1/* 2 Unix SMB/CIFS mplementation. 3 LDAP protocol helper functions for SAMBA 4 Copyright (C) Gerald Carter 2001-2003 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. 18 19*/ 20 21#ifndef _SMBLDAP_H 22#define _SMBLDAP_H 23 24struct smbldap_state; 25 26#ifdef HAVE_LDAP 27 28/* specify schema versions between 2.2. and 3.0 */ 29 30#define SCHEMAVER_SAMBAACCOUNT 1 31#define SCHEMAVER_SAMBASAMACCOUNT 2 32 33/* objectclass names */ 34 35#define LDAP_OBJ_SAMBASAMACCOUNT "sambaSamAccount" 36#define LDAP_OBJ_SAMBAACCOUNT "sambaAccount" 37#define LDAP_OBJ_GROUPMAP "sambaGroupMapping" 38#define LDAP_OBJ_DOMINFO "sambaDomain" 39#define LDAP_OBJ_IDPOOL "sambaUnixIdPool" 40#define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" 41#define LDAP_OBJ_SID_ENTRY "sambaSidEntry" 42#define LDAP_OBJ_TRUST_PASSWORD "sambaTrustPassword" 43#define LDAP_OBJ_TRUSTDOM_PASSWORD "sambaTrustedDomainPassword" 44 45#define LDAP_OBJ_ACCOUNT "account" 46#define LDAP_OBJ_POSIXACCOUNT "posixAccount" 47#define LDAP_OBJ_POSIXGROUP "posixGroup" 48#define LDAP_OBJ_OU "organizationalUnit" 49 50/* some generic attributes that get reused a lot */ 51 52#define LDAP_ATTRIBUTE_SID "sambaSID" 53#define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" 54#define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" 55#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList" 56 57/* attribute map table indexes */ 58 59#define LDAP_ATTR_LIST_END 0 60#define LDAP_ATTR_UID 1 61#define LDAP_ATTR_UIDNUMBER 2 62#define LDAP_ATTR_GIDNUMBER 3 63#define LDAP_ATTR_UNIX_HOME 4 64#define LDAP_ATTR_PWD_LAST_SET 5 65#define LDAP_ATTR_PWD_CAN_CHANGE 6 66#define LDAP_ATTR_PWD_MUST_CHANGE 7 67#define LDAP_ATTR_LOGON_TIME 8 68#define LDAP_ATTR_LOGOFF_TIME 9 69#define LDAP_ATTR_KICKOFF_TIME 10 70#define LDAP_ATTR_CN 11 71#define LDAP_ATTR_DISPLAY_NAME 12 72#define LDAP_ATTR_HOME_PATH 13 73#define LDAP_ATTR_LOGON_SCRIPT 14 74#define LDAP_ATTR_PROFILE_PATH 15 75#define LDAP_ATTR_DESC 16 76#define LDAP_ATTR_USER_WKS 17 77#define LDAP_ATTR_USER_SID 18 78#define LDAP_ATTR_USER_RID 18 79#define LDAP_ATTR_PRIMARY_GROUP_SID 19 80#define LDAP_ATTR_PRIMARY_GROUP_RID 20 81#define LDAP_ATTR_LMPW 21 82#define LDAP_ATTR_NTPW 22 83#define LDAP_ATTR_DOMAIN 23 84#define LDAP_ATTR_OBJCLASS 24 85#define LDAP_ATTR_ACB_INFO 25 86#define LDAP_ATTR_NEXT_USERRID 26 87#define LDAP_ATTR_NEXT_GROUPRID 27 88#define LDAP_ATTR_DOM_SID 28 89#define LDAP_ATTR_HOME_DRIVE 29 90#define LDAP_ATTR_GROUP_SID 30 91#define LDAP_ATTR_GROUP_TYPE 31 92#define LDAP_ATTR_SID 32 93#define LDAP_ATTR_ALGORITHMIC_RID_BASE 33 94#define LDAP_ATTR_NEXT_RID 34 95#define LDAP_ATTR_BAD_PASSWORD_COUNT 35 96#define LDAP_ATTR_LOGON_COUNT 36 97#define LDAP_ATTR_MUNGED_DIAL 37 98#define LDAP_ATTR_BAD_PASSWORD_TIME 38 99#define LDAP_ATTR_PWD_HISTORY 39 100#define LDAP_ATTR_SID_LIST 40 101#define LDAP_ATTR_MOD_TIMESTAMP 41 102#define LDAP_ATTR_LOGON_HOURS 42 103#define LDAP_ATTR_TRUST_PASSWD_FLAGS 43 104#define LDAP_ATTR_SN 44 105 106 107typedef struct _attrib_map_entry { 108 int attrib; 109 const char *name; 110} ATTRIB_MAP_ENTRY; 111 112 113/* structures */ 114 115extern ATTRIB_MAP_ENTRY attrib_map_v22[]; 116extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v22[]; 117extern ATTRIB_MAP_ENTRY attrib_map_v30[]; 118extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[]; 119extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; 120extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; 121extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; 122extern ATTRIB_MAP_ENTRY idpool_attr_list[]; 123extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; 124extern ATTRIB_MAP_ENTRY trustpw_attr_list[]; 125 126 127/* Function declarations -- not included in proto.h so we don't 128 have to worry about LDAP structure types */ 129 130NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, 131 struct event_context *event_ctx, 132 const char *location, 133 struct smbldap_state **smbldap_state); 134 135const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); 136const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] ); 137void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); 138void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, 139 LDAPMod ***mods, 140 const char *attribute, const char *newval); 141bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, 142 const char *attribute, char *value, 143 int max_len); 144int smbldap_modify(struct smbldap_state *ldap_state, 145 const char *dn, 146 LDAPMod *attrs[]); 147 148/** 149 * Struct to keep the state for all the ldap stuff 150 * 151 */ 152 153struct smbldap_state { 154 LDAP *ldap_struct; 155 pid_t pid; 156 time_t last_ping; 157 /* retrive-once info */ 158 const char *uri; 159 160 /* credentials */ 161 bool anonymous; 162 char *bind_dn; 163 char *bind_secret; 164 165 bool paged_results; 166 167 unsigned int num_failures; 168 169 time_t last_use; 170 struct event_context *event_context; 171 struct timed_event *idle_event; 172 173 struct timeval last_rebind; 174}; 175 176/* struct used by both pdb_ldap.c and pdb_nds.c */ 177 178struct ldapsam_privates { 179 struct smbldap_state *smbldap_state; 180 181 /* Former statics */ 182 LDAPMessage *result; 183 LDAPMessage *entry; 184 int index; 185 186 const char *domain_name; 187 DOM_SID domain_sid; 188 189 /* configuration items */ 190 int schema_ver; 191 192 char *domain_dn; 193 194 /* Is this NDS ldap? */ 195 int is_nds_ldap; 196 197 /* ldap server location parameter */ 198 char *location; 199 200 struct { 201 char *filter; 202 LDAPMessage *result; 203 } search_cache; 204}; 205 206/* Functions shared between pdb_ldap.c and pdb_nds.c. */ 207NTSTATUS pdb_init_ldapsam_compat( struct pdb_methods **pdb_method, const char *location); 208void private_data_free_fn(void **result); 209int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state, 210 const char *user, 211 LDAPMessage ** result, 212 const char **attr); 213NTSTATUS pdb_init_ldapsam( struct pdb_methods **pdb_method, const char *location); 214const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver ); 215 216char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, 217 const char *attribute, 218 TALLOC_CTX *mem_ctx); 219char * smbldap_talloc_first_attribute(LDAP *ldap_struct, LDAPMessage *entry, 220 const char *attribute, 221 TALLOC_CTX *mem_ctx); 222char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry, 223 const char *attribute, 224 TALLOC_CTX *mem_ctx); 225bool smbldap_talloc_single_blob(TALLOC_CTX *mem_ctx, LDAP *ld, 226 LDAPMessage *msg, const char *attrib, 227 DATA_BLOB *blob); 228bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib, 229 struct dom_sid *sid); 230void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result); 231void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod); 232char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, 233 LDAPMessage *entry); 234 235 236#else 237#define LDAP void 238#define LDAPMod void 239#define LDAP_CONST const 240#define LDAPControl void 241struct berval; 242struct ldapsam_privates; 243#endif /* HAVE_LDAP */ 244 245#define LDAP_DEFAULT_TIMEOUT 15 246#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2 247#define LDAP_PAGE_SIZE 1024 248 249#endif /* _SMBLDAP_H */ 250