/* [<][>][^][v][top][bottom][index][help] */
1 /*
2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
4 Copyright (C) Gerald Carter 2001-2003
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 */
20
21 #ifndef _SMBLDAP_H
22 #define _SMBLDAP_H
23
24 struct smbldap_state;
25
26 #ifdef HAVE_LDAP
27
28 /* specify schema versions between 2.2. and 3.0 */
29
30 #define SCHEMAVER_SAMBAACCOUNT 1
31 #define SCHEMAVER_SAMBASAMACCOUNT 2
32
33 /* objectclass names */
34
35 #define LDAP_OBJ_SAMBASAMACCOUNT "sambaSamAccount"
36 #define LDAP_OBJ_SAMBAACCOUNT "sambaAccount"
37 #define LDAP_OBJ_GROUPMAP "sambaGroupMapping"
38 #define LDAP_OBJ_DOMINFO "sambaDomain"
39 #define LDAP_OBJ_IDPOOL "sambaUnixIdPool"
40 #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry"
41 #define LDAP_OBJ_SID_ENTRY "sambaSidEntry"
42 #define LDAP_OBJ_TRUST_PASSWORD "sambaTrustPassword"
43 #define LDAP_OBJ_TRUSTDOM_PASSWORD "sambaTrustedDomainPassword"
44
45 #define LDAP_OBJ_ACCOUNT "account"
46 #define LDAP_OBJ_POSIXACCOUNT "posixAccount"
47 #define LDAP_OBJ_POSIXGROUP "posixGroup"
48 #define LDAP_OBJ_OU "organizationalUnit"
49 #define LDAP_OBJ_NAMEDOBJECT "namedObject" /* structual objectclass (for SUSE)*/
50 #define LDAP_OBJ_GROUPOFNAMES "groupOfNames" /* structual objectclass */
51
52 /* some generic attributes that get reused a lot */
53
54 #define LDAP_ATTRIBUTE_SID "sambaSID"
55 #define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber"
56 #define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber"
57 #define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList"
58
59 /* attribute map table indexes */
60
61 #define LDAP_ATTR_LIST_END 0
62 #define LDAP_ATTR_UID 1
63 #define LDAP_ATTR_UIDNUMBER 2
64 #define LDAP_ATTR_GIDNUMBER 3
65 #define LDAP_ATTR_UNIX_HOME 4
66 #define LDAP_ATTR_PWD_LAST_SET 5
67 #define LDAP_ATTR_PWD_CAN_CHANGE 6
68 #define LDAP_ATTR_PWD_MUST_CHANGE 7
69 #define LDAP_ATTR_LOGON_TIME 8
70 #define LDAP_ATTR_LOGOFF_TIME 9
71 #define LDAP_ATTR_KICKOFF_TIME 10
72 #define LDAP_ATTR_CN 11
73 #define LDAP_ATTR_DISPLAY_NAME 12
74 #define LDAP_ATTR_HOME_PATH 13
75 #define LDAP_ATTR_LOGON_SCRIPT 14
76 #define LDAP_ATTR_PROFILE_PATH 15
77 #define LDAP_ATTR_DESC 16
78 #define LDAP_ATTR_USER_WKS 17
79 #define LDAP_ATTR_USER_SID 18
80 #define LDAP_ATTR_USER_RID 18
81 #define LDAP_ATTR_PRIMARY_GROUP_SID 19
82 #define LDAP_ATTR_PRIMARY_GROUP_RID 20
83 #define LDAP_ATTR_LMPW 21
84 #define LDAP_ATTR_NTPW 22
85 #define LDAP_ATTR_DOMAIN 23
86 #define LDAP_ATTR_OBJCLASS 24
87 #define LDAP_ATTR_ACB_INFO 25
88 #define LDAP_ATTR_NEXT_USERRID 26
89 #define LDAP_ATTR_NEXT_GROUPRID 27
90 #define LDAP_ATTR_DOM_SID 28
91 #define LDAP_ATTR_HOME_DRIVE 29
92 #define LDAP_ATTR_GROUP_SID 30
93 #define LDAP_ATTR_GROUP_TYPE 31
94 #define LDAP_ATTR_SID 32
95 #define LDAP_ATTR_ALGORITHMIC_RID_BASE 33
96 #define LDAP_ATTR_NEXT_RID 34
97 #define LDAP_ATTR_BAD_PASSWORD_COUNT 35
98 #define LDAP_ATTR_LOGON_COUNT 36
99 #define LDAP_ATTR_MUNGED_DIAL 37
100 #define LDAP_ATTR_BAD_PASSWORD_TIME 38
101 #define LDAP_ATTR_PWD_HISTORY 39
102 #define LDAP_ATTR_SID_LIST 40
103 #define LDAP_ATTR_MOD_TIMESTAMP 41
104 #define LDAP_ATTR_LOGON_HOURS 42
105 #define LDAP_ATTR_TRUST_PASSWD_FLAGS 43
106 #define LDAP_ATTR_SN 44
107
108
109 typedef struct _attrib_map_entry {
110 int attrib;
111 const char *name;
112 } ATTRIB_MAP_ENTRY;
113
114
115 /* structures */
116
117 extern ATTRIB_MAP_ENTRY attrib_map_v22[];
118 extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v22[];
119 extern ATTRIB_MAP_ENTRY attrib_map_v30[];
120 extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[];
121 extern ATTRIB_MAP_ENTRY dominfo_attr_list[];
122 extern ATTRIB_MAP_ENTRY groupmap_attr_list[];
123 extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[];
124 extern ATTRIB_MAP_ENTRY idpool_attr_list[];
125 extern ATTRIB_MAP_ENTRY sidmap_attr_list[];
126 extern ATTRIB_MAP_ENTRY trustpw_attr_list[];
127
128
129 /* Function declarations -- not included in proto.h so we don't
130 have to worry about LDAP structure types */
131
132 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
133 struct event_context *event_ctx,
134 const char *location,
135 struct smbldap_state **smbldap_state);
136
137 const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key );
138 const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] );
139 void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
140 void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
141 LDAPMod ***mods,
142 const char *attribute, const char *newval);
143 bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
144 const char *attribute, char *value,
145 int max_len);
146 int smbldap_modify(struct smbldap_state *ldap_state,
147 const char *dn,
148 LDAPMod *attrs[]);
149
150 /**
151 * Struct to keep the state for all the ldap stuff
152 *
153 */
154
155 struct smbldap_state {
156 LDAP *ldap_struct;
157 pid_t pid;
158 time_t last_ping;
159 /* retrive-once info */
160 const char *uri;
161
162 /* credentials */
163 bool anonymous;
164 char *bind_dn;
165 char *bind_secret;
166
167 bool paged_results;
168
169 unsigned int num_failures;
170
171 time_t last_use;
172 struct event_context *event_context;
173 struct timed_event *idle_event;
174
175 struct timeval last_rebind;
176 };
177
178 /* struct used by both pdb_ldap.c and pdb_nds.c */
179
180 struct ldapsam_privates {
181 struct smbldap_state *smbldap_state;
182
183 /* Former statics */
184 LDAPMessage *result;
185 LDAPMessage *entry;
186 int index;
187
188 const char *domain_name;
189 DOM_SID domain_sid;
190
191 /* configuration items */
192 int schema_ver;
193
194 char *domain_dn;
195
196 /* Is this NDS ldap? */
197 int is_nds_ldap;
198
199 /* ldap server location parameter */
200 char *location;
201 };
202
203 /* Functions shared between pdb_ldap.c and pdb_nds.c. */
204 NTSTATUS pdb_init_ldapsam_compat( struct pdb_methods **pdb_method, const char *location);
205 void private_data_free_fn(void **result);
206 int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
207 const char *user,
208 LDAPMessage ** result,
209 const char **attr);
210 NTSTATUS pdb_init_ldapsam( struct pdb_methods **pdb_method, const char *location);
211 const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver );
212
213 char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
214 const char *attribute,
215 TALLOC_CTX *mem_ctx);
216 char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
217 const char *attribute,
218 TALLOC_CTX *mem_ctx);
219 void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result);
220 void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod);
221 char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
222 LDAPMessage *entry);
223
224
225 #else
226 #define LDAP void
227 #define LDAPMod void
228 #define LDAP_CONST const
229 #define LDAPControl void
230 struct berval;
231 struct ldapsam_privates;
232 #endif /* HAVE_LDAP */
233
234 #define LDAP_DEFAULT_TIMEOUT 15
235 #define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
236 #define LDAP_PAGE_SIZE 1024
237
238 #endif /* _SMBLDAP_H */