adssearch.pl

samba-3.0.22.tar.gz 编译smb服务器的源码

sub dump_uacc {
	return dump_bitmask_equal(@_,%ads_uacc); 
}

sub dump_uf {
	return dump_bitmask_and(@_,%ads_uf);
}

sub dump_gtype {
	my $ret = dump_bitmask_and(@_,%ads_grouptype);
	$ret .= "\n$tabsize\t";
	$ret .= dump_bitmask_equal(@_,%ads_gtype);
	return $ret;
}

sub dump_atype {
	return dump_bitmask_equal(@_,%ads_atype);
}

sub dump_controls {
	return dump_equal(@_,%ads_controls);
}

sub dump_capabilities {
	return dump_equal(@_,%ads_capabilities);
}

sub dump_extension {
	return dump_equal(@_,%ads_extensions);
}

sub dump_systemflags {
	return dump_bitmask_and(@_,%ads_systemflags);
}

sub dump_instance_type {
	return dump_bitmask_and(@_,%ads_instance_type);
}

sub dump_ds_func {
	return dump_bitmask_equal(@_,%ads_ds_func);
}

sub dump_serverstate {
	return dump_bitmask_equal(@_,%ads_serverstate);
}

sub dump_sdeffective {
	return dump_bitmask_and(@_,%ads_sdeffective);
}

sub dump_trustattr {
	return dump_bitmask_equal(@_,%ads_trustattrs);
}

sub dump_trusttype {
	return dump_bitmask_equal(@_,%ads_trusttype);
}

sub dump_trustdirection {
	return dump_bitmask_equal(@_,%ads_trustdirection);
}

sub dump_pwdproperties {
	return dump_bitmask_and(@_,%ads_pwdproperties);
}

sub dump_frstype {
	return dump_bitmask_equal(@_,%ads_frstypes)
}

sub dump_mixed_domain {
	return dump_bitmask_equal(@_,%ads_mixed_domain);
}

sub dump_sid {
	my $bin_sid = shift;
	return sid2string($bin_sid);
}

sub dump_guid {
	my $guid = shift;
	return guid_to_string($guid);
}

sub dump_secdesc {
	my $val = shift;
	return "FIXME: write sddl-converter!";
}

sub dump_nttime {
	my $nttime = shift;
	if ($nttime == 0) {
		return sprintf("%s (%s)", "never", $nttime);
	}
	my $localtime = localtime(nt_to_unixtime($nttime));
	return sprintf("%s (%s)", $localtime, $nttime);
}

sub dump_nttime_abs {
	if ($_[0] == 9223372036854775807) {
		return sprintf("%s (%s)", "now", $_[0]);
	}
	if ($_[0] == -9223372036854775808 || $_[0] == 0) { # 0x7FFFFFFFFFFFFFFF
		return sprintf("%s (%s)", "never", $_[0]);
	}
	# FIXME: actually *do* abs time !
	return dump_nttime($_[0]);
}

sub dump_timestr {
	my $time = shift;
	if ($time eq "16010101000010.0Z") {
		return sprintf("%s (%s)", "never", $time);
	}
	my ($year,$mon,$mday,$hour,$min,$sec,$zone) = 
		unpack('a4 a2 a2 a2 a2 a2 a4', $time);
	$mon -= 1;
	my $localtime = localtime(timegm($sec,$min,$hour,$mday,$mon,$year));
	return sprintf("%s (%s)", $localtime, $time);
}

sub dump_string {
	return $_[0];
}

sub dump_int {
	return sprintf("%d", $_[0]);
}

sub dump_munged_dial {
	my $dial = shift;
	return "FIXME! decode this";
}

sub dump_cert {
 
	my $cert = shift;
	open(OPENSSL, "| /usr/bin/openssl x509 -text -inform der");
	print OPENSSL $cert;
	close(OPENSSL);
	return "";
}

sub dump_pkt {
	my $pkt = shift;
	return "not yet";
	printf("%s: ", $pkt);
	printf("%02X", $pkt);
	
}

sub dump_gplink {

	my $gplink = shift;
	my $gplink_mod = $gplink;
	my @links = split("\\]\\[", $gplink_mod);
	foreach my $link (@links) {
		$link =~ s/^\[|\]$//g;
		my ($ldap_link, $opt) = split(";", $link);
		my @array = ( "$opt", "\t" );
		printf("%slink: %s, opt: %s\n", $tabsize, $ldap_link, dump_bitmask_and(@array, %ads_gplink_opts));
	}
	return $gplink;
}

sub construct_filter {

	my $tmp = shift;

	if (!$tmp || $opt_notify) {
		return "(objectclass=*)";
	}

	if ($tmp && $tmp !~ /^.*\=/) {
		return "(ANR=$tmp)";
	}

	return $tmp;
	# (&(objectCategory=person)
	# (userAccountControl:$ads_matching_rules{LDAP_MATCHING_RULE_BIT_AND}:=2))
}

sub construct_attrs {
	
	my @attrs = @_;
	
	if (!@attrs) {
		push(@attrs,"*");
	}

	if ($opt_notify) {
		push(@attrs,"uSNChanged");
	}

	if ($opt_display_metadata) {
		push(@attrs,"msDS-ReplAttributeMetaData");
		push(@attrs,"replPropertyMetaData");
	}

	if ($opt_verbose) {
		push(@attrs,"nTSecurityDescriptor");
		push(@attrs,"msDS-KeyVersionNumber");
		push(@attrs,"msDS-User-Account-Control-Computed");
		push(@attrs,"modifyTimeStamp");
	}

	return sort @attrs;
}

sub print_header {

	print "\n";
	printf "%10s: %s\n", "uri", $uri;
	printf "%10s: %s\n", "port", $port;
	printf "%10s: %s\n", "base", $base;
	printf "%10s: %s\n", $sasl_bind ? "principal" : "binddn", $sasl_bind ? $upn : $binddn;
	printf "%10s: %s\n", "password", $password;
	printf "%10s: %s\n", "bind-type", $sasl_bind ? "SASL" : "simple";
	printf "%10s: %s\n", "sasl-mech", $sasl_mech if ($sasl_mech);
	printf "%10s: %s\n", "filter", $filter;
	printf "%10s: %s\n", "scope", $scope;
	printf "%10s: %s\n", "attrs", join(", ", @attrs);
	printf "%10s: %s\n", "controls", join(", ", @ctrls_s);
	printf "%10s: %s\n", "page_size", $page_size if ($paging);
	printf "%10s: %s\n", "start_tls", $opt_starttls ? "yes" : "no";
	printf "\n";
}

sub gen_controls {

	# setup attribute-scoped query control
	my $asq_asn = Convert::ASN1->new;
	$asq_asn->prepare(
		q<	asq ::=	SEQUENCE {
				sourceAttribute   OCTET_STRING
		  	}
		>
	);
	my $ctl_asq_val = $asq_asn->encode( sourceAttribute => $opt_asq);
	my $ctl_asq = Net::LDAP::Control->new(
		type => $ads_controls{'LDAP_SERVER_ASQ_OID'},
		critical => 'true',
		value => $ctl_asq_val);


	# setup extended dn control
	my $asn_extended_dn = Convert::ASN1->new;
	$asn_extended_dn->prepare(
		q<	ExtendedDn ::= SEQUENCE {
				mode     INTEGER
			}
		>
	);

	my $ctl_extended_dn_val = $asn_extended_dn->encode( mode => '1');
	my $ctl_extended_dn =Net::LDAP::Control->new( 
		type => $ads_controls{'LDAP_SERVER_EXTENDED_DN_OID'},
		critical => 'true',
		value => $ctl_extended_dn_val);


	# setup notify control
	my $ctl_notification = Net::LDAP::Control->new( 
		type => $ads_controls{'LDAP_SERVER_NOTIFICATION_OID'},
		critical => 'true');


	# setup paging control
	$ctl_paged = Net::LDAP::Control->new( 
		type => $ads_controls{'LDAP_PAGED_RESULT_OID_STRING'},
		critical => 'true',
		size => $page_size);


	if ($paging) {
		push(@ctrls, $ctl_paged);
		push(@ctrls_s, "LDAP_PAGED_RESULT_OID_STRING" );
	}

	if ($opt_display_extendeddn) {
		push(@ctrls, $ctl_extended_dn);
		push(@ctrls_s, "LDAP_SERVER_EXTENDED_DN_OID");
	} 
	if ($opt_notify) {
		push(@ctrls, $ctl_notification);
		push(@ctrls_s, "LDAP_SERVER_NOTIFICATION_OID");
	}
	
	if ($opt_asq) {
		push(@ctrls, $ctl_asq);
		push(@ctrls_s, "LDAP_SERVER_ASQ_OID");
	}
	
	return @ctrls;
}

sub display_value_generic ($$$) {

	my ($mod,$attr,$value) = @_;
	return unless (defined($value) and defined($attr));

	if ( ! $opt_display_raw && exists $attr_handler{$attr} ) {
		$value = $attr_handler{$attr}($value,$mod);
		write_ads_list($mod,$attr,$value);
		return;
	}
	write_ads($mod,$attr,$value);
}

sub display_attr_generic ($$$) {

	my ($mod,$entry,$attr) = @_;
	return if (!$attr || !$entry);

	my $ref = $entry->get_value($attr, asref => 1);
	my @values = @$ref;

	foreach my $value ( sort @values) {
		display_value_generic($mod,$attr,$value);
	}
}

sub display_entry_generic ($) {

	my $entry = shift;
	return if (!$entry);

	foreach my $attr ( sort $entry->attributes) {
		display_attr_generic("\t",$entry,$attr);	
	}
}

sub display_ldap_err ($) {

	my $msg = shift;
	print_header();
	my ($package, $filename, $line, $subroutine) = caller(0);

	print "got error from ADS:\n";
	printf("%s(%d): ERROR (%s): %s\n", 
		$subroutine, $line, $msg->code, $msg->error);

}

sub process_result {

	my ($msg,$entry) = @_;

	if (!defined($msg)) { 
		return; 
	}

	if ($msg->code) {
		display_ldap_err($msg);
		exit 1;
	}

	if (!defined($entry)) {
		return;
	}

	if ($entry->isa('Net::LDAP::Reference')) {
		foreach my $ref ($entry->references) {
			print "\ngot Reference: [$ref]\n";
		}
		return;
	}

	print "\nfound entry: ".$entry->dn."\n".("-" x 80)."\n";

	display_entry_generic($entry);
}

sub default_callback {

	my ($res,$obj) = @_;

	if (!$opt_notify) {
		return process_result($res,$obj);
	} 
}

sub error_callback {

	my ($msg,$entry) = @_;

	if (!$msg) { 
		return; 
	}

	if ($msg->code) {
		display_ldap_err($msg);
		exit(1);
	}
	return;
}

sub notify_callback {

	my ($msg, $obj) = @_;

	if (! defined($obj)) {
		return;
	}

	if ($obj->isa('Net::LDAP::Reference')) {
		foreach my $ref ($obj->references) {
			print "\ngot Reference: [$ref]\n";
		}
		return;
	}

	while (1) {

		my $async_entry = $async_search->pop_entry;

		if (!$async_entry->dn) {
			print "very weird. entry has no dn\n";
			next;
		}
	
		printf("\ngot changenotify for dn: [%s]\n%s\n", $async_entry->dn, ("-" x 80));

		my $new_usn = $async_entry->get_value('uSNChanged');
		if (!$usn || $new_usn > $usn) {
			$usn = $new_usn;
			if ($opt_notify_nodiffs) {
				display_entry_generic($async_entry);
			} else {
				display_result_diff($async_entry);
			}
		} 
		store_result($async_entry);
	}
}

sub do_bind($$) {

	my $async_ldap_hd = shift || return undef;
	my $sasl_bind = shift;

	if ($sasl_bind) {
		if (!$works_sasl) {
			print "this version of Net::LDAP does not have proper SASL support.\n";
			print "Need at least perl-ldap V. $pref_version\n";
		}
		$sasl_hd = get_sasl_hd();
		if (!$sasl_hd) {
			print "failed to create SASL handle\n";
			return -1;
		}
		$mesg = $async_ldap_hd->bind( 
			sasl => $sasl_hd, 
			callback => \&error_callback 
		) || die "doesnt work"; 
	} else {
		$sasl_mech = "";
		$mesg = $async_ldap_hd->bind( 
			$binddn, 
			password => $password, 
			callback => \&error_callback
		) || die "doesnt work";
	};
	if ($mesg->code) { 
		display_ldap_err($mesg);
		return -1;
	}
	return 0;
}

sub do_unbind() {
	if ($async_ldap_hd) {
		$async_ldap_hd->unbind;
	}
	if ($sync_ldap_hd) {
		$sync_ldap_hd->unbind;
	}
}

###############################################################################

sub main () {

	$filter = construct_filter($query);
	@attrs  = construct_attrs(@attrs);
	@ctrls  = gen_controls();
	if (check_ctrls($server,$dse,@ctrls) == -1) {
		print "not all required LDAP Controls are supported by this server\n";
		exit 1;
	}

	if ($opt_dump_rootdse) {
		print "Dumping Root-DSE:\n";
		display_entry_generic($dse);
		exit 0;
	}

	if ($opt_dump_wknguid) {
		dump_wknguid();
		exit 0;
	}

	if (do_bind($async_ldap_hd, $sasl_bind) == -1) {
		exit 1;
	}

	print_header();

	if ($opt_dump_schema) {
		print "Dumping Schema:\n";
		my $ads_schema = $async_ldap_hd->schema;
		$ads_schema->dump;
		exit 0;
	}

	while (1) {

		$async_search = $async_ldap_hd->search( 
			base => $base, 
			filter => $filter, 
			attrs => [ @attrs ],
			control => [ @ctrls ], 
			callback => \&default_callback,
			scope => $scope,
				) || die "cannot search";

		if ($opt_notify) {

			print "Base [$base] is registered now for change-notify\n";
			print "\nWaiting for change-notify...\n";

			my $sync_ldap_hd = get_ldap_hd($server,0);
			if (do_bind($sync_ldap_hd, $sasl_bind) == -1) {
				exit 2;
			}

			my $sync_search = $sync_ldap_hd->search( 
				base => $base, 
				filter => $filter, 
				attrs => [ @attrs ],
				callback => \&notify_callback,
				scope => $scope,
				) || die "cannot search";

		}

		$total_entry_count += $async_search->count;
		++$page_count;
		print "-" x 80 . "\n";
		printf("Got %d Entries in Page %d \n\n", 
			$async_search->count, $page_count);
		my ($resp) = $async_search->control( 
			$ads_controls{'LDAP_PAGED_RESULT_OID_STRING'} ) or last;
		last unless ref $resp && $ctl_paged->cookie($resp->cookie);
	}

	if ($async_search->entries == 0) {
		print "No entries found with filter $filter\n";
	} else {
		print "Got $total_entry_count Entries in $page_count Pages\n" if ($paging);
	}

	do_unbind()
}

main();

exit 0;