PATCH: forward uplevel locator requests to local DSA
Luke Howard
lukeh at PADL.COM
Tue Apr 13 11:10:30 GMT 2004
The attached patch forwards uplevel Sam Logon requests from nmbd
to a local DSA over CLDAP.
-- Luke
-------------- next part --------------
Index: nmbd_processlogon.c
===================================================================
RCS file: /home/project/cvs/samba/source/nmbd/nmbd_processlogon.c,v
retrieving revision 1.1.1.5
retrieving revision 1.3
diff -u -r1.1.1.5 -r1.3
--- nmbd_processlogon.c 2004/01/07 06:37:18 1.1.1.5
+++ nmbd_processlogon.c 2004/04/13 10:59:18 1.3
@@ -313,6 +313,99 @@
}
#ifdef HAVE_ADS
else {
+# ifdef NCALRPC_FUNNEL
+ /*
+ * Funnel Net Logon locator requests to local DSA
+ */
+ LDAP *ld;
+ pstring domain;
+ pstring hostname;
+ pstring uri;
+ pstring filter;
+ int rc;
+ char *attrs[] = { "netlogon", NULL };
+ int protocol = LDAP_VERSION3;
+ LDAPMessage *chain, *e;
+ struct berval **bvp;
+ extern int ldap_open_defconn(LDAP *); /* XXX OpenLDAP only */
+
+ get_mydomname(domain);
+ get_myname(hostname);
+
+ pstrcpy(uri, "cldap://");
+ pstrcat(uri, hostname);
+
+ rc = ldap_initialize(&ld, uri);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2, ("Could not initialize LDAP connection for URI %s: %s\n", uri, ldap_err2string(rc)));
+ return;
+ }
+
+ rc = ldap_open_defconn(ld);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2, ("Could not open default connection: %s\n", ldap_err2string(rc)));
+ ldap_unbind(ld);
+ return;
+ }
+
+ rc = ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+ if (rc == LDAP_SUCCESS) {
+ rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);
+ }
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2, ("Could not open set session options: %s\n", ldap_err2string(rc)));
+ ldap_unbind(ld);
+ return;
+ }
+
+ if (SVAL(uniuser, 0) == 0) {
+ snprintf(filter, sizeof(filter),
+ "(&(DnsDomain=%s)(Host=%s))", domain, asccomp);
+ } else {
+ snprintf(filter, sizeof(filter),
+ "(&(DnsDomain=%s)(Host=%s)(User=%s))", domain, asccomp, ascuser);
+ }
+
+ rc = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, filter, attrs,
+ 0, NULL, NULL, NULL, 1, &chain);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2, ("Could not search for %s: %s\n", filter, ldap_err2string(rc)));
+ ldap_unbind(ld);
+ return;
+ }
+
+ e = ldap_first_entry(ld, chain);
+ if (e == NULL) {
+ DEBUG(2, ("Could not retrieve entry from result chain\n"));
+ ldap_msgfree(chain);
+ ldap_unbind(ld);
+ return;
+ }
+
+ bvp = ldap_get_values_len(ld, e, attrs[0]);
+ if (bvp == NULL || bvp[0] == NULL) {
+ DEBUG(2, ("Could not find netlogon attribute in entry\n"));
+ if (bvp != NULL)
+ ldap_value_free_len(bvp);
+ ldap_msgfree(chain);
+ ldap_unbind(ld);
+ return;
+ }
+
+ if (bvp[0]->bv_len >= sizeof(outbuf)) {
+ DEBUG(2, ("Netlogon reply too large for output buffer\n"));
+ ldap_value_free_len(bvp);
+ ldap_msgfree(chain);
+ ldap_unbind(ld);
+ return;
+ }
+ memcpy(outbuf, bvp[0]->bv_val, bvp[0]->bv_len);
+ q += bvp[0]->bv_len;
+
+ ldap_value_free_len(bvp);
+ ldap_msgfree(chain);
+ ldap_unbind(ld);
+# else
GUID domain_guid;
pstring domain;
pstring hostname;
@@ -398,7 +491,7 @@
q_orig = q;
/* Site name */
- size = push_ascii(&q[1], "Default-First-Site-Name", -1, 0);
+ size = push_ascii(&q[1], "Default-First-Site", -1, 0);
SCVAL(q, 0, size);
q += (size + 1);
@@ -419,6 +512,7 @@
q += 4; /* unknown */
SIVAL(q, 0, 0x00000000);
q += 4; /* unknown */
+# endif /* NCALRPC_FUNNEL */
}
#endif
More information about the samba-technical
mailing list