From: Günther Deschner <gd@samba.org>
Date: Wed, 19 Jan 2005 09:58:29 +0000 (+0000)
Subject: r4840: * Add more generic root-dse inspection function to check for given
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5399
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ced58bd8849cdef78513674dff1b1ec331945aa9;p=thirdparty%2Fsamba.git

r4840: * Add more generic root-dse inspection function to check for given
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).

Guenther
---

diff --git a/source/include/smbldap.h b/source/include/smbldap.h
index d980d082803..adb51430dc6 100644
--- a/source/include/smbldap.h
+++ b/source/include/smbldap.h
@@ -145,6 +145,7 @@ struct smbldap_state {
 	const char *uri;
 	char *bind_dn;
 	char *bind_secret;
+	BOOL paged_results;
 
 	unsigned int num_failures;
 
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 518bafcc74c..7908bc254da 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -806,6 +806,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
 	int rc;
 	char *ldap_dn;
 	char *ldap_secret;
+	int version;
 
 	/* get the password */
 	if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) {
@@ -855,7 +856,14 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
 
 	ldap_state->num_failures = 0;
 
+	ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+	if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) {
+		ldap_state->paged_results = True;
+	}
+
 	DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+	DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not"));
 	return rc;
 }
 
@@ -1431,3 +1439,96 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
 	return unix_dn;
 }
 
+/*******************************************************************
+ Check if root-dse has a certain Control or Extension
+********************************************************************/
+
+static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value) 
+{
+	LDAPMessage *msg = NULL;
+	LDAPMessage *entry = NULL;
+	char **values = NULL;
+	int rc, num_result, num_values, i;
+	BOOL result = False;
+
+	if (!attrs[0]) {
+		DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
+		return False;
+	}
+
+	if (!strequal(attrs[0], "supportedExtension") && 
+	    !strequal(attrs[0], "supportedControl")) {
+		DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
+		return False;
+	}
+
+	rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, 
+			   "(objectclass=*)", attrs, 0 , &msg);
+
+	if (rc != LDAP_SUCCESS) {
+		DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
+		return False;
+	}
+
+	num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
+
+	if (num_result != 1) {
+		DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
+		goto done;
+	}
+
+	entry = ldap_first_entry(ldap_state->ldap_struct, msg);
+
+	if (entry == NULL) {
+		DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
+		goto done;
+	}
+
+	values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]);
+
+	if (values == NULL) {
+		DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
+		goto done;
+	}
+
+	num_values = ldap_count_values(values);
+
+	if (num_values == 0) {
+		DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
+		goto done;
+	}
+
+	for (i=0; i<num_values; i++) {
+		if (strcmp(values[i], value) == 0)
+			result = True;
+	}
+
+
+ done:
+	if (values != NULL)
+		ldap_value_free(values);
+	if (msg != NULL)
+		ldap_msgfree(msg);
+
+	return result;
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Control (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_control(struct smbldap_state *ldap_state, const char *control)
+{
+	const char *attrs[] = { "supportedControl", NULL };
+	return smbldap_check_root_dse(ldap_state, attrs, control);
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Extension (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extension)
+{
+	const char *attrs[] = { "supportedExtension", NULL };
+	return smbldap_check_root_dse(ldap_state, attrs, extension);
+}
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 6c1d64abce8..ee0cb260e8b 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -782,8 +782,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 	pdb_set_hours_len(sampass, hours_len, PDB_SET);
 	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
 
-/*	pdb_set_munged_dial(sampass, munged_dial, PDB_SET); */
-	
 	if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
 			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
 			/* leave as default */
@@ -1409,62 +1407,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
 
 static BOOL ldapsam_can_pwchange_exop(struct smbldap_state *ldap_state)
 {
-	LDAPMessage *msg = NULL;
-	LDAPMessage *entry = NULL;
-	char **values = NULL;
-	char *attrs[] = { "supportedExtension", NULL };
-	int rc, num_result, num_values, i;
-	BOOL result = False;
-
-	rc = smbldap_search(ldap_state, "", LDAP_SCOPE_BASE, "(objectclass=*)",
-			    attrs, 0, &msg);
-
-	if (rc != LDAP_SUCCESS) {
-		DEBUG(3, ("Could not search rootDSE\n"));
-		return False;
-	}
-
-	num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
-
-	if (num_result != 1) {
-		DEBUG(3, ("Expected one rootDSE, got %d\n", num_result));
-		goto done;
-	}
-
-	entry = ldap_first_entry(ldap_state->ldap_struct, msg);
-
-	if (entry == NULL) {
-		DEBUG(3, ("Could not retrieve rootDSE\n"));
-		goto done;
-	}
-
-	values = ldap_get_values(ldap_state->ldap_struct, entry,
-				 "supportedExtension");
-
-	if (values == NULL) {
-		DEBUG(9, ("LDAP Server does not support any extensions\n"));
-		goto done;
-	}
-
-	num_values = ldap_count_values(values);
-
-	if (num_values == 0) {
-		DEBUG(9, ("LDAP Server does not support any extensions\n"));
-		goto done;
-	}
-
-	for (i=0; i<num_values; i++) {
-		if (strcmp(values[i], LDAP_EXOP_MODIFY_PASSWD) == 0)
-			result = True;
-	}
-
- done:
-	if (values != NULL)
-		ldap_value_free(values);
-	if (msg != NULL)
-		ldap_msgfree(msg);
-
-	return result;
+	return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD);
 }
 
 /********************************************************************