本文整理汇总了C++中ADS_ERROR_NT函数的典型用法代码示例。如果您正苦于以下问题:C++ ADS_ERROR_NT函数的具体用法?C++ ADS_ERROR_NT怎么用?C++ ADS_ERROR_NT使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ADS_ERROR_NT函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: ads_sasl_gensec_wrap
static ADS_STATUS ads_sasl_gensec_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t len)
{
struct gensec_security *gensec_security =
talloc_get_type_abort(ads->ldap.wrap_private_data,
struct gensec_security);
NTSTATUS nt_status;
DATA_BLOB unwrapped, wrapped;
TALLOC_CTX *frame = talloc_stackframe();
unwrapped = data_blob_const(buf, len);
nt_status = gensec_wrap(gensec_security, frame, &unwrapped, &wrapped);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(frame);
return ADS_ERROR_NT(nt_status);
}
if ((ads->ldap.out.size - 4) < wrapped.length) {
TALLOC_FREE(frame);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
memcpy(ads->ldap.out.buf + 4, wrapped.data, wrapped.length);
/* set how many bytes must be written to the underlying socket */
ads->ldap.out.left = 4 + wrapped.length;
TALLOC_FREE(frame);
return ADS_SUCCESS;
}
开发者ID:encukou,项目名称:samba,代码行数:32,代码来源:sasl.c
示例2: ads_sasl_ntlmssp_unwrap
static ADS_STATUS ads_sasl_ntlmssp_unwrap(ADS_STRUCT *ads)
{
struct gensec_security *gensec_security =
talloc_get_type_abort(ads->ldap.wrap_private_data,
struct gensec_security);
NTSTATUS nt_status;
DATA_BLOB unwrapped, wrapped;
TALLOC_CTX *frame = talloc_stackframe();
wrapped = data_blob_const(ads->ldap.in.buf + 4, ads->ldap.in.ofs - 4);
nt_status = gensec_unwrap(gensec_security, frame, &wrapped, &unwrapped);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(frame);
return ADS_ERROR_NT(nt_status);
}
if (wrapped.length < unwrapped.length) {
TALLOC_FREE(frame);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
memcpy(ads->ldap.in.buf + 4, unwrapped.data, unwrapped.length);
/* set how many bytes must be written to the underlying socket */
ads->ldap.in.left = unwrapped.length;
ads->ldap.in.ofs = 4;
TALLOC_FREE(frame);
return ADS_SUCCESS;
}
开发者ID:rchicoli,项目名称:samba,代码行数:33,代码来源:sasl.c
示例3: gpo_process_a_gpo
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid_filter,
uint32_t flags)
{
struct GP_EXT *gp_ext = NULL;
int i;
DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
gpo->name, gpo->display_name));
if (extension_guid_filter) {
DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)\n",
extension_guid_filter,
cse_gpo_guid_string_to_name(extension_guid_filter)));
}
if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) {
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
if (!gp_ext || !gp_ext->num_exts) {
if (flags & GPO_INFO_FLAG_VERBOSE) {
DEBUG(0,("gpo_process_a_gpo: "
"no policies in %s (%s) for this extension\n",
gpo->name, gpo->display_name));
}
return ADS_SUCCESS;
}
for (i=0; i<gp_ext->num_exts; i++) {
NTSTATUS ntstatus;
if (extension_guid_filter &&
!strequal(extension_guid_filter,
gp_ext->extensions_guid[i])) {
continue;
}
ntstatus = gpext_process_extension(ads, mem_ctx,
flags, token, root_key, gpo,
gp_ext->extensions_guid[i],
gp_ext->snapins_guid[i]);
if (!NT_STATUS_IS_OK(ntstatus)) {
ADS_ERROR_NT(ntstatus);
}
}
return ADS_SUCCESS;
}
开发者ID:Arkhont,项目名称:samba,代码行数:53,代码来源:gpo_util.c
示例4: ads_sasl_ntlmssp_unwrap
static ADS_STATUS ads_sasl_ntlmssp_unwrap(ADS_STRUCT *ads)
{
struct ntlmssp_state *ntlmssp_state =
(struct ntlmssp_state *)ads->ldap.wrap_private_data;
ADS_STATUS status;
NTSTATUS nt_status;
DATA_BLOB sig;
uint8 *dptr = ads->ldap.in.buf + (4 + NTLMSSP_SIG_SIZE);
uint32 dlen = ads->ldap.in.ofs - (4 + NTLMSSP_SIG_SIZE);
/* wrap the signature into a DATA_BLOB */
sig = data_blob_const(ads->ldap.in.buf + 4, NTLMSSP_SIG_SIZE);
/* verify the signature and maybe decrypt the data */
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
nt_status = ntlmssp_unseal_packet(ntlmssp_state,
dptr, dlen,
dptr, dlen,
&sig);
} else {
nt_status = ntlmssp_check_packet(ntlmssp_state,
dptr, dlen,
dptr, dlen,
&sig);
}
status = ADS_ERROR_NT(nt_status);
if (!ADS_ERR_OK(status)) return status;
/* set the amount of bytes for the upper layer and set the ofs to the data */
ads->ldap.in.left = dlen;
ads->ldap.in.ofs = 4 + NTLMSSP_SIG_SIZE;
return ADS_SUCCESS;
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:34,代码来源:sasl.c
示例5: ads_sasl_spnego_rawkrb5_bind
/*
perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob = data_blob_null;
struct berval cred, *scred = NULL;
DATA_BLOB session_key = data_blob_null;
int rc;
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0,
&ads->auth.tgs_expire);
if (rc) {
return ADS_ERROR_KRB5(rc);
}
/* now send the auth packet and we should be done */
cred.bv_val = (char *)blob.data;
cred.bv_len = blob.length;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&blob);
data_blob_free(&session_key);
if(scred)
ber_bvfree(scred);
return ADS_ERROR(rc);
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:34,代码来源:sasl.c
示例6: ads_connect
static ADS_STATUS ads_connect(ADS_STRUCT *ads)
{
struct libnet_LookupDCs *io;
char *url;
io = talloc_zero(ads, struct libnet_LookupDCs);
/* We are looking for the PDC of the active domain. */
io->in.name_type = NBT_NAME_PDC;
io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx);
libnet_LookupDCs(ads->netctx, ads, io);
url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0].name);
ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx,
url, NULL, ads->netctx->cred, 0);
if (ads->ldbctx == NULL) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
return ADS_ERROR_NT(NT_STATUS_OK);
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:21,代码来源:ads_convenience.c
示例7: ads_sasl_gssapi_wrap
static ADS_STATUS ads_sasl_gssapi_wrap(struct ads_saslwrap *wrap, uint8_t *buf, uint32_t len)
{
gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;
ADS_STATUS status;
int gss_rc;
uint32_t minor_status;
gss_buffer_desc unwrapped, wrapped;
int conf_req_flag, conf_state;
unwrapped.value = buf;
unwrapped.length = len;
/* for now request sign and seal */
conf_req_flag = (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL);
gss_rc = gss_wrap(&minor_status, context_handle,
conf_req_flag, GSS_C_QOP_DEFAULT,
&unwrapped, &conf_state,
&wrapped);
status = ADS_ERROR_GSS(gss_rc, minor_status);
if (!ADS_ERR_OK(status)) return status;
if (conf_req_flag && conf_state == 0) {
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
if ((wrap->out.size - 4) < wrapped.length) {
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
memcpy(wrap->out.buf + 4, wrapped.value, wrapped.length);
/* set how many bytes must be written to the underlying socket */
wrap->out.left = 4 + wrapped.length;
gss_release_buffer(&minor_status, &wrapped);
return ADS_SUCCESS;
}
开发者ID:Alexander--,项目名称:samba,代码行数:40,代码来源:sasl.c
示例8: ads_sasl_gssapi_unwrap
static ADS_STATUS ads_sasl_gssapi_unwrap(struct ads_saslwrap *wrap)
{
gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;
ADS_STATUS status;
int gss_rc;
uint32_t minor_status;
gss_buffer_desc unwrapped, wrapped;
int conf_state;
wrapped.value = wrap->in.buf + 4;
wrapped.length = wrap->in.ofs - 4;
gss_rc = gss_unwrap(&minor_status, context_handle,
&wrapped, &unwrapped,
&conf_state, GSS_C_QOP_DEFAULT);
status = ADS_ERROR_GSS(gss_rc, minor_status);
if (!ADS_ERR_OK(status)) return status;
if (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL && conf_state == 0) {
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
if (wrapped.length < unwrapped.length) {
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
memcpy(wrap->in.buf + 4, unwrapped.value, unwrapped.length);
/* set how many bytes must be written to the underlying socket */
wrap->in.left = unwrapped.length;
wrap->in.ofs = 4;
gss_release_buffer(&minor_status, &unwrapped);
return ADS_SUCCESS;
}
开发者ID:Alexander--,项目名称:samba,代码行数:37,代码来源:sasl.c
示例9: gp_get_machine_token
ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *dn,
struct security_token **token)
{
struct security_token *ad_token = NULL;
ADS_STATUS status;
NTSTATUS ntstatus;
#ifndef HAVE_ADS
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
#endif
status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token);
if (!ADS_ERR_OK(status)) {
return status;
}
ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
token);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ADS_ERROR_NT(ntstatus);
}
return ADS_SUCCESS;
}
开发者ID:Arkhont,项目名称:samba,代码行数:24,代码来源:gpo_util.c
示例10: ads_sasl_ntlmssp_wrap
static ADS_STATUS ads_sasl_ntlmssp_wrap(ADS_STRUCT *ads, uint8 *buf, uint32 len)
{
struct ntlmssp_state *ntlmssp_state =
(struct ntlmssp_state *)ads->ldap.wrap_private_data;
ADS_STATUS status;
NTSTATUS nt_status;
DATA_BLOB sig;
TALLOC_CTX *frame;
uint8 *dptr = ads->ldap.out.buf + (4 + NTLMSSP_SIG_SIZE);
frame = talloc_stackframe();
/* copy the data to the right location */
memcpy(dptr, buf, len);
/* create the signature and may encrypt the data */
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
nt_status = ntlmssp_seal_packet(ntlmssp_state,
frame,
dptr, len,
dptr, len,
&sig);
} else {
nt_status = ntlmssp_sign_packet(ntlmssp_state,
frame,
dptr, len,
dptr, len,
&sig);
}
status = ADS_ERROR_NT(nt_status);
if (!ADS_ERR_OK(status)) return status;
/* copy the signature to the right location */
memcpy(ads->ldap.out.buf + 4,
sig.data, NTLMSSP_SIG_SIZE);
TALLOC_FREE(frame);
/* set how many bytes must be written to the underlying socket */
ads->ldap.out.left = 4 + NTLMSSP_SIG_SIZE + len;
return ADS_SUCCESS;
}
开发者ID:Arkhont,项目名称:samba,代码行数:42,代码来源:sasl.c
示例11: ads_set_machine_password
/**
* Set the machine account password
* @param ads connection to ads server
* @param hostname machine whose password is being set
* @param password new password
* @return status of password change
**/
ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
const char *machine_account,
const char *password)
{
ADS_STATUS status;
char *principal = NULL;
/*
we need to use the '$' form of the name here (the machine account name),
as otherwise the server might end up setting the password for a user
instead
*/
if (asprintf(&principal, "%[email protected]%s", machine_account, ads->config.realm) < 0) {
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
status = ads_krb5_set_password(ads->auth.kdc_server, principal,
password, ads->auth.time_offset);
SAFE_FREE(principal);
return status;
}
开发者ID:Alexandr-Galko,项目名称:samba,代码行数:29,代码来源:kerberos_util.c
示例12: ads_search_retry_extended_dn_ranged
ADS_STATUS ads_search_retry_extended_dn_ranged(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
const char *dn,
const char **attrs,
enum ads_extended_dn_flags flags,
char ***strings,
size_t *num_strings)
{
ads_control args;
args.control = ADS_EXTENDED_DN_OID;
args.val = flags;
args.critical = True;
/* we can only range process one attribute */
if (!attrs || !attrs[0] || attrs[1]) {
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
return ads_ranged_search(ads, mem_ctx, LDAP_SCOPE_BASE, dn,
"(objectclass=*)", &args, attrs[0],
strings, num_strings);
}
开发者ID:Distrotech,项目名称:samba,代码行数:23,代码来源:ldap_utils.c
示例13: bind
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob_null;
DATA_BLOB blob = data_blob_null;
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
int turn = 1;
uint32 features = 0;
struct ntlmssp_state *ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
switch (ads->ldap.wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
features = NTLMSSP_FEATURE_SIGN;
} else {
/*
* windows servers are broken with sign only,
* so we need to use seal here too
*/
features = NTLMSSP_FEATURE_SIGN | NTLMSSP_FEATURE_SEAL;
ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_SEAL;
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
ntlmssp_want_feature(ntlmssp_state, features);
blob_in = data_blob_null;
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
ntlmssp_end(&ntlmssp_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob_null;
}
} else {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob_out);
return ADS_ERROR_NT(nt_status);
//.........这里部分代码省略.........
开发者ID:0x24bin,项目名称:winexe-1,代码行数:101,代码来源:sasl.c
示例14: bind
/*
perform a LDAP/SASL/SPNEGO/{NTLMSSP,KRB5} bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
const char *sasl,
enum credentials_use_kerberos krb5_state,
const char *target_service,
const char *target_hostname,
const DATA_BLOB server_blob)
{
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
struct auth_generic_state *auth_generic_state;
bool use_spnego_principal = lp_client_use_spnego_principal();
const char *sasl_list[] = { sasl, NULL };
nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_username(auth_generic_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_domain(auth_generic_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_password(auth_generic_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
if (server_blob.length == 0) {
use_spnego_principal = false;
}
if (krb5_state == CRED_DONT_USE_KERBEROS) {
use_spnego_principal = false;
}
cli_credentials_set_kerberos_state(auth_generic_state->credentials,
krb5_state);
if (target_service != NULL) {
nt_status = gensec_set_target_service(
auth_generic_state->gensec_security,
target_service);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_hostname != NULL) {
nt_status = gensec_set_target_hostname(
auth_generic_state->gensec_security,
target_hostname);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_service != NULL && target_hostname != NULL) {
use_spnego_principal = false;
}
switch (ads->ldap.wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
} else {
/*
* windows servers are broken with sign only,
* so we let the NTLMSSP backend to seal here,
* via GENSEC_FEATURE_LDAP_STYLE.
*/
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_LDAP_STYLE);
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
nt_status = auth_generic_client_start_by_sasl(auth_generic_state,
sasl_list);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
rc = LDAP_SASL_BIND_IN_PROGRESS;
nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
if (use_spnego_principal) {
blob_in = data_blob_dup_talloc(talloc_tos(), server_blob);
//.........这里部分代码省略.........
开发者ID:DanilKorotenko,项目名称:samba,代码行数:101,代码来源:sasl.c
示例15: cell_do_search
ADS_STATUS cell_do_search(struct likewise_cell *c,
const char *search_base,
int scope,
const char *expr,
const char **attrs,
LDAPMessage ** msg)
{
int search_count = 0;
ADS_STATUS status;
NTSTATUS nt_status;
/* check for a NULL connection */
if (!c->conn) {
nt_status = cell_connect(c);
if (!NT_STATUS_IS_OK(nt_status)) {
status = ADS_ERROR_NT(nt_status);
return status;
}
}
DEBUG(10, ("cell_do_search: Base = %s, Filter = %s, Scope = %d, GC = %s\n",
search_base, expr, scope,
c->conn->server.gc ? "yes" : "no"));
/* we try multiple times in case the ADS_STRUCT is bad
and we need to reconnect */
while (search_count < MAX_SEARCH_COUNT) {
*msg = NULL;
status = ads_do_search(c->conn, search_base,
scope, expr, attrs, msg);
if (ADS_ERR_OK(status)) {
if (DEBUGLEVEL >= 10) {
LDAPMessage *e = NULL;
int n = ads_count_replies(c->conn, *msg);
DEBUG(10,("cell_do_search: Located %d entries\n", n));
for (e=ads_first_entry(c->conn, *msg);
e!=NULL;
e = ads_next_entry(c->conn, e))
{
char *dn = ads_get_dn(c->conn, talloc_tos(), e);
DEBUGADD(10,(" dn: %s\n", dn ? dn : "<NULL>"));
TALLOC_FREE(dn);
}
}
return status;
}
DEBUG(5, ("cell_do_search: search[%d] failed (%s)\n",
search_count, ads_errstr(status)));
search_count++;
/* Houston, we have a problem */
if (status.error_type == ENUM_ADS_ERROR_LDAP) {
switch (status.err.rc) {
case LDAP_TIMELIMIT_EXCEEDED:
case LDAP_TIMEOUT:
case -1: /* we get this error if we cannot contact
the LDAP server */
nt_status = cell_connect(c);
if (!NT_STATUS_IS_OK(nt_status)) {
status = ADS_ERROR_NT(nt_status);
return status;
}
break;
default:
/* we're all done here */
return status;
}
}
}
DEBUG(5, ("cell_do_search: exceeded maximum search count!\n"));
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
开发者ID:Arkhont,项目名称:samba,代码行数:85,代码来源:likewise_cell.c
示例16: ads_sid_to_dn
ADS_STATUS ads_sid_to_dn(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const DOM_SID *sid,
char **dn)
{
ADS_STATUS rc;
LDAPMessage *msg = NULL;
LDAPMessage *entry = NULL;
char *ldap_exp;
char *sidstr = NULL;
int count;
char *dn2 = NULL;
const char *attr[] = {
"dn",
NULL
};
if (!(sidstr = sid_binstring(sid))) {
DEBUG(1,("ads_sid_to_dn: sid_binstring failed!\n"));
rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
if(!(ldap_exp = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr))) {
DEBUG(1,("ads_sid_to_dn: talloc_asprintf failed!\n"));
rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
rc = ads_search_retry(ads, (void **)&msg, ldap_exp, attr);
if (!ADS_ERR_OK(rc)) {
DEBUG(1,("ads_sid_to_dn ads_search: %s\n", ads_errstr(rc)));
goto done;
}
if ((count = ads_count_replies(ads, msg)) != 1) {
fstring sid_string;
DEBUG(1,("ads_sid_to_dn (sid=%s): Not found (count=%d)\n",
sid_to_string(sid_string, sid), count));
rc = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
goto done;
}
entry = ads_first_entry(ads, msg);
dn2 = ads_get_dn(ads, entry);
if (!dn2) {
rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
*dn = talloc_strdup(mem_ctx, dn2);
if (!*dn) {
ads_memfree(ads, dn2);
rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
rc = ADS_ERROR_NT(NT_STATUS_OK);
DEBUG(3,("ads sid_to_dn mapped %s\n", dn2));
SAFE_FREE(dn2);
done:
if (msg) ads_msgfree(ads, msg);
if (dn2) ads_memfree(ads, dn2);
SAFE_FREE(sidstr);
return rc;
}
开发者ID:Nymphetaminer,项目名称:dsl-n55u,代码行数:75,代码来源:ads_ldap.c
示例17: bind
/*
perform a LDAP/SASL/SPNEGO/NTLMSSP bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
DATA_BLOB msg1 = data_blob(NULL, 0);
DATA_BLOB blob = data_blob(NULL, 0);
DATA_BLOB blob_in = data_blob(NULL, 0);
DATA_BLOB blob_out = data_blob(NULL, 0);
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
int turn = 1;
struct ntlmssp_state *ntlmssp_state;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
blob_in = data_blob(NULL, 0);
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
/* and wrap it in a SPNEGO wrapper */
msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
}
data_blob_free(&blob_out);
cred.bv_val = (char *)msg1.data;
cred.bv_len = msg1.length;
scred = NULL;
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&msg1);
if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
if (scred) {
ber_bvfree(scred);
}
ntlmssp_end(&ntlmssp_state);
return ADS_ERROR(rc);
}
if (scred) {
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
blob = data_blob(NULL, 0);
}
} else {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob_out);
return ADS_ERROR_NT(nt_status);
}
if ((turn == 1) &&
(rc == LDAP_SASL_BIND_IN_PROGRESS)) {
DATA_BLOB tmp_blob = data_blob(NULL, 0);
/* the server might give us back two challenges */
if (!spnego_parse_challenge(blob, &blob_in,
&tmp_blob)) {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse challenges\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
data_blob_free(&tmp_blob);
} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
if (!spnego_parse_auth_response(blob, nt_status,
&blob_in)) {
ntlmssp_end(&ntlmssp_state);
data_blob_free(&blob);
DEBUG(3,("Failed to parse auth response\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
//.........这里部分代码省略.........
开发者ID:AllardJ,项目名称:Tomato,代码行数:101,代码来源:sasl.c
示例18: bind
/*
perform a LDAP/SASL/SPNEGO/{NTLMSSP,KRB5} bind (just how many layers can
we fit on one socket??)
*/
static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
const char *sasl,
enum credentials_use_kerberos krb5_state,
const char *target_service,
const char *target_hostname,
const DATA_BLOB server_blob)
{
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
int rc;
NTSTATUS nt_status;
ADS_STATUS status;
struct auth_generic_state *auth_generic_state;
bool use_spnego_principal = lp_client_use_spnego_principal();
const char *sasl_list[] = { sasl, NULL };
NTTIME end_nt_time;
struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_username(auth_generic_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_domain(auth_generic_state, ads->auth.realm))) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_password(auth_generic_state, ads->auth.password))) {
return ADS_ERROR_NT(nt_status);
}
if (server_blob.length == 0) {
use_spnego_principal = false;
}
if (krb5_state == CRED_DONT_USE_KERBEROS) {
use_spnego_principal = false;
}
cli_credentials_set_kerberos_state(auth_generic_state->credentials,
krb5_state);
if (target_service != NULL) {
nt_status = gensec_set_target_service(
auth_generic_state->gensec_security,
target_service);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_hostname != NULL) {
nt_status = gensec_set_target_hostname(
auth_generic_state->gensec_security,
target_hostname);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
}
if (target_service != NULL && target_hostname != NULL) {
use_spnego_principal = false;
}
switch (wrap->wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
break;
case ADS_SASLWRAP_TYPE_SIGN:
if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
} else {
/*
* windows servers are broken with sign only,
* so we let the NTLMSSP backend to seal here,
* via GENSEC_FEATURE_LDAP_STYLE.
*/
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_LDAP_STYLE);
}
break;
case ADS_SASLWRAP_TYPE_PLAIN:
break;
}
nt_status = auth_generic_client_start_by_sasl(auth_generic_state,
sasl_list);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
rc = LDAP_SASL_BIND_IN_PROGRESS;
nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
//.........这里部分代码省略.........
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:sasl.c
示例19: ads_krb5_chg_password
static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
const char *principal,
const char *oldpw,
const char *newpw,
int time_offset)
{
ADS_STATUS aret;
krb5_error_code ret;
krb5_context context = NULL;
krb5_principal princ;
krb5_get_init_creds_opt opts;
krb5_creds creds;
char *chpw_princ = NULL, *password;
char *realm = NULL;
int result_code;
krb5_data result_code_string = { 0 };
krb5_data result_string = { 0 };
smb_krb5_addresses *addr = NULL;
initialize_krb5_error_table();
ret = krb5_init_context(&context);
if (ret) {
DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
if ((ret = smb_krb5_parse_name(context, principal,
&princ))) {
krb5_free_context(context);
DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
krb5_get_init_creds_opt_init(&opts);
krb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
krb5_get_init_creds_opt_set_renew_life(&opts, 0);
krb5_get_init_creds_opt_set_forwardable(&opts, 0);
krb5_get_init_creds_opt_set_proxiable(&opts, 0);
/* note that heimdal will fill in the local addresses if the addresses
* in the creds_init_opt are all empty and then later fail with invalid
* address, sending our local netbios krb5 address - just like windows
* - avoids this - gd */
ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
if (ret) {
krb5_free_principal(context, princ);
krb5_free_context(context);
return ADS_ERROR_KRB5(ret);
}
krb5_get_init_creds_opt_set_address_list(&opts, addr->addrs);
realm = smb_krb5_principal_get_realm(context, princ);
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/[email protected]%s", realm) == -1) {
krb5_free_context(context);
free(realm);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
free(realm);
password = SMB_STRDUP(oldpw);
ret = krb5_get_init_creds_password(context, &creds, princ, password,
kerb_prompter, NULL,
0, chpw_princ, &opts);
SAFE_FREE(chpw_princ);
SAFE_FREE(password);
if (ret) {
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
DEBUG(1,("Password incorrect while getting initial ticket"));
else
DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
krb5_free_principal(context, princ);
krb5_free_context(context);
return ADS_ERROR_KRB5(ret);
}
ret = krb5_change_password(context,
&creds,
discard_const_p(char, newpw),
&result_code,
&result_code_string,
&result_string);
if (ret) {
DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
aret = ADS_ERROR_KRB5(ret);
goto done;
}
if (result_code != KRB5_KPASSWD_SUCCESS) {
ret = kpasswd_err_to_krb5_err(result_code);
DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
aret = ADS_ERROR_KRB5(ret);
goto done;
}
//.........这里部分代码省略.........
开发者ID:DanilKorotenko,项目名称:samba,代码行数:101,代码来源:krb5_setpw.c
示例20: gpo_process_gpo_list
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid_filter,
uint32_t flags)
{
ADS_STATUS status = ADS_SUCCESS;
struct gp_extension *gp_ext_list = NULL;
struct gp_extension *gp_ext = NULL;
struct registry_key *root_key = NULL;
struct gp_registry_context *reg_ctx = NULL;
#if 0
WERROR werr;
#endif
status = ADS_ERROR_NT(init_gp_extensions(mem_ctx));
if (!ADS_ERR_OK(status)) {
return status;
}
gp_ext_list = get_gp_extension_list();
if (!gp_ext_list) {
return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED);
}
/* FIXME Needs to be replaced with new patchfile_preg calls */
#if 0
/* get the key here */
if (flags & GPO_LIST_FLAG_MACHINE) {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
get_system_token(),
®_ctx);
} else {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
token,
®_ctx);
}
if (!W_ERROR_IS_OK(werr)) {
talloc_free(reg_ctx);
return ADS_ERROR_NT(werror_to_ntstatus(werr));
}
#endif
root_key = reg_ctx->curr_key;
for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) {
const char *guid_str = NULL;
guid_str = GUID_string(mem_ctx, gp_ext->guid);
if (!guid_str) {
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
if (extensions_guid_filter &&
(!strequal(guid_str, extensions_guid_filter))) {
continue;
}
DEBUG(0,("-------------------------------------------------\n"));
DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n",
gp_ext->name, guid_str));
status = gpo_process_gpo_list_by_ext(ads, mem_ctx, token,
root_key, gpo_list,
guid_str, flags);
if (!ADS_ERR_OK(status)) {
goto done;
}
}
done:
talloc_free(reg_ctx);
talloc_free(root_key);
free_gp_extensions();
return status;
}
开发者ID:Arkhont,项目名称:samba,代码行数:79,代码来源:gpo_util.c
注:本文中的ADS_ERROR_NT函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论