本文整理汇总了C++中ADS_ERROR函数的典型用法代码示例。如果您正苦于以下问题:C++ ADS_ERROR函数的具体用法?C++ ADS_ERROR怎么用?C++ ADS_ERROR使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ADS_ERROR函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: ads_guess_service_principal
ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
char **returned_principal)
{
char *princ = NULL;
if (ads->server.realm && ads->server.ldap_server) {
char *server, *server_realm;
server = SMB_STRDUP(ads->server.ldap_server);
server_realm = SMB_STRDUP(ads->server.realm);
if (!server || !server_realm) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
strlower_m(server);
strupper_m(server_realm);
asprintf(&princ, "ldap/%[email protected]%s", server, server_realm);
SAFE_FREE(server);
SAFE_FREE(server_realm);
if (!princ) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
} else if (ads->config.realm && ads->config.ldap_server_name) {
char *server, *server_realm;
server = SMB_STRDUP(ads->config.ldap_server_name);
server_realm = SMB_STRDUP(ads->config.realm);
if (!server || !server_realm) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
strlower_m(server);
strupper_m(server_realm);
asprintf(&princ, "ldap/%[email protected]%s", server, server_realm);
SAFE_FREE(server);
SAFE_FREE(server_realm);
if (!princ) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
}
if (!princ) {
return ADS_ERROR(LDAP_PARAM_ERROR);
}
*returned_principal = princ;
return ADS_SUCCESS;
}
开发者ID:AllardJ,项目名称:Tomato,代码行数:55,代码来源:util.c
示例2: ads_sasl_spnego_rawkrb5_bind
/*
perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob = data_blob_null;
struct berval cred, *scred = NULL;
DATA_BLOB session_key = data_blob_null;
int rc;
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0,
&ads->auth.tgs_expire);
if (rc) {
return ADS_ERROR_KRB5(rc);
}
/* now send the auth packet and we should be done */
cred.bv_val = (char *)blob.data;
cred.bv_len = blob.length;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&blob);
data_blob_free(&session_key);
if(scred)
ber_bvfree(scred);
return ADS_ERROR(rc);
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:34,代码来源:sasl.c
示例3: ads_sasl_bind
ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
{
const char *attrs[] = {"supportedSASLMechanisms", NULL};
char **values;
ADS_STATUS status;
int i, j;
LDAPMessage *res;
/* get a list of supported SASL mechanisms */
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) return status;
values = ldap_get_values(ads->ld, res, "supportedSASLMechanisms");
/* try our supported mechanisms in order */
for (i=0;sasl_mechanisms[i].name;i++) {
/* see if the server supports it */
for (j=0;values && values[j];j++) {
if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
DEBUG(4,("Found SASL mechanism %s\n", values[j]));
status = sasl_mechanisms[i].fn(ads);
ldap_value_free(values);
ldap_msgfree(res);
return status;
}
}
}
ldap_value_free(values);
ldap_msgfree(res);
return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
}
开发者ID:AllardJ,项目名称:Tomato,代码行数:32,代码来源:sasl.c
示例4: ads_find_printer_on_server
/*
find a printer given the name and the hostname
Note that results "res" may be allocated on return so that the
results can be used. It should be freed using ads_msgfree.
*/
ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, LDAPMessage **res,
const char *printer,
const char *servername)
{
ADS_STATUS status;
char *srv_dn, **srv_cn, *s = NULL;
const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
status = ads_find_machine_acct(ads, res, servername);
if (!ADS_ERR_OK(status)) {
DEBUG(1, ("ads_find_printer_on_server: cannot find host %s in ads\n",
servername));
return status;
}
if (ads_count_replies(ads, *res) != 1) {
ads_msgfree(ads, *res);
*res = NULL;
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
}
srv_dn = ldap_get_dn(ads->ldap.ld, *res);
if (srv_dn == NULL) {
ads_msgfree(ads, *res);
*res = NULL;
return ADS_ERROR(LDAP_NO_MEMORY);
}
srv_cn = ldap_explode_dn(srv_dn, 1);
if (srv_cn == NULL) {
ldap_memfree(srv_dn);
ads_msgfree(ads, *res);
*res = NULL;
return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
}
ads_msgfree(ads, *res);
*res = NULL;
if (asprintf(&s, "(cn=%s-%s)", srv_cn[0], printer) == -1) {
ldap_memfree(srv_dn);
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_search(ads, res, s, attrs);
ldap_memfree(srv_dn);
ldap_value_free(srv_cn);
SAFE_FREE(s);
return status;
}
开发者ID:AIdrifter,项目名称:samba,代码行数:51,代码来源:ldap_printer.c
示例5: ads_add_user_acct
ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
const char *container, const char *fullname)
{
TALLOC_CTX *ctx;
ADS_MODLIST mods;
ADS_STATUS status;
const char *upn, *new_dn, *name, *controlstr;
char *name_escaped = NULL;
const char *objectClass[] = {"top", "person", "organizationalPerson",
"user", NULL};
if (fullname && *fullname) name = fullname;
else name = user;
if (!(ctx = talloc_init("ads_add_user_acct")))
return ADS_ERROR(LDAP_NO_MEMORY);
status = ADS_ERROR(LDAP_NO_MEMORY);
if (!(upn = talloc_asprintf(ctx, "%[email protected]%s", user, ads->config.realm)))
goto done;
if (!(name_escaped = escape_rdn_val_string_alloc(name)))
goto done;
if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
ads->config.bind_path)))
goto done;
if (!(controlstr = talloc_asprintf(ctx, "%u", (UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE))))
goto done;
if (!(mods = ads_init_mods(ctx)))
goto done;
ads_mod_str(ctx, &mods, "cn", name);
ads_mod_strlist(ctx, &mods, "objectClass", objectClass);
ads_mod_str(ctx, &mods, "userPrincipalName", upn);
ads_mod_str(ctx, &mods, "name", name);
ads_mod_str(ctx, &mods, "displayName", name);
ads_mod_str(ctx, &mods, "sAMAccountName", user);
ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
status = ads_gen_add(ads, new_dn, mods);
done:
SAFE_FREE(name_escaped);
talloc_destroy(ctx);
return status;
}
开发者ID:gojdic,项目名称:samba,代码行数:45,代码来源:ldap_user.c
示例6: ads_find_user_acct
/*
find a user account
*/
ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, LDAPMessage **res,
const char *user)
{
ADS_STATUS status;
char *ldap_exp;
const char *attrs[] = {"*", NULL};
char *escaped_user = escape_ldap_string_alloc(user);
if (!escaped_user) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) {
SAFE_FREE(escaped_user);
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_search(ads, res, ldap_exp, attrs);
SAFE_FREE(ldap_exp);
SAFE_FREE(escaped_user);
return status;
}
开发者ID:gojdic,项目名称:samba,代码行数:23,代码来源:ldap_user.c
示例7: ads_generate_service_principal
static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
const char *given_principal,
struct ads_service_principal *p)
{
ADS_STATUS status;
#ifdef HAVE_KRB5
gss_buffer_desc input_name;
/* GSS_KRB5_NT_PRINCIPAL_NAME */
gss_OID_desc nt_principal =
{10, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")};
uint32 minor_status;
int gss_rc;
#endif
ZERO_STRUCTP(p);
/* I've seen a child Windows 2000 domain not send
the principal name back in the first round of
the SASL bind reply. So we guess based on server
name and realm. --jerry */
/* Also try best guess when we get the w2k8 ignore principal
back, or when we are configured to ignore it - gd,
abartlet */
if (!lp_client_use_spnego_principal() ||
!given_principal ||
strequal(given_principal, ADS_IGNORE_PRINCIPAL)) {
status = ads_guess_service_principal(ads, &p->string);
if (!ADS_ERR_OK(status)) {
return status;
}
} else {
p->string = SMB_STRDUP(given_principal);
if (!p->string) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
}
#ifdef HAVE_KRB5
input_name.value = p->string;
input_name.length = strlen(p->string);
gss_rc = gss_import_name(&minor_status, &input_name, &nt_principal, &p->name);
if (gss_rc) {
ads_free_service_principal(p);
return ADS_ERROR_GSS(gss_rc, minor_status);
}
#endif
return ADS_SUCCESS;
}
开发者ID:AIdrifter,项目名称:samba,代码行数:52,代码来源:sasl.c
示例8: cmis_ad_flash_init
void cmis_ad_flash_init(void)
#if 0
{
uint8_t ret = 0;
g_flash_mem_map = CMIS_MALLOC(CMIS_ADS_FLASH_LEN);
if(g_flash_mem_map == NULL)
{
ADS_ERROR("flash malloc ERROR\n");
while(1);
}
memset(g_flash_mem_map,0,CMIS_ADS_FLASH_LEN*sizeof(uint8_t));
app_porting_ads_flash_init(CMIS_ADS_FLASH_LEN/*+0x1000*/);
g_flash_dirty_flag = 0;
ret = app_porting_ads_flash_read_data(0,g_flash_mem_map,CMIS_ADS_FLASH_LEN);
if(ret != 1)
{
ADS_ERROR("app_porting_ads_flash_read_data failed\n");
return;
}
}
开发者ID:github188,项目名称:GX3113C_JIMO,代码行数:22,代码来源:cmis_ads_flash.c
示例9: ads_sasl_bind
ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
{
const char *attrs[] = {"supportedSASLMechanisms", NULL};
char **values;
ADS_STATUS status;
int i, j;
LDAPMessage *res;
struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
/* get a list of supported SASL mechanisms */
status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) return status;
values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms");
if (ads->auth.flags & ADS_AUTH_SASL_SEAL) {
wrap->wrap_type = ADS_SASLWRAP_TYPE_SEAL;
} else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) {
wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
} else {
wrap->wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
}
/* try our supported mechanisms in order */
for (i=0;sasl_mechanisms[i].name;i++) {
/* see if the server supports it */
for (j=0;values && values[j];j++) {
if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
DEBUG(4,("Found SASL mechanism %s\n", values[j]));
retry:
status = sasl_mechanisms[i].fn(ads);
if (status.error_type == ENUM_ADS_ERROR_LDAP &&
status.err.rc == LDAP_STRONG_AUTH_REQUIRED &&
wrap->wrap_type == ADS_SASLWRAP_TYPE_PLAIN)
{
DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED "
"retrying with signing enabled\n"));
wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
goto retry;
}
ldap_value_free(values);
ldap_msgfree(res);
return status;
}
}
}
ldap_value_free(values);
ldap_msgfree(res);
return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
}
开发者ID:Alexander--,项目名称:samba,代码行数:51,代码来源:sasl.c
示例10: ads_do_search_all_sd_flags
ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
const char *filter, const char **attrs,
uint32_t sd_flags, LDAPMessage **res)
{
int rv;
struct ldb_request *req;
struct ldb_control **controls;
struct ldb_parse_tree *tree;
struct ldb_dn *ldb_dn;
controls = talloc_zero_array(ads, struct ldb_control *, 2);
controls[0] = talloc(ads, struct ldb_control);
controls[0]->oid = LDB_CONTROL_SD_FLAGS_OID;
controls[0]->data = &sd_flags;
controls[0]->critical = 1;
tree = ldb_parse_tree(ads, filter);
ldb_dn = ldb_dn_new(ads, ads->ldbctx, dn);
rv = ldb_build_search_req_ex(&req, ads->ldbctx, (TALLOC_CTX *)res, ldb_dn, scope, tree, attrs, controls,
res, ldb_search_default_callback, NULL);
if (rv != LDB_SUCCESS) {
talloc_free(*res);
talloc_free(req);
talloc_free(tree);
return ADS_ERROR(rv);
}
rv = ldb_request(ads->ldbctx, req);
if (rv == LDB_SUCCESS) {
rv = ldb_wait(req->handle, LDB_WAIT_ALL);
}
talloc_free(req);
talloc_free(tree);
return ADS_ERROR(rv);
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:38,代码来源:ads_convenience.c
示例11: ads_search_retry_sid
ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
const struct dom_sid *sid,
const char **attrs)
{
char *dn, *sid_string;
ADS_STATUS status;
sid_string = sid_binstring_hex_talloc(talloc_tos(), sid);
if (sid_string == NULL) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (!asprintf(&dn, "<SID=%s>", sid_string)) {
TALLOC_FREE(sid_string);
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, res);
SAFE_FREE(dn);
TALLOC_FREE(sid_string);
return status;
}
开发者ID:Distrotech,项目名称:samba,代码行数:23,代码来源:ldap_utils.c
示例12: ads_add_group_acct
ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
const char *container, const char *comment)
{
TALLOC_CTX *ctx;
ADS_MODLIST mods;
ADS_STATUS status;
char *new_dn;
char *name_escaped = NULL;
const char *objectClass[] = {"top", "group", NULL};
if (!(ctx = talloc_init("ads_add_group_acct")))
return ADS_ERROR(LDAP_NO_MEMORY);
status = ADS_ERROR(LDAP_NO_MEMORY);
if (!(name_escaped = escape_rdn_val_string_alloc(group)))
goto done;
if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
ads->config.bind_path)))
goto done;
if (!(mods = ads_init_mods(ctx)))
goto done;
ads_mod_str(ctx, &mods, "cn", group);
ads_mod_strlist(ctx, &mods, "objectClass",objectClass);
ads_mod_str(ctx, &mods, "name", group);
if (comment && *comment)
ads_mod_str(ctx, &mods, "description", comment);
ads_mod_str(ctx, &mods, "sAMAccountName", group);
status = ads_gen_add(ads, new_dn, mods);
done:
SAFE_FREE(name_escaped);
talloc_destroy(ctx);
return status;
}
开发者ID:gojdic,项目名称:samba,代码行数:36,代码来源:ldap_user.c
示例13: ads_guess_target
static ADS_STATUS ads_guess_target(ADS_STRUCT *ads,
char **service,
char **hostname,
char **principal)
{
ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
char *princ = NULL;
TALLOC_CTX *frame;
char *server = NULL;
char *realm = NULL;
int rc;
frame = talloc_stackframe();
if (frame == NULL) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (ads->server.realm && ads->server.ldap_server) {
server = strlower_talloc(frame, ads->server.ldap_server);
if (server == NULL) {
goto out;
}
realm = strupper_talloc(frame, ads->server.realm);
if (realm == NULL) {
goto out;
}
/*
* If we got a name which is bigger than a NetBIOS name,
* but isn't a FQDN, create one.
*/
if (strlen(server) > 15 && strstr(server, ".") == NULL) {
char *dnsdomain;
dnsdomain = strlower_talloc(frame, ads->server.realm);
if (dnsdomain == NULL) {
goto out;
}
server = talloc_asprintf(frame,
"%s.%s",
server, dnsdomain);
if (server == NULL) {
goto out;
}
}
} else if (ads->config.realm && ads->config.ldap_server_name) {
server = strlower_talloc(frame, ads->config.ldap_server_name);
if (server == NULL) {
goto out;
}
realm = strupper_talloc(frame, ads->config.realm);
if (realm == NULL) {
goto out;
}
/*
* If we got a name which is bigger than a NetBIOS name,
* but isn't a FQDN, create one.
*/
if (strlen(server) > 15 && strstr(server, ".") == NULL) {
char *dnsdomain;
dnsdomain = strlower_talloc(frame, ads->server.realm);
if (dnsdomain == NULL) {
goto out;
}
server = talloc_asprintf(frame,
"%s.%s",
server, dnsdomain);
if (server == NULL) {
goto out;
}
}
}
if (server == NULL || realm == NULL) {
goto out;
}
*service = SMB_STRDUP("ldap");
if (*service == NULL) {
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
}
*hostname = SMB_STRDUP(server);
if (*hostname == NULL) {
SAFE_FREE(*service);
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
}
rc = asprintf(&princ, "ldap/%[email protected]%s", server, realm);
if (rc == -1 || princ == NULL) {
SAFE_FREE(*service);
SAFE_FREE(*hostname);
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
//.........这里部分代码省略.........
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:sasl.c
示例14: bind
/*
perform a LDAP/SASL/SPNEGO/{NTLMSSP,KRB5} bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
const char *sasl,
enum credentials_use_kerberos krb5_state,
const char *target_service,
const char *target_hostname,
const DATA_BLOB server_blob)
{
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
struct auth_generic_state *auth_generic_state;
bool use_spnego_principal = lp_client_use_spnego_principal();
const char *sasl_list[] = { sasl, NULL };
NTTIME end_nt_time;
struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_username(auth_generic_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_domain(auth_generic_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_password(auth_generic_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
if (server_blob.length == 0) {
use_spnego_principal = false;
}
if (krb5_state == CRED_DONT_USE_KERBEROS) {
use_spnego_principal = false;
}
cli_credentials_set_kerberos_state(auth_generic_state->credentials,
krb5_state);
if (target_service != NULL) {
nt_status = gensec_set_target_service(
auth_generic_state->gensec_security,
target_service);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_hostname != NULL) {
nt_status = gensec_set_target_hostname(
auth_generic_state->gensec_security,
target_hostname);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_service != NULL && target_hostname != NULL) {
use_spnego_principal = false;
}
switch (wrap->wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
} else {
/*
* windows servers are broken with sign only,
* so we let the NTLMSSP backend to seal here,
* via GENSEC_FEATURE_LDAP_STYLE.
*/
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_LDAP_STYLE);
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
nt_status = auth_generic_client_start_by_sasl(auth_generic_state,
sasl_list);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
rc = LDAP_SASL_BIND_IN_PROGRESS;
nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
//.........这里部分代码省略.........
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:sasl.c
示例15: ads_do_search_retry
/*
a wrapper around ldap_search_s that retries depending on the error code
this is supposed to catch dropped connections and auto-reconnect
*/
ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope,
const char *expr,
const char **attrs, void **res)
{
ADS_STATUS status;
int count = 3;
char *bp;
*res = NULL;
if (!ads->ld &&
time(NULL) - ads->last_attempt < ADS_RECONNECT_TIME) {
return ADS_ERROR(LDAP_SERVER_DOWN);
}
bp = strdup(bind_path);
if (!bp) {
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
while (count--) {
*res = NULL;
status = ads_do_search_all(ads, bp, scope, expr, attrs, res);
if (ADS_ERR_OK(status)) {
DEBUG(5,("Search for %s gave %d replies\n",
expr, ads_count_replies(ads, *res)));
SAFE_FREE(bp);
return status;
}
if (*res)
ads_msgfree(ads, *res);
*res = NULL;
DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
ads->config.realm, ads_errstr(status)));
if (ads->ld) {
ldap_unbind(ads->ld);
}
ads->ld = NULL;
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
ads_destroy(&ads);
SAFE_FREE(bp);
return status;
}
}
SAFE_FREE(bp);
if (!ADS_ERR_OK(status))
DEBUG(1,("ads reopen failed after error %s\n",
ads_errstr(status)));
return status;
}
开发者ID:Nymphetaminer,项目名称:dsl-n55u,代码行数:65,代码来源:ldap_utils.c
示例16: bind
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob_null;
DATA_BLOB blob = data_blob_null;
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
int turn = 1;
struct auth_generic_state *auth_generic_state;
nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_username(auth_generic_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_domain(auth_generic_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_password(auth_generic_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
switch (ads->ldap.wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
} else {
/*
* windows servers are broken with sign only,
* so we need to use seal here too
*/
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
nt_status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
blob_in = data_blob_null;
do {
nt_status = gensec_update(auth_generic_state->gensec_security,
talloc_tos(), NULL, blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
/* and wrap it in a SPNEGO wrapper */
msg1 = spnego_gen_negTokenInit(talloc_tos(),
OIDs_ntlm, &blob_out, NULL);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(talloc_tos(), blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
TALLOC_FREE(auth_generic_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob_null;
}
//.........这里部分代码省略.........
开发者ID:AIdrifter,项目名称:samba,代码行数:101,代码来源:sasl.c
示例17: ads_sasl_spnego_bind
/*
this performs a SASL/SPNEGO bind
*/
static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
{
struct berval *scred=NULL;
int rc, i;
ADS_STATUS status;
DATA_BLOB blob;
char *given_principal = NULL;
char *OIDs[ASN1_MAX_OIDS];
#ifdef HAVE_KRB5
bool got_kerberos_mechanism = False;
#endif
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred);
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
status = ADS_ERROR(rc);
goto failed;
}
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
#if 0
file_save("sasl_spnego.dat", blob.data, blob.length);
#endif
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal)) {
data_blob_free(&blob);
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;
}
data_blob_free(&blob);
/* make sure the server understands kerberos */
for (i=0;OIDs[i];i++) {
DEBUG(3,("ads_sasl_spnego_bind: got OID=%s\n", OIDs[i]));
#ifdef HAVE_KRB5
if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
strcmp(OIDs[i], OID_KERBEROS5) == 0) {
got_kerberos_mechanism = True;
}
#endif
talloc_free(OIDs[i]);
}
DEBUG(3,("ads_sasl_spnego_bind: got server principal name = %s\n", given_principal));
#ifdef HAVE_KRB5
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism)
{
struct ads_service_principal p;
status = ads_generate_service_principal(ads, given_principal, &p);
TALLOC_FREE(given_principal);
if (!ADS_ERR_OK(status)) {
return status;
}
status = ads_sasl_spnego_krb5_bind(ads, &p);
if (ADS_ERR_OK(status)) {
ads_free_service_principal(&p);
return status;
}
DEBUG(10,("ads_sasl_spnego_krb5_bind failed with: %s, "
"calling kinit\n", ads_errstr(status)));
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
if (ADS_ERR_OK(status)) {
status = ads_sasl_spnego_krb5_bind(ads, &p);
if (!ADS_ERR_OK(status)) {
DEBUG(0,("kinit succeeded but "
"ads_sasl_spnego_krb5_bind failed: %s\n",
ads_errstr(status)));
}
}
ads_free_service_principal(&p);
/* only fallback to NTLMSSP if allowed */
if (ADS_ERR_OK(status) ||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
return status;
}
} else
#endif
{
TALLOC_FREE(given_principal);
}
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
//.........这里部分代码省略.........
开发者ID:0x24bin,项目名称:winexe-1,代码行数:101,代码来源:sasl.c
示例18: bind
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob_null;
DATA_BLOB blob = data_blob_null;
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
int turn = 1;
uint32 features = 0;
struct ntlmssp_state *ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
switch (ads->ldap.wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
features = NTLMSSP_FEATURE_SIGN;
} else {
/*
* windows servers are broken with sign only,
* so we need to use seal here too
*/
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
ntlmssp_want_feature(ntlmssp_state, features);
blob_in = data_blob_null;
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
ntlmssp_end(&ntlmssp_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob_null;
}
} else {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob_out);
return ADS_ERROR_NT(nt_status);
//.........这里部分代码省略.........
开发者ID:0x24bin,项目名称:winexe-1,代码行数:101,代码来源:sasl.c
示例19: bind
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob(NULL, 0);
DATA_BLOB blob = data_blob(NULL, 0);
DATA_BLOB blob_in = data_blob(NULL, 0);
DATA_BLOB blob_out = data_blob(NULL, 0);
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
int turn = 1;
struct ntlmssp_state *ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
blob_in = data_blob(NULL, 0);
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
ntlmssp_end(&ntlmssp_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob(NULL, 0);
}
} else {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob_out);
return ADS_ERROR_NT(nt_status);
}
if ((turn == 1) &&
(rc == LDAP_SASL_BIND_IN_PROGRESS)) {
DATA_BLOB tmp_blob = data_blob(NULL, 0);
/* the server might give us back two challenges */
if (!spnego_parse_challenge(blob, &blob_in,
&tmp_blob)) {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse challenges\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
data_blob_free(&tmp_blob);
} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
if (!spnego_parse_auth_response(blob, nt_status,
&blob_in)) {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse auth response\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
//.........这里部分代码省略.........
开发者ID:AllardJ,项目名称:Tomato,代码行数:101,代码来源:sasl.c
示例20: ads_do_search_retry_internal
/*
a wrapper around ldap_search_s that retries depending on the error code
this is supposed to catch dropped connections and auto-reconnect
*/
static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope,
const char *expr,
const char **attrs, void *args,
LDAPMessage **res)
{
ADS_STATUS status = ADS_SUCCESS;
int count = 3;
char *bp;
*res = NULL;
if (!ads->ldap.ld &&
time_mono(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) {
return ADS_ERROR(LDAP_SERVER_DOWN);
}
bp = SMB_STRDUP(bind_path);
if (!bp) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
*res = NULL;
/* when binding anonymously, we cannot use the paged search LDAP
* control - Guenther */
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
status = ads_do_search(ads, bp, scope, expr, attrs, res);
} else {
status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
}
if (ADS_ERR_OK(status)) {
DEBUG(5,("Search for %s in <%s> gave %d replies\n",
expr, bp, ads_count_replies(ads, *res)));
SAFE_FREE(bp);
return status;
}
while (--count) {
if (NT_STATUS_EQUAL(ads_ntstatus(status), NT_STATUS_IO_TIMEOUT) && ads->config.ldap_page_size >= 250) {
int new_page_size = (ads->config.ldap_page_size / 2);
DEBUG(1, ("Reducing LDAP page size from %d to %d due to IO_TIMEOUT\n",
ads->config.ldap_page_size, new_page_size));
ads->config.ldap_page_size = new_page_size;
}
if (*res)
ads_msgfree(ads, *res);
*res = NULL;
DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
ads->config.realm, ads_errstr(status)));
ads_disconnect(ads);
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
ads_destroy(&ads);
SAFE_FREE(bp);
return status;
}
*res = NULL;
/* when binding anonymously, we cannot use the paged search LDAP
* control - Guenther */
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
status = ads_do_search(ads, bp, scope, expr, attrs, res);
} else {
status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
}
if (ADS_ERR_OK(status)) {
DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
expr, bp, ads_count_replies(ads, *res)));
SAFE_FREE(bp);
return status;
}
}
SAFE_FREE(bp);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads reopen failed after error %s\n",
ads_errstr(status)));
}
return status;
}
开发者ID:Distrotech,项目名称:samba,代码行数:96,代码来源:ldap_utils.c
注:本文中的ADS_ERROR函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论