static
DWORD
_VmDirConnectToDC(
PVMDIR_DC_CONNECTION pDCConn
)
{
DWORD dwError = 0;
LDAP* pLocalLd = NULL;
VDIR_SAFE_UNBIND_EXT_S(pDCConn->pLd);
dwError = VmDirSafeLDAPBindExt1(
&pLocalLd,
pDCConn->pszRemoteDCHostName,
pDCConn->creds.pszUPN,
pDCConn->creds.pszPassword,
pDCConn->dwConnectTimeoutSec);
if (dwError == VMDIR_ERROR_USER_INVALID_CREDENTIAL &&
pDCConn->creds.pszOldPassword)
{
dwError = VmDirSafeLDAPBindExt1(
&pLocalLd,
pDCConn->pszRemoteDCHostName,
pDCConn->creds.pszUPN,
pDCConn->creds.pszOldPassword,
pDCConn->dwConnectTimeoutSec);
}
BAIL_ON_VMDIR_ERROR(dwError);
pDCConn->dwConsecutiveFailAttempt = 0;
pDCConn->dwlastFailedError = 0;
pDCConn->iLastFailedTime = 0;
pDCConn->pLd = pLocalLd;
pLocalLd = NULL;
// TODO
// metric set connection duration
cleanup:
return dwError;
error:
pDCConn->dwlastFailedError = dwError;
pDCConn->iLastFailedTime = time(NULL);
pDCConn->dwConsecutiveFailAttempt++;
// TODO
// metric set connection failed count
VDIR_SAFE_UNBIND_EXT_S(pLocalLd);
goto cleanup;
}
DWORD
VdcSchemaConnOpen(
PVDC_SCHEMA_CONN pConn
)
{
DWORD dwError = 0;
if (!pConn)
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
if (!pConn->pszPassword)
{
fprintf(stdout, "Enter password for %s: ", pConn->pszUPN);
fflush(stdout);
dwError = VdcSchemaReadPassword(&pConn->pszPassword);
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSafeLDAPBindExt1(&pConn->pLd,
pConn->pszHostName,
pConn->pszUPN,
pConn->pszPassword,
MAX_LDAP_CONNECT_NETWORK_TIMEOUT);
BAIL_ON_VMDIR_ERROR(dwError);
error:
return dwError;
}
DWORD
VmDirSafeLDAPBind(
LDAP** ppLd,
PCSTR pszHost,
PCSTR pszUPN,
PCSTR pszPassword
)
{
return VmDirSafeLDAPBindExt1(ppLd, pszHost, pszUPN, pszPassword, -1); // -1 == no timeout
}
/*
* Bind to a host with the handle to be used later
*/
DWORD
VmDirConnectLDAPServerWithMachineAccount(
PCSTR pszHostName,
PCSTR pszDomain,
LDAP** ppLd
)
{
DWORD dwError = 0;
PSTR pszDCAccount = NULL;
PSTR pszDCAccountPassword = NULL;
char bufUPN[VMDIR_MAX_UPN_LEN] = {0};
LDAP* pLd = NULL;
dwError = VmDirRegReadDCAccount( &pszDCAccount);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirReadDCAccountPassword( &pszDCAccountPassword);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1, "%s@%s", pszDCAccount, pszDomain);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSafeLDAPBindExt1(
&pLd,
pszHostName,
bufUPN,
pszDCAccountPassword,
MAX_LDAP_CONNECT_NETWORK_TIMEOUT);
BAIL_ON_VMDIR_ERROR(dwError);
*ppLd = pLd;
cleanup:
VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
VMDIR_SECURE_FREE_STRINGA(pszDCAccountPassword);
return dwError;
error:
goto cleanup;
}
DWORD
VmDirChangePassword(
PCSTR pszHostName,
PCSTR pszUserUPN,
PCSTR pszOldPassword,
PCSTR pszNewPassword)
{
DWORD dwError = 0;
LDAP* pLd = NULL;
LDAPMod mod[2] = {{0}};
LDAPMod* mods[3] = {&mod[0], &mod[1], NULL};
PSTR vals_new[2] = {(PSTR)pszNewPassword, NULL};
PSTR vals_old[2] = {(PSTR)pszOldPassword, NULL};
PSTR pszUserDN = NULL;
if (IsNullOrEmptyString(pszHostName) ||
IsNullOrEmptyString(pszUserUPN) ||
IsNullOrEmptyString(pszOldPassword) ||
IsNullOrEmptyString(pszNewPassword))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSafeLDAPBindExt1(
&pLd,
pszHostName,
pszUserUPN,
pszOldPassword,
MAX_LDAP_CONNECT_NETWORK_TIMEOUT);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = _VmDirFindUserDN(
pLd,
pszUserUPN,
&pszUserDN);
BAIL_ON_VMDIR_ERROR(dwError);
mod[0].mod_op = LDAP_MOD_ADD;
mod[0].mod_type = ATTR_USER_PASSWORD;
mod[0].mod_vals.modv_strvals = vals_new;
mod[1].mod_op = LDAP_MOD_DELETE;
mod[1].mod_type = ATTR_USER_PASSWORD;
mod[1].mod_vals.modv_strvals = vals_old;
dwError = ldap_modify_ext_s(
pLd,
pszUserDN,
mods,
NULL,
NULL);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszUserDN);
if (pLd)
{
ldap_unbind_ext_s(pLd, NULL, NULL);
}
return dwError;
error:
VmDirLog(LDAP_DEBUG_TRACE, "VmDirChangePassword failed with error (%u)\n", dwError);
goto cleanup;
}