char *netbiosname;
};
+struct pdb_ads_samu_private {
+ char *dn;
+ struct tldap_message *ldapmsg;
+};
+
static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
struct samu *sam_acct,
const DOM_SID *sid);
int attrsonly,
TALLOC_CTX *mem_ctx, struct tldap_message ***res,
const char *fmt, ...);
+static NTSTATUS pdb_ads_getsamupriv(struct pdb_ads_state *state,
+ const char *filter,
+ TALLOC_CTX *mem_ctx,
+ struct pdb_ads_samu_private **presult);
static bool pdb_ads_pull_time(struct tldap_message *msg, const char *attr,
time_t *ptime)
return rid;
}
-struct pdb_ads_samu_private {
- char *dn;
- struct tldap_message *ldapmsg;
-};
-
-static struct pdb_domain_info *pdb_ads_get_domain_info(
- struct pdb_methods *m, TALLOC_CTX *mem_ctx)
+static char *pdb_ads_domaindn2dns(TALLOC_CTX *mem_ctx, char *dn)
{
- return NULL;
+ char *result, *p;
+
+ result = talloc_string_sub2(mem_ctx, dn, "DC=", "", false, false,
+ true);
+ if (result == NULL) {
+ return NULL;
+ }
+
+ while ((p = strchr_m(result, ',')) != NULL) {
+ *p = '.';
+ }
+
+ return result;
}
-static struct samu *pdb_ads_init_guest(TALLOC_CTX *mem_ctx,
- struct pdb_methods *m)
+static struct pdb_domain_info *pdb_ads_get_domain_info(
+ struct pdb_methods *m, TALLOC_CTX *mem_ctx)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
- struct dom_sid guest_sid;
- struct samu *guest;
- NTSTATUS status;
-
- sid_compose(&guest_sid, &state->domainsid, DOMAIN_USER_RID_GUEST);
+ struct pdb_domain_info *info;
+ struct tldap_message *rootdse;
+ char *tmp;
- guest = samu_new(mem_ctx);
- if (guest == NULL) {
+ info = talloc(mem_ctx, struct pdb_domain_info);
+ if (info == NULL) {
return NULL;
}
+ info->name = talloc_strdup(info, state->netbiosname);
+ if (info->name == NULL) {
+ goto fail;
+ }
+ info->dns_domain = pdb_ads_domaindn2dns(info, state->domaindn);
+ if (info->dns_domain == NULL) {
+ goto fail;
+ }
- status = pdb_ads_getsampwsid(m, guest, &guest_sid);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("Could not init guest account: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(guest);
- return NULL;
+ rootdse = tldap_rootdse(state->ld);
+ tmp = tldap_talloc_single_attribute(rootdse, "rootDomainNamingContext",
+ talloc_tos());
+ if (tmp == NULL) {
+ goto fail;
+ }
+ info->dns_forest = pdb_ads_domaindn2dns(info, tmp);
+ TALLOC_FREE(tmp);
+ if (info->dns_forest == NULL) {
+ goto fail;
}
- return guest;
+ info->sid = state->domainsid;
+ info->guid = state->domainguid;
+ return info;
+
+fail:
+ TALLOC_FREE(info);
+ return NULL;
}
static struct pdb_ads_samu_private *pdb_ads_get_samu_private(
struct pdb_methods *m, struct samu *sam)
{
+ struct pdb_ads_state *state = talloc_get_type_abort(
+ m->private_data, struct pdb_ads_state);
struct pdb_ads_samu_private *result;
- uint32_t rid;
+ char *sidstr, *filter;
+ NTSTATUS status;
result = (struct pdb_ads_samu_private *)
pdb_get_backend_private_data(sam, m);
result, struct pdb_ads_samu_private);
}
- /*
- * This is now a weirdness of the passdb API. For the guest user we
- * are not asked first.
- */
- sid_peek_rid(pdb_get_user_sid(sam), &rid);
+ sidstr = sid_binstring(talloc_tos(), pdb_get_user_sid(sam));
+ if (sidstr == NULL) {
+ return NULL;
+ }
- if (rid == DOMAIN_USER_RID_GUEST) {
- struct samu *guest = pdb_ads_init_guest(talloc_tos(), m);
+ filter = talloc_asprintf(
+ talloc_tos(), "(&(objectsid=%s)(objectclass=user))", sidstr);
+ TALLOC_FREE(sidstr);
+ if (filter == NULL) {
+ return NULL;
+ }
- if (guest == NULL) {
- return NULL;
- }
- result = talloc_get_type_abort(
- pdb_get_backend_private_data(guest, m),
- struct pdb_ads_samu_private);
- pdb_set_backend_private_data(
- sam, talloc_move(sam, &result), NULL, m, PDB_SET);
- TALLOC_FREE(guest);
- return talloc_get_type_abort(
- pdb_get_backend_private_data(sam, m),
- struct pdb_ads_samu_private);
+ status = pdb_ads_getsamupriv(state, filter, sam, &result);
+ TALLOC_FREE(filter);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
}
- return NULL;
+ return result;
}
-static NTSTATUS pdb_ads_init_sam_from_ads(struct pdb_methods *m,
- struct samu *sam,
- struct tldap_message *entry)
+static NTSTATUS pdb_ads_init_sam_from_priv(struct pdb_methods *m,
+ struct samu *sam,
+ struct pdb_ads_samu_private *priv)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
TALLOC_CTX *frame = talloc_stackframe();
- struct pdb_ads_samu_private *priv;
NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ struct tldap_message *entry = priv->ldapmsg;
char *str;
time_t tmp_time;
struct dom_sid sid;
uint64_t n;
DATA_BLOB blob;
- priv = talloc(sam, struct pdb_ads_samu_private);
- if (priv == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- if (!tldap_entry_dn(entry, &priv->dn)) {
- TALLOC_FREE(priv);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
str = tldap_talloc_single_attribute(entry, "samAccountName", sam);
if (str == NULL) {
DEBUG(10, ("no samAccountName\n"));
pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
}
if (pdb_ads_pull_time(entry, "accountExpires", &tmp_time)) {
- pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
+ pdb_set_kickoff_time(sam, tmp_time, PDB_SET);
}
str = tldap_talloc_single_attribute(entry, "displayName",
DEBUG(10, ("Could not pull userAccountControl\n"));
goto fail;
}
- pdb_set_acct_ctrl(sam, ads_uf2acb(n), PDB_SET);
+ pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET);
if (tldap_get_single_valueblob(entry, "unicodePwd", &blob)) {
if (blob.length != NT_HASH_LEN) {
pdb_set_group_sid(sam, &sid, PDB_SET);
}
-
- priv->ldapmsg = talloc_move(priv, &entry);
- pdb_set_backend_private_data(sam, priv, NULL, m, PDB_SET);
-
status = NT_STATUS_OK;
fail:
TALLOC_FREE(frame);
ret &= tldap_make_mod_fmt(
existing, mem_ctx, pnum_mods, pmods, "userAccountControl",
- "%d", ads_acb2uf(pdb_get_acct_ctrl(sam)));
+ "%d", ds_acb2uf(pdb_get_acct_ctrl(sam)));
ret &= tldap_make_mod_fmt(
existing, mem_ctx, pnum_mods, pmods, "homeDirectory",
return ret;
}
-static NTSTATUS pdb_ads_getsampwfilter(struct pdb_methods *m,
- struct pdb_ads_state *state,
- struct samu *sam_acct,
- const char *filter)
+static NTSTATUS pdb_ads_getsamupriv(struct pdb_ads_state *state,
+ const char *filter,
+ TALLOC_CTX *mem_ctx,
+ struct pdb_ads_samu_private **presult)
{
const char * attrs[] = {
"lastLogon", "lastLogoff", "pwdLastSet", "accountExpires",
"unicodePwd", "dBCSPwd" };
struct tldap_message **users;
int rc, count;
+ struct pdb_ads_samu_private *result;
+
+ result = talloc(mem_ctx, struct pdb_ads_samu_private);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
- attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
+ attrs, ARRAY_SIZE(attrs), 0, result,
&users, "%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
+ TALLOC_FREE(result);
return NT_STATUS_LDAP(rc);
}
count = talloc_array_length(users);
if (count != 1) {
DEBUG(10, ("Expected 1 user, got %d\n", count));
+ TALLOC_FREE(result);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- return pdb_ads_init_sam_from_ads(m, sam_acct, users[0]);
+ result->ldapmsg = users[0];
+ if (!tldap_entry_dn(result->ldapmsg, &result->dn)) {
+ DEBUG(10, ("Could not extract dn\n"));
+ TALLOC_FREE(result);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ *presult = result;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS pdb_ads_getsampwfilter(struct pdb_methods *m,
+ struct pdb_ads_state *state,
+ struct samu *sam_acct,
+ const char *filter)
+{
+ struct pdb_ads_samu_private *priv;
+ NTSTATUS status;
+
+ status = pdb_ads_getsamupriv(state, filter, sam_acct, &priv);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_ads_getsamupriv failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = pdb_ads_init_sam_from_priv(m, sam_acct, priv);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_ads_init_sam_from_priv failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(priv);
+ return status;
+ }
+
+ pdb_set_backend_private_data(sam_acct, priv, NULL, m, PDB_SET);
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_ads_getsampwnam(struct pdb_methods *m,
rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created user %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(dn);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete for %s failed: %s\n", dn,
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
return NT_STATUS_LDAP(rc);
}
return NT_STATUS_OK;
TALLOC_FREE(mods);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify for %s failed: %s\n", priv->dn,
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
return NT_STATUS_LDAP(rc);
}
&group, "%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
if (talloc_array_length(group) != 1) {
rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
"(&(objectclass=group)(samaccountname=%s))", name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created alias %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(msg);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(frame);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_GROUP;
}
rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
"(&(objectclass=group)(samaccountname=%s))", name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created alias %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
rc = tldap_delete(ld, dn, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
TALLOC_FREE(msg);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
return NT_STATUS_OK;
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(frame);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_ALIAS;
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
TALLOC_FREE(filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("tldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
continue;
}
DEBUG(10, ("no samAccountType"));
continue;
}
- lsa_attrs[i] = ads_atype_map(attr);
+ lsa_attrs[i] = ds_atype_map(attr);
num_mapped += 1;
}
}
static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
- int policy_index, uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
- return account_policy_get(policy_index, value)
+ return account_policy_get(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
- int policy_index, uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
- return account_policy_set(policy_index, value)
+ return account_policy_set(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
"%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search_ext_s failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return false;
}
return true;
}
-static bool pdb_ads_uid_to_rid(struct pdb_methods *m, uid_t uid,
- uint32 *rid)
-{
- return false;
-}
-
static bool pdb_ads_uid_to_sid(struct pdb_methods *m, uid_t uid,
DOM_SID *sid)
{
uint32 *num_domains,
struct trustdom_info ***domains)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ *num_domains = 0;
+ *domains = NULL;
+ return NT_STATUS_OK;
}
static void pdb_ads_init_methods(struct pdb_methods *m)
m->search_users = pdb_ads_search_users;
m->search_groups = pdb_ads_search_groups;
m->search_aliases = pdb_ads_search_aliases;
- m->uid_to_rid = pdb_ads_uid_to_rid;
m->uid_to_sid = pdb_ads_uid_to_sid;
m->gid_to_sid = pdb_ads_gid_to_sid;
m->sid_to_id = pdb_ads_sid_to_id;
samba_level = 2;
break;
case TLDAP_DEBUG_TRACE:
- samba_level = 10;
+ samba_level = 11;
break;
};
rc = tldap_fetch_rootdse(ld);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve rootdse: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}
talloc_tos(), &domain, "(objectclass=*)");
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve domain: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}
talloc_tos(), &ncname, "(ncname=%s)", state->domaindn);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve ncname: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}