自学教程：C++ ADS_ERROR_NT函数代码示例

static ADS_STATUS ads_sasl_gensec_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t len){	struct gensec_security *gensec_security =		talloc_get_type_abort(ads->ldap.wrap_private_data,		struct gensec_security);	NTSTATUS nt_status;	DATA_BLOB unwrapped, wrapped;	TALLOC_CTX *frame = talloc_stackframe();	unwrapped = data_blob_const(buf, len);	nt_status = gensec_wrap(gensec_security, frame, &unwrapped, &wrapped);	if (!NT_STATUS_IS_OK(nt_status)) {		TALLOC_FREE(frame);		return ADS_ERROR_NT(nt_status);	}	if ((ads->ldap.out.size - 4) < wrapped.length) {		TALLOC_FREE(frame);		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);	}	/* copy the wrapped blob to the right location */	memcpy(ads->ldap.out.buf + 4, wrapped.data, wrapped.length);	/* set how many bytes must be written to the underlying socket */	ads->ldap.out.left = 4 + wrapped.length;	TALLOC_FREE(frame);	return ADS_SUCCESS;}

static ADS_STATUS ads_sasl_ntlmssp_unwrap(ADS_STRUCT *ads){	struct gensec_security *gensec_security =		talloc_get_type_abort(ads->ldap.wrap_private_data,		struct gensec_security);	NTSTATUS nt_status;	DATA_BLOB unwrapped, wrapped;	TALLOC_CTX *frame = talloc_stackframe();	wrapped = data_blob_const(ads->ldap.in.buf + 4, ads->ldap.in.ofs - 4);	nt_status = gensec_unwrap(gensec_security, frame, &wrapped, &unwrapped);	if (!NT_STATUS_IS_OK(nt_status)) {		TALLOC_FREE(frame);		return ADS_ERROR_NT(nt_status);	}	if (wrapped.length < unwrapped.length) {		TALLOC_FREE(frame);		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);	}	/* copy the wrapped blob to the right location */	memcpy(ads->ldap.in.buf + 4, unwrapped.data, unwrapped.length);	/* set how many bytes must be written to the underlying socket */	ads->ldap.in.left	= unwrapped.length;	ads->ldap.in.ofs	= 4;	TALLOC_FREE(frame);	return ADS_SUCCESS;}

ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,			     TALLOC_CTX *mem_ctx,			     const struct security_token *token,			     struct registry_key *root_key,			     struct GROUP_POLICY_OBJECT *gpo,			     const char *extension_guid_filter,			     uint32_t flags){	struct GP_EXT *gp_ext = NULL;	int i;	DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)/n",		gpo->name, gpo->display_name));	if (extension_guid_filter) {		DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)/n",			extension_guid_filter,			cse_gpo_guid_string_to_name(extension_guid_filter)));	}	if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) {		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);	}	if (!gp_ext || !gp_ext->num_exts) {		if (flags & GPO_INFO_FLAG_VERBOSE) {			DEBUG(0,("gpo_process_a_gpo: "				"no policies in %s (%s) for this extension/n",				gpo->name, gpo->display_name));		}		return ADS_SUCCESS;	}	for (i=0; i<gp_ext->num_exts; i++) {		NTSTATUS ntstatus;		if (extension_guid_filter &&		    !strequal(extension_guid_filter,			      gp_ext->extensions_guid[i])) {			continue;		}		ntstatus = gpext_process_extension(ads, mem_ctx,						   flags, token, root_key, gpo,						   gp_ext->extensions_guid[i],						   gp_ext->snapins_guid[i]);		if (!NT_STATUS_IS_OK(ntstatus)) {			ADS_ERROR_NT(ntstatus);		}	}	return ADS_SUCCESS;}

static ADS_STATUS ads_sasl_ntlmssp_unwrap(ADS_STRUCT *ads){	struct ntlmssp_state *ntlmssp_state =		(struct ntlmssp_state *)ads->ldap.wrap_private_data;	ADS_STATUS status;	NTSTATUS nt_status;	DATA_BLOB sig;	uint8 *dptr = ads->ldap.in.buf + (4 + NTLMSSP_SIG_SIZE);	uint32 dlen = ads->ldap.in.ofs - (4 + NTLMSSP_SIG_SIZE);	/* wrap the signature into a DATA_BLOB */	sig = data_blob_const(ads->ldap.in.buf + 4, NTLMSSP_SIG_SIZE);	/* verify the signature and maybe decrypt the data */	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {		nt_status = ntlmssp_unseal_packet(ntlmssp_state,						  dptr, dlen,						  dptr, dlen,						  &sig);	} else {		nt_status = ntlmssp_check_packet(ntlmssp_state,						 dptr, dlen,						 dptr, dlen,						 &sig);	}	status = ADS_ERROR_NT(nt_status);	if (!ADS_ERR_OK(status)) return status;	/* set the amount of bytes for the upper layer and set the ofs to the data */	ads->ldap.in.left	= dlen;	ads->ldap.in.ofs	= 4 + NTLMSSP_SIG_SIZE;	return ADS_SUCCESS;}

/*    perform a LDAP/SASL/SPNEGO/KRB5 bind*/static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal){	DATA_BLOB blob = data_blob_null;	struct berval cred, *scred = NULL;	DATA_BLOB session_key = data_blob_null;	int rc;	if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {		return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);	}	rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0,				     &ads->auth.tgs_expire);	if (rc) {		return ADS_ERROR_KRB5(rc);	}	/* now send the auth packet and we should be done */	cred.bv_val = (char *)blob.data;	cred.bv_len = blob.length;	rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);	data_blob_free(&blob);	data_blob_free(&session_key);	if(scred)		ber_bvfree(scred);	return ADS_ERROR(rc);}

static ADS_STATUS ads_connect(ADS_STRUCT *ads){	struct libnet_LookupDCs *io;	char *url;	io = talloc_zero(ads, struct libnet_LookupDCs);	/* We are looking for the PDC of the active domain. */	io->in.name_type = NBT_NAME_PDC;	io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx);	libnet_LookupDCs(ads->netctx, ads, io);	url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0].name);	ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx,	                 url, NULL, ads->netctx->cred, 0);	if (ads->ldbctx == NULL) {		return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);	}	return ADS_ERROR_NT(NT_STATUS_OK);}

static ADS_STATUS ads_sasl_gssapi_wrap(struct ads_saslwrap *wrap, uint8_t *buf, uint32_t len){	gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;	ADS_STATUS status;	int gss_rc;	uint32_t minor_status;	gss_buffer_desc unwrapped, wrapped;	int conf_req_flag, conf_state;	unwrapped.value		= buf;	unwrapped.length	= len;	/* for now request sign and seal */	conf_req_flag	= (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL);	gss_rc = gss_wrap(&minor_status, context_handle,			  conf_req_flag, GSS_C_QOP_DEFAULT,			  &unwrapped, &conf_state,			  &wrapped);	status = ADS_ERROR_GSS(gss_rc, minor_status);	if (!ADS_ERR_OK(status)) return status;	if (conf_req_flag && conf_state == 0) {		return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);	}	if ((wrap->out.size - 4) < wrapped.length) {		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);	}	/* copy the wrapped blob to the right location */	memcpy(wrap->out.buf + 4, wrapped.value, wrapped.length);	/* set how many bytes must be written to the underlying socket */	wrap->out.left = 4 + wrapped.length;	gss_release_buffer(&minor_status, &wrapped);	return ADS_SUCCESS;}

static ADS_STATUS ads_sasl_gssapi_unwrap(struct ads_saslwrap *wrap){	gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;	ADS_STATUS status;	int gss_rc;	uint32_t minor_status;	gss_buffer_desc unwrapped, wrapped;	int conf_state;	wrapped.value	= wrap->in.buf + 4;	wrapped.length	= wrap->in.ofs - 4;	gss_rc = gss_unwrap(&minor_status, context_handle,			    &wrapped, &unwrapped,			    &conf_state, GSS_C_QOP_DEFAULT);	status = ADS_ERROR_GSS(gss_rc, minor_status);	if (!ADS_ERR_OK(status)) return status;	if (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL && conf_state == 0) {		return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);	}	if (wrapped.length < unwrapped.length) {		return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);	}	/* copy the wrapped blob to the right location */	memcpy(wrap->in.buf + 4, unwrapped.value, unwrapped.length);	/* set how many bytes must be written to the underlying socket */	wrap->in.left	= unwrapped.length;	wrap->in.ofs	= 4;	gss_release_buffer(&minor_status, &unwrapped);	return ADS_SUCCESS;}

ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,				TALLOC_CTX *mem_ctx,				struct loadparm_context *lp_ctx,				const char *dn,				struct security_token **token){	struct security_token *ad_token = NULL;	ADS_STATUS status;	NTSTATUS ntstatus;#ifndef HAVE_ADS	return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);#endif	status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token);	if (!ADS_ERR_OK(status)) {		return status;	}	ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),				  token);	if (!NT_STATUS_IS_OK(ntstatus)) {		return ADS_ERROR_NT(ntstatus);	}	return ADS_SUCCESS;}

static ADS_STATUS ads_sasl_ntlmssp_wrap(ADS_STRUCT *ads, uint8 *buf, uint32 len){	struct ntlmssp_state *ntlmssp_state =		(struct ntlmssp_state *)ads->ldap.wrap_private_data;	ADS_STATUS status;	NTSTATUS nt_status;	DATA_BLOB sig;	TALLOC_CTX *frame;	uint8 *dptr = ads->ldap.out.buf + (4 + NTLMSSP_SIG_SIZE);	frame = talloc_stackframe();	/* copy the data to the right location */	memcpy(dptr, buf, len);	/* create the signature and may encrypt the data */	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {		nt_status = ntlmssp_seal_packet(ntlmssp_state,						frame,						dptr, len,						dptr, len,						&sig);	} else {		nt_status = ntlmssp_sign_packet(ntlmssp_state,						frame,						dptr, len,						dptr, len,						&sig);	}	status = ADS_ERROR_NT(nt_status);	if (!ADS_ERR_OK(status)) return status;	/* copy the signature to the right location */	memcpy(ads->ldap.out.buf + 4,	       sig.data, NTLMSSP_SIG_SIZE);	TALLOC_FREE(frame);	/* set how many bytes must be written to the underlying socket */	ads->ldap.out.left = 4 + NTLMSSP_SIG_SIZE + len;	return ADS_SUCCESS;}

/** * Set the machine account password * @param ads connection to ads server * @param hostname machine whose password is being set * @param password new password * @return status of password change **/ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,				    const char *machine_account,				    const char *password){	ADS_STATUS status;	char *principal = NULL;	/*	  we need to use the '$' form of the name here (the machine account name),	  as otherwise the server might end up setting the password for a user	  instead	 */	if (asprintf(&principal, "%[email
C++ ADS_ERR_OK函数代码示例
C++ ADS_ERROR函数代码示例