
        BAIL_ON_MAC_ERROR(dwError);

        pGPObject->pszPolicyDN = pszValue;
        pszValue = NULL;

        if (pGPObjectList != NULL)
        {
            pGPObject->pNext = pGPObjectList;
            pGPObjectList = pGPObject;
        }
        else
        {
            pGPObjectList = pGPObject;
        }

        pGPObject = NULL;

        pLDAPMessage = LwLdapNextEntry(hDirectory, pLDAPMessage);
    }

    if (*ppGroupPolicyObjects != NULL)
    {
        (*ppGroupPolicyObjects)->pNext = pGPObjectList;
    }
    else
    {
        *ppGroupPolicyObjects = pGPObjectList;
    }

    if (pMessage)
    {
        ldap_msgfree(pMessage);
    }

    if (pLDAPMessage)
    {
        ldap_msgfree(pLDAPMessage);
    }

    return dwError;

cleanup:

    if (pMessage)
    {
        ldap_msgfree(pMessage);
    }

    if (pLDAPMessage)
    {
        ldap_msgfree(pLDAPMessage);
    }

    LW_SAFE_FREE_STRING(pszValue);
    ADU_SAFE_FREE_GPO_LIST (pGPObject);
    ADU_SAFE_FREE_GPO_LIST (pGPObjectList);

    return dwError;

error:

    if (ppGroupPolicyObjects)
        *ppGroupPolicyObjects = NULL;

    goto cleanup;
}
コード例 #23
0
DWORD
CacheUserAttributes(
    uid_t uid,
    PGPUSER_AD_ATTRS pUserADAttrs
    )
{
    DWORD dwError = MAC_AD_ERROR_SUCCESS;
    PSTR pszFileDir = NULL;
    PSTR pszFilePath = NULL;
    PCFGSECTION pUserSettingsList = NULL;
    PCFGSECTION pADSection_Name = NULL;
    PCFGSECTION pADSection_EMail = NULL;
    PCFGSECTION pADSection_Phone = NULL;
    PCFGSECTION pADSection_Address = NULL;
    PCFGSECTION pADSection_Work = NULL;
    PCFGSECTION pADSection_Network = NULL;
    BOOLEAN bDirExists = FALSE;

    LOG("Saving user attributes to user logon cache [uid: %ld, display name: %s]",
        (long)uid,
        pUserADAttrs->pszDisplayName ? pUserADAttrs->pszDisplayName : "<null>");

    dwError = LwAllocateStringPrintf(&pszFileDir, "/var/lib/pbis/lwedsplugin/user-cache/%ld", (long) uid);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwAllocateStringPrintf(&pszFilePath, "/var/lib/pbis/lwedsplugin/user-cache/%ld/ad-user-attrs", (long) uid);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LwCheckFileTypeExists(pszFileDir, LWFILE_DIRECTORY, &bDirExists);
    BAIL_ON_MAC_ERROR(dwError);

    if (bDirExists == FALSE)
    {
        dwError = LwCreateDirectory(pszFileDir, S_IRUSR|S_IRGRP|S_IROTH);
        BAIL_ON_MAC_ERROR(dwError);
    }

    dwError = LWCreateConfigSection(&pUserSettingsList,
                                    &pADSection_Name,
                                    "User AD Name Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWCreateConfigSection(&pADSection_EMail,
                                    &pADSection_EMail,
                                    "User AD EMail Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWCreateConfigSection(&pADSection_Phone,
                                    &pADSection_Phone,
                                    "User AD Phone Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWCreateConfigSection(&pADSection_Address,
                                    &pADSection_Address,
                                    "User AD Address Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWCreateConfigSection(&pADSection_Work,
                                    &pADSection_Work,
                                    "User AD Work Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWCreateConfigSection(&pADSection_Network,
                                    &pADSection_Network,
                                    "User AD Network Settings Attributes");
    BAIL_ON_MAC_ERROR(dwError);

    pADSection_Name->pNext = pADSection_EMail;
    pADSection_EMail->pNext = pADSection_Phone;
    pADSection_Phone->pNext = pADSection_Address;
    pADSection_Address->pNext = pADSection_Work;
    pADSection_Work->pNext = pADSection_Network;

    if (pUserADAttrs->pszDisplayName)
    {
        dwError = LWSetConfigValueBySection(pUserSettingsList,
                                            "displayName",
                                            pUserADAttrs->pszDisplayName);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszFirstName)
    {
        dwError = LWSetConfigValueBySection(pADSection_Name,
                                            "givenName",
                                            pUserADAttrs->pszFirstName);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszLastName)
    {
        dwError = LWSetConfigValueBySection(pADSection_Name,
                                            "sn",
                                            pUserADAttrs->pszLastName);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszADDomain)
    {
        dwError = LWSetConfigValueBySection(pADSection_Name,
                                            "userDomain",
                                            pUserADAttrs->pszADDomain);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszKerberosPrincipal)
    {
        dwError = LWSetConfigValueBySection(pADSection_Name,
                                            "userPrincipalName",
                                            pUserADAttrs->pszKerberosPrincipal);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszEMailAddress)
    {
        dwError = LWSetConfigValueBySection(pADSection_EMail,
                                            "mail",
                                            pUserADAttrs->pszEMailAddress);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMSExchHomeServerName)
    {
        dwError = LWSetConfigValueBySection(pADSection_EMail,
                                            "msExchHomeServerName",
                                            pUserADAttrs->pszMSExchHomeServerName);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMSExchHomeMDB)
    {
        dwError = LWSetConfigValueBySection(pADSection_EMail,
                                            "homeMDB",
                                            pUserADAttrs->pszMSExchHomeMDB);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszTelephoneNumber)
    {
        dwError = LWSetConfigValueBySection(pADSection_Phone,
                                            "telephoneNumber",
                                            pUserADAttrs->pszTelephoneNumber);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszFaxTelephoneNumber)
    {
        dwError = LWSetConfigValueBySection(pADSection_Phone,
                                            "facsimileTelephoneNumber",
                                            pUserADAttrs->pszFaxTelephoneNumber);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMobileTelephoneNumber)
    {
        dwError = LWSetConfigValueBySection(pADSection_Phone,
                                            "mobile",
                                            pUserADAttrs->pszMobileTelephoneNumber);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszStreetAddress)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "streetAddress",
                                            pUserADAttrs->pszStreetAddress);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszPostOfficeBox)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "postOfficeBox",
                                            pUserADAttrs->pszPostOfficeBox);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszCity)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "l",
                                            pUserADAttrs->pszCity);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszState)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "st",
                                            pUserADAttrs->pszState);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszPostalCode)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "postalCode",
                                            pUserADAttrs->pszPostalCode);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszCountry)
    {
        dwError = LWSetConfigValueBySection(pADSection_Address,
                                            "co",
                                            pUserADAttrs->pszCountry);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszTitle)
    {
        dwError = LWSetConfigValueBySection(pADSection_Work,
                                            "title",
                                            pUserADAttrs->pszTitle);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszCompany)
    {
        dwError = LWSetConfigValueBySection(pADSection_Work,
                                            "company",
                                            pUserADAttrs->pszCompany);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszDepartment)
    {
        dwError = LWSetConfigValueBySection(pADSection_Work,
                                            "department",
                                            pUserADAttrs->pszDepartment);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszHomeDirectory)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "homeDirectory",
                                            pUserADAttrs->pszHomeDirectory);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszHomeDrive)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "homeDrive",
                                            pUserADAttrs->pszHomeDrive);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszPasswordLastSet)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "pwdLastSet",
                                            pUserADAttrs->pszPasswordLastSet);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszUserAccountControl)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "userAccountControl",
                                            pUserADAttrs->pszUserAccountControl);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMaxMinutesUntilChangePassword)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "maxPwdAge",
                                            pUserADAttrs->pszMaxMinutesUntilChangePassword);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMinMinutesUntilChangePassword)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "minPwdAge",
                                            pUserADAttrs->pszMinMinutesUntilChangePassword);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMaxFailedLoginAttempts)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "lockoutThreshhold",
                                            pUserADAttrs->pszMaxFailedLoginAttempts);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszAllowedPasswordHistory)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "pwdHistoryLength",
                                            pUserADAttrs->pszAllowedPasswordHistory);
        BAIL_ON_MAC_ERROR(dwError);
    }

    if (pUserADAttrs->pszMinCharsAllowedInPassword)
    {
        dwError = LWSetConfigValueBySection(pADSection_Network,
                                            "minPwdLength",
                                            pUserADAttrs->pszMinCharsAllowedInPassword);
        BAIL_ON_MAC_ERROR(dwError);
    }

    dwError = LWSaveConfigSectionList(pszFilePath, pUserSettingsList);
    BAIL_ON_MAC_ERROR(dwError);

error:

    LW_SAFE_FREE_STRING(pszFilePath);
    LW_SAFE_FREE_STRING(pszFileDir);

    LWFreeConfigSectionList(pUserSettingsList);
    pUserSettingsList = NULL;

    return dwError;
}
コード例 #24
0
static
DWORD
ADUKerb5GetTGTFromKeytab(
    char *szUserName,
    char *szPassword,
    char *pszCachePath,
    PDWORD pdwGoodUntilTime
    )
{
    DWORD dwError = 0;
    krb5_error_code ret = 0;
    krb5_context ctx = NULL;
    krb5_creds creds = { 0 };
    krb5_ccache cc = NULL;
    krb5_keytab keytab = 0;
    krb5_principal client_principal = NULL;

    dwError = ADUKerb5DestroyCache(pszCachePath);
    BAIL_ON_MAC_ERROR(dwError);

    dwError = LWNetExtendEnvironmentForKrb5Affinity(TRUE);
    BAIL_ON_MAC_ERROR(dwError);

    ret = krb5_init_context(&ctx);
    BAIL_ON_KRB_ERROR(ctx, ret);

    ret = krb5_parse_name(ctx, szUserName, &client_principal);
    BAIL_ON_KRB_ERROR(ctx, ret);

    /* use krb5_cc_resolve to get an alternate cache */
    ret = krb5_cc_resolve(ctx, pszCachePath, &cc);
    BAIL_ON_KRB_ERROR(ctx, ret);

    ret = krb5_kt_default(ctx, &keytab);
    BAIL_ON_KRB_ERROR(ctx, ret);

    ret = krb5_get_init_creds_keytab(
        ctx,
        &creds,
        client_principal,
        keytab,
        0,    /* start time     */
        NULL, /* in_tkt_service */
        NULL    /* options        */
        );
    BAIL_ON_KRB_ERROR(ctx, ret);

    ret = krb5_cc_initialize(ctx, cc, client_principal);
    BAIL_ON_KRB_ERROR(ctx, ret);

    ret = krb5_cc_store_cred(ctx, cc, &creds);
    BAIL_ON_KRB_ERROR(ctx, ret);

    *pdwGoodUntilTime = creds.times.endtime;

error:

    if (creds.client == client_principal) {
        creds.client = NULL;
    }

    if (ctx) {
        if (client_principal) {
            krb5_free_principal(ctx, client_principal);
        }

        if (keytab) {
            krb5_kt_close(ctx, keytab);
        }

        if (cc) {
            krb5_cc_close(ctx, cc);
        }

        krb5_free_cred_contents(ctx, &creds);

        krb5_free_context(ctx);
    }

    return(dwError);
}