line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Samba::LDAP; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
# Returned by Perl::MinimumVersion 0.11 |
4
|
|
|
|
|
|
|
require 5.006; |
5
|
|
|
|
|
|
|
|
6
|
8
|
|
|
8
|
|
338395
|
use warnings; |
|
8
|
|
|
|
|
20
|
|
|
8
|
|
|
|
|
353
|
|
7
|
8
|
|
|
8
|
|
45
|
use strict; |
|
8
|
|
|
|
|
18
|
|
|
8
|
|
|
|
|
355
|
|
8
|
8
|
|
|
8
|
|
47
|
use Carp qw(carp croak); |
|
8
|
|
|
|
|
26
|
|
|
8
|
|
|
|
|
966
|
|
9
|
8
|
|
|
8
|
|
8711
|
use Regexp::DefaultFlags; |
|
8
|
|
|
|
|
39884
|
|
|
8
|
|
|
|
|
46
|
|
10
|
8
|
|
|
8
|
|
21002
|
use Readonly; |
|
8
|
|
|
|
|
56321
|
|
|
8
|
|
|
|
|
670
|
|
11
|
8
|
|
|
8
|
|
10521
|
use Net::LDAP; |
|
8
|
|
|
|
|
2373950
|
|
|
8
|
|
|
|
|
80
|
|
12
|
8
|
|
|
8
|
|
884
|
use base qw( Samba::LDAP::Base ); |
|
8
|
|
|
|
|
18
|
|
|
8
|
|
|
|
|
5299
|
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
our $VERSION = '0.05'; |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
# |
17
|
|
|
|
|
|
|
# Add Log::Log4perl to all our classes!!!! |
18
|
|
|
|
|
|
|
# |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
# Add/Use for main code and tests: |
21
|
|
|
|
|
|
|
# |
22
|
|
|
|
|
|
|
# Net::LDAP::Util (DN stuff) |
23
|
|
|
|
|
|
|
# |
24
|
|
|
|
|
|
|
# Net::LDAP::Schema (read schemas, good to check if right ones are loaded) |
25
|
|
|
|
|
|
|
# |
26
|
|
|
|
|
|
|
# NET::LDAP::DSML (XML output) |
27
|
|
|
|
|
|
|
# |
28
|
|
|
|
|
|
|
# Net::LDAP::Extra (adding new features) |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
# Regexp for compiling |
31
|
|
|
|
|
|
|
Readonly my $LOCALSID => qr{ |
32
|
|
|
|
|
|
|
^SID # Start of String |
33
|
|
|
|
|
|
|
[ ] # Character class for space |
34
|
|
|
|
|
|
|
for |
35
|
|
|
|
|
|
|
[ ] |
36
|
|
|
|
|
|
|
domain |
37
|
|
|
|
|
|
|
[ ] |
38
|
|
|
|
|
|
|
(\S+) # Non-Whitespace |
39
|
|
|
|
|
|
|
[ ] |
40
|
|
|
|
|
|
|
is: |
41
|
|
|
|
|
|
|
[ ] |
42
|
|
|
|
|
|
|
(\S+)$ # Non-Whitespace to end of line |
43
|
|
|
|
|
|
|
}; |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
#======================================================================== |
46
|
|
|
|
|
|
|
# -- PUBLIC METHODS -- |
47
|
|
|
|
|
|
|
#======================================================================== |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
50
|
|
|
|
|
|
|
# get_local_sid() |
51
|
|
|
|
|
|
|
# |
52
|
|
|
|
|
|
|
# Tries to get the local Samba Domain SID, using: |
53
|
|
|
|
|
|
|
# 'net getlocalsid'. If it fails, returns 'Can not find SID' |
54
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub get_local_sid { |
57
|
2
|
|
|
2
|
1
|
1451
|
my $self = shift; |
58
|
|
|
|
|
|
|
|
59
|
2
|
|
|
|
|
26315
|
my $net_command = `LANG= \ |
60
|
|
|
|
|
|
|
PATH=/opt/IDEALX/bin:/usr/local/bin:/usr/bin:/bin \ |
61
|
|
|
|
|
|
|
net getlocalsid 2>/dev/null`; |
62
|
|
|
|
|
|
|
|
63
|
2
|
|
|
|
|
125
|
my ( $domain, $sid ) = $net_command =~ $LOCALSID; |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
# More than likely a better way |
66
|
2
|
|
|
|
|
87
|
$self->{SID} = $sid; |
67
|
2
|
50
|
|
|
|
25
|
return $self->{SID} if $sid; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
# Set and return error |
70
|
2
|
|
|
|
|
78
|
$self->error('Can not find SID'); |
71
|
2
|
|
|
|
|
69
|
return $self->error(); |
72
|
|
|
|
|
|
|
} |
73
|
|
|
|
|
|
|
|
74
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
75
|
|
|
|
|
|
|
# does_sid_exist( $sid, $dn_group ) |
76
|
|
|
|
|
|
|
# |
77
|
|
|
|
|
|
|
# Check there is a SID for user etc. |
78
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
sub does_sid_exist { |
81
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
82
|
0
|
|
|
|
|
|
my $sid = shift; |
83
|
0
|
|
|
|
|
|
my $dn_group = shift; |
84
|
|
|
|
|
|
|
|
85
|
0
|
|
|
|
|
|
my $ldap = $self->connect_ldap_master(); |
86
|
0
|
|
|
|
|
|
my $mesg = $ldap->search( |
87
|
|
|
|
|
|
|
base => $dn_group, |
88
|
|
|
|
|
|
|
scope => $self->{scope}, |
89
|
|
|
|
|
|
|
filter => "(sambaSID=$sid)" |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
#filter => "(&(objectClass=sambaSAMAccount|objectClass=sambaGroupMapping)(sambaSID=$sid))" |
92
|
|
|
|
|
|
|
); |
93
|
0
|
0
|
|
|
|
|
$mesg->code && die $mesg->error; |
94
|
0
|
|
|
|
|
|
return ($mesg); |
95
|
|
|
|
|
|
|
} |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
98
|
|
|
|
|
|
|
# get_dn_from_line() |
99
|
|
|
|
|
|
|
# |
100
|
|
|
|
|
|
|
# dn = get_dn_from_line ($dn_line) |
101
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
sub get_dn_from_line { |
104
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
105
|
0
|
|
|
|
|
|
my $dn = shift; |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
# to get "a=b,c=d" from "dn: a=b,c=d" |
108
|
0
|
|
|
|
|
|
$dn =~ s{\A dn: [ ] }{}; |
109
|
|
|
|
|
|
|
|
110
|
0
|
|
|
|
|
|
return $dn; |
111
|
|
|
|
|
|
|
} |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
114
|
|
|
|
|
|
|
# do_ldapadd() |
115
|
|
|
|
|
|
|
# |
116
|
|
|
|
|
|
|
# Description here |
117
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
118
|
|
|
|
|
|
|
|
119
|
0
|
|
|
0
|
1
|
|
sub do_ldapadd { |
120
|
|
|
|
|
|
|
} |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
123
|
|
|
|
|
|
|
# do_ldapmodify() |
124
|
|
|
|
|
|
|
# |
125
|
|
|
|
|
|
|
# Description here |
126
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
127
|
|
|
|
|
|
|
|
128
|
0
|
|
|
0
|
1
|
|
sub do_ldapmodify { |
129
|
|
|
|
|
|
|
} |
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
132
|
|
|
|
|
|
|
# connect_ldap_master() |
133
|
|
|
|
|
|
|
# |
134
|
|
|
|
|
|
|
# Connects to Master LDAP server listed in smbldap.conf. Returns Net:LDAP |
135
|
|
|
|
|
|
|
# Object |
136
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
sub connect_ldap_master { |
139
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
# bind to a directory with dn and password |
142
|
0
|
0
|
|
|
|
|
my $ldap_master = Net::LDAP->new( |
143
|
|
|
|
|
|
|
$self->{masterLDAP}, |
144
|
|
|
|
|
|
|
port => $self->{masterPort}, |
145
|
|
|
|
|
|
|
version => 3, |
146
|
|
|
|
|
|
|
timeout => 60, |
147
|
|
|
|
|
|
|
) or die "LDAP Error: Can't contact master ldap server ($@)"; |
148
|
|
|
|
|
|
|
|
149
|
0
|
|
|
|
|
|
my $ldap_tls; |
150
|
0
|
0
|
|
|
|
|
if ( $self->{ldapTLS} == 1 ) { |
151
|
0
|
|
|
|
|
|
$ldap_tls = $ldap_master->start_tls( |
152
|
|
|
|
|
|
|
verify => $self->{verify}, |
153
|
|
|
|
|
|
|
clientcert => $self->{clientcert}, |
154
|
|
|
|
|
|
|
clientkey => $self->{clientkey}, |
155
|
|
|
|
|
|
|
cafile => $self->{cafile}, |
156
|
|
|
|
|
|
|
); |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
# Check TLS has started before binding |
159
|
0
|
0
|
|
|
|
|
$ldap_tls->code && die 'Failed to start TLS: ', $ldap_tls->error; |
160
|
|
|
|
|
|
|
} |
161
|
|
|
|
|
|
|
|
162
|
0
|
|
|
|
|
|
my $result = |
163
|
|
|
|
|
|
|
$ldap_master->bind( $self->{masterDN}, password => $self->{masterPw}, ); |
164
|
0
|
0
|
|
|
|
|
$result->code && die 'Bind error: ', $result->error, "\n"; |
165
|
|
|
|
|
|
|
|
166
|
0
|
|
|
|
|
|
return $ldap_master; |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
170
|
|
|
|
|
|
|
# connect_ldap_slave() |
171
|
|
|
|
|
|
|
# |
172
|
|
|
|
|
|
|
# Connect to Slave LDAP Directory |
173
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
sub connect_ldap_slave { |
176
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
177
|
|
|
|
|
|
|
|
178
|
0
|
0
|
|
|
|
|
my $ldap_slave = Net::LDAP->new( |
179
|
|
|
|
|
|
|
$self->{slaveLDAP}, |
180
|
|
|
|
|
|
|
port => $self->{slavePort}, |
181
|
|
|
|
|
|
|
version => 3, |
182
|
|
|
|
|
|
|
timeout => 60, |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
) |
185
|
|
|
|
|
|
|
or carp "LDAP error: Can't contact slave ldap server ($@)\n |
186
|
|
|
|
|
|
|
=>trying to contact the master server\n"; |
187
|
|
|
|
|
|
|
|
188
|
0
|
0
|
|
|
|
|
if ( !$ldap_slave ) { |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
# connection to the slave failed: trying to contact the master ... |
191
|
0
|
0
|
|
|
|
|
$ldap_slave = Net::LDAP->new( |
192
|
|
|
|
|
|
|
$self->{masterLDAP}, |
193
|
|
|
|
|
|
|
port => $self->{masterPort}, |
194
|
|
|
|
|
|
|
version => 3, |
195
|
|
|
|
|
|
|
timeout => 60, |
196
|
|
|
|
|
|
|
) or die "LDAP error: Can't contact master ldap server ($@)\n"; |
197
|
|
|
|
|
|
|
} |
198
|
|
|
|
|
|
|
|
199
|
0
|
0
|
|
|
|
|
if ($ldap_slave) { |
200
|
0
|
|
|
|
|
|
my $ldap_tls; |
201
|
0
|
0
|
|
|
|
|
if ( $self->{ldapTLS} == 1 ) { |
202
|
0
|
|
|
|
|
|
$ldap_tls = $ldap_slave->start_tls( |
203
|
|
|
|
|
|
|
verify => $self->{verify}, |
204
|
|
|
|
|
|
|
clientcert => $self->{clientcert}, |
205
|
|
|
|
|
|
|
clientkey => $self->{clientkey}, |
206
|
|
|
|
|
|
|
cafile => $self->{cafile}, |
207
|
|
|
|
|
|
|
); |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
# Check TLS has started before binding |
210
|
0
|
0
|
|
|
|
|
$ldap_tls->code && die 'Failed to start TLS: ', $ldap_tls->error; |
211
|
|
|
|
|
|
|
} |
212
|
|
|
|
|
|
|
|
213
|
0
|
|
|
|
|
|
my $result = |
214
|
|
|
|
|
|
|
$ldap_slave->bind( $self->{slaveDN}, password => $self->{slavePw}, ); |
215
|
0
|
0
|
|
|
|
|
$result->code && die 'Bind error: ', $result->error, "\n"; |
216
|
|
|
|
|
|
|
|
217
|
0
|
|
|
|
|
|
return $ldap_slave; |
218
|
|
|
|
|
|
|
} |
219
|
|
|
|
|
|
|
|
220
|
0
|
|
|
|
|
|
return; |
221
|
|
|
|
|
|
|
} |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
224
|
|
|
|
|
|
|
# group_type_by_name() |
225
|
|
|
|
|
|
|
# |
226
|
|
|
|
|
|
|
# Description here |
227
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
228
|
|
|
|
|
|
|
|
229
|
0
|
|
|
0
|
1
|
|
sub group_type_by_name { |
230
|
|
|
|
|
|
|
} |
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
233
|
|
|
|
|
|
|
# list_union() |
234
|
|
|
|
|
|
|
# |
235
|
|
|
|
|
|
|
# Description here |
236
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
237
|
|
|
|
|
|
|
|
238
|
0
|
|
|
0
|
1
|
|
sub list_union { |
239
|
|
|
|
|
|
|
} |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
242
|
|
|
|
|
|
|
# list_minus() |
243
|
|
|
|
|
|
|
# |
244
|
|
|
|
|
|
|
# Description here |
245
|
|
|
|
|
|
|
#------------------------------------------------------------------------ |
246
|
|
|
|
|
|
|
|
247
|
0
|
|
|
0
|
1
|
|
sub list_minus { |
248
|
|
|
|
|
|
|
} |
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
#======================================================================== |
251
|
|
|
|
|
|
|
# -- PRIVATE METHODS -- |
252
|
|
|
|
|
|
|
#======================================================================== |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
1; # Magic true value required at end of module |
255
|
|
|
|
|
|
|
__END__ |