📄 pdb_ldap.c
字号:
standard_sub_basic( username, tmpstring, sizeof(tmpstring) ); } pdb_set_profile_path(sampass, tmpstring, PDB_SET); } if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), acct_desc)) { /* leave as default */ } else { pdb_set_acct_desc(sampass, acct_desc, PDB_SET); } if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations)) { /* leave as default */; } else { pdb_set_workstations(sampass, workstations, PDB_SET); } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL), munged_dial, sizeof(munged_dial))) { /* leave as default */; } else { pdb_set_munged_dial(sampass, munged_dial, PDB_SET); } /* FIXME: hours stuff should be cleaner */ logon_divs = 168; hours_len = 21; memset(hours, 0xff, hours_len); if (ldap_state->is_nds_ldap) { char *user_dn; size_t pwd_len; char clear_text_pw[512]; /* Make call to Novell eDirectory ldap extension to get clear text password. NOTE: This will only work if we have an SSL connection to eDirectory. */ user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); if (user_dn != NULL) { DEBUG(3, ("init_sam_from_ldap: smbldap_get_dn(%s) returned '%s'\n", username, user_dn)); pwd_len = sizeof(clear_text_pw); if (pdb_nds_get_password(ldap_state->smbldap_state, user_dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) { nt_lm_owf_gen(clear_text_pw, smbntpwd, smblmpwd); if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) return False; ZERO_STRUCT(smblmpwd); if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) return False; ZERO_STRUCT(smbntpwd); use_samba_attrs = False; } } else { DEBUG(0, ("init_sam_from_ldap: failed to get user_dn for '%s'\n", username)); } } if (use_samba_attrs) { if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smblmpwd); memset((char *)temp, '\0', strlen(temp)+1); if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) return False; ZERO_STRUCT(smblmpwd); } if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smbntpwd); memset((char *)temp, '\0', strlen(temp)+1); if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) return False; ZERO_STRUCT(smbntpwd); } } pwHistLen = 0; pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen > 0){ uint8 *pwhist = NULL; int i; /* We can only store (sizeof(pstring)-1)/64 password history entries. */ pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64)); if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){ DEBUG(0, ("init_sam_from_ldap: malloc failed!\n")); return False; } memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), temp)) { /* leave as default - zeros */ } else { BOOL hex_failed = False; for (i = 0; i < pwHistLen; i++){ /* Get the 16 byte salt. */ if (!pdb_gethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) { hex_failed = True; break; } /* Get the 16 byte MD5 hash of salt+passwd. */ if (!pdb_gethexpwd(&temp[(i*64)+32], &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) { hex_failed = True; break; } } if (hex_failed) { DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n", username)); memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); } } if (!pdb_set_pw_history(sampass, pwhist, pwHistLen, PDB_SET)){ SAFE_FREE(pwhist); return False; } SAFE_FREE(pwhist); } if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp)) { acct_ctrl |= ACB_NORMAL; } else { acct_ctrl = pdb_decode_acct_ctrl(temp); if (acct_ctrl == 0) acct_ctrl |= ACB_NORMAL; pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); } pdb_set_hours_len(sampass, hours_len, PDB_SET); pdb_set_logon_divs(sampass, logon_divs, PDB_SET); if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) { /* leave as default */ } else { bad_password_count = (uint32) atol(temp); pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); } if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_TIME), temp)) { /* leave as default */ } else { bad_password_time = (time_t) atol(temp); pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); } if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_COUNT), temp)) { /* leave as default */ } else { logon_count = (uint32) atol(temp); pdb_set_logon_count(sampass, logon_count, PDB_SET); } /* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */ if(!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_HOURS), temp)) { /* leave as default */ } else { pdb_gethexhours(temp, hours); memset((char *)temp, '\0', strlen(temp) +1); pdb_set_hours(sampass, hours, PDB_SET); ZERO_STRUCT(hours); } /* check the timestamp of the cache vs ldap entry */ if (!(ldap_entry_time = ldapsam_get_entry_timestamp(ldap_state, entry))) return True; /* see if we have newer updates */ if (!(cache_entry = login_cache_read(sampass))) { DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n", (unsigned int)pdb_get_bad_password_count(sampass), (unsigned int)pdb_get_bad_password_time(sampass))); return True; } DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n", (unsigned int)ldap_entry_time, (unsigned int)cache_entry->entry_timestamp, (unsigned int)cache_entry->bad_password_time)); if (ldap_entry_time > cache_entry->entry_timestamp) { /* cache is older than directory , so we need to delete the entry but allow the fields to be written out */ login_cache_delentry(sampass); } else { /* read cache in */ pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) | (cache_entry->acct_ctrl & ACB_AUTOLOCK), PDB_SET); pdb_set_bad_password_count(sampass, cache_entry->bad_password_count, PDB_SET); pdb_set_bad_password_time(sampass, cache_entry->bad_password_time, PDB_SET); } SAFE_FREE(cache_entry); return True;}/********************************************************************** Initialize the ldap db from a SAM_ACCOUNT. Called on update. (Based on init_buffer_from_sam in pdb_tdb.c)*********************************************************************/static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, LDAPMessage *existing, LDAPMod *** mods, SAM_ACCOUNT * sampass, BOOL (*need_update)(const SAM_ACCOUNT *, enum pdb_elements)){ pstring temp; uint32 rid; if (mods == NULL || sampass == NULL) { DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n")); return False; } *mods = NULL; /* * took out adding "objectclass: sambaAccount" * do this on a per-mod basis */ if (need_update(sampass, PDB_USERNAME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, "uid", pdb_get_username(sampass)); DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); /* only update the RID if we actually need to */ if (need_update(sampass, PDB_USERSID)) { fstring sid_string; fstring dom_sid_string; const DOM_SID *user_sid = pdb_get_user_sid(sampass); switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) { DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", sid_to_string(sid_string, user_sid), sid_to_string(dom_sid_string, &ldap_state->domain_sid))); return False; } slprintf(temp, sizeof(temp) - 1, "%i", rid); smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp); break; case SCHEMAVER_SAMBASAMACCOUNT: smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), sid_to_string(sid_string, user_sid)); break; default: DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n")); break; } } /* we don't need to store the primary group RID - so leaving it 'free' to hang off the unix primary group makes life easier */ if (need_update(sampass, PDB_GROUPSID)) { fstring sid_string; fstring dom_sid_string; const DOM_SID *group_sid = pdb_get_group_sid(sampass); switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) { DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n", sid_to_string(sid_string, group_sid), sid_to_string(dom_sid_string, &ldap_state->domain_sid))); return False; } slprintf(temp, sizeof(temp) - 1, "%i", rid); smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_RID), temp); break; case SCHEMAVER_SAMBASAMACCOUNT: smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid)); break; default: DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n")); break; } } /* displayName, cn, and gecos should all be the same * most easily accomplished by giving them the same OID * gecos isn't set here b/c it should be handled by the * add-user script * We change displayName only and fall back to cn if * it does not exist. */ if (need_update(sampass, PDB_FULLNAME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), pdb_get_fullname(sampass)); if (need_update(sampass, PDB_ACCTDESC)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), pdb_get_acct_desc(sampass)); if (need_update(sampass, PDB_WORKSTATIONS)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), pdb_get_workstations(sampass)); if (need_update(sampass, PDB_MUNGEDDIAL)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL), pdb_get_munged_dial(sampass)); if (need_update(sampass, PDB_SMBHOME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), pdb_get_homedir(sampass)); if (need_update(sampass, PDB_DRIVE)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), pdb_get_dir_drive(sampass)); if (need_update(sampass, PDB_LOGONSCRIPT)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), pdb_get_logon_script(sampass)); if (need_update(sampass, PDB_PROFILE)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), pdb_get_profile_path(sampass)); slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass)); if (need_update(sampass, PDB_LOGONTIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp); slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass)); if (need_update(sampass, PDB_LOGOFFTIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp); slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass)); if (need_update(sampass, PDB_KICKOFFTIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp); slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass)); if (need_update(sampass, PDB_CANCHANGETIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp); slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass)); if (need_update(sampass, PDB_MUSTCHANGETIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp); if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) || (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) { if (need_update(sampass, PDB_LMPASSWD)) { const uchar *lm_pw = pdb_get_lanman_passwd(sampass); if (lm_pw) { pdb_sethexpwd(temp, lm_pw, pdb_get_acct_ctrl(sampass));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -