Copyright (C) Andrew Bartlett 2002-2003
Copyright (C) Stefan (metze) Metzmacher 2002-2003
Copyright (C) Simo Sorce 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+
*/
/* TODO:
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "secrets.h"
+#include "idmap_cache.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_key2string( attrib_map_v22, key );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_key2string( attrib_map_v30, key );
-
+
default:
DEBUG(0,("get_userattr_key2string: unknown schema version specified\n"));
break;
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v30 );
default:
DEBUG(0,("get_userattr_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v30 );
DEBUG(0,("get_userattr_delete_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
{
fstring objclass_filter;
char *result;
-
+
switch( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );
objclass_filter[0] = '\0';
break;
}
-
+
result = talloc_strdup(talloc_tos(), objclass_filter);
SMB_ASSERT(result != NULL);
return result;
const char **attr)
{
char *filter = NULL;
- char *escape_user = escape_ldap_string_alloc(user);
+ char *escape_user = escape_ldap_string(talloc_tos(), user);
int ret = -1;
if (!escape_user) {
filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
- SAFE_FREE(escape_user);
+ TALLOC_FREE(escape_user);
return LDAP_NO_MEMORY;
}
/*
filter = talloc_all_string_sub(talloc_tos(),
filter, "%u", escape_user);
- SAFE_FREE(escape_user);
+ TALLOC_FREE(escape_user);
if (!filter) {
return LDAP_NO_MEMORY;
}
******************************************************************/
static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid, LDAPMessage ** result,
+ uint32_t rid, LDAPMessage ** result,
const char **attr)
{
char *filter = NULL;
******************************************************************/
static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage ** result,
+ const struct dom_sid *sid, LDAPMessage ** result,
const char **attr)
{
char *filter = NULL;
}
/* Ok, delete only the SAM attributes */
-
+
for (name = ldap_first_attribute(priv2ld(priv), entry, &ptr);
name != NULL;
name = ldap_next_attribute(priv2ld(priv), entry, ptr)) {
*acct_desc = NULL,
*workstations = NULL,
*munged_dial = NULL;
- uint32 user_rid;
+ uint32_t user_rid;
uint8 smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
bool use_samba_attrs = True;
- uint32 acct_ctrl = 0;
- uint16 logon_divs;
- uint16 bad_password_count = 0,
+ uint32_t acct_ctrl = 0;
+ uint16_t logon_divs;
+ uint16_t bad_password_count = 0,
logon_count = 0;
- uint32 hours_len;
+ uint32_t hours_len;
uint8 hours[MAX_HOURS_LEN];
char *temp = NULL;
- LOGIN_CACHE *cache_entry = NULL;
- uint32 pwHistLen;
+ struct login_cache cache_entry;
+ uint32_t pwHistLen;
bool expand_explicit = lp_passdb_expand_explicit();
bool ret = false;
TALLOC_CTX *ctx = talloc_init("init_sam_from_ldap");
goto fn_exit;
}
- if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ if (!(username = smbldap_talloc_first_attribute(priv2ld(ldap_state),
entry,
"uid",
ctx))) {
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_RID),
ctx))!=NULL) {
- user_rid = (uint32)atol(temp);
+ user_rid = (uint32_t)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
}
- if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) {
+ if (IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
/* Make call to Novell eDirectory ldap extension to get clear text password.
NOTE: This will only work if we have an SSL connection to eDirectory. */
- user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ user_dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (user_dn != NULL) {
- DEBUG(3, ("init_sam_from_ldap: smbldap_get_dn(%s) returned '%s'\n", username, user_dn));
+ DEBUG(3, ("init_sam_from_ldap: smbldap_talloc_dn(ctx, %s) returned '%s'\n", username, user_dn));
pwd_len = sizeof(clear_text_pw);
if (pdb_nds_get_password(ldap_state->smbldap_state, user_dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
nt_lm_owf_gen(clear_text_pw, smbntpwd, smblmpwd);
if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smblmpwd);
if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smbntpwd);
use_samba_attrs = False;
}
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
} else {
DEBUG(0, ("init_sam_from_ldap: failed to get user_dn for '%s'\n", username));
pwHistLen = 0;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- if ((pwhist = TALLOC_ARRAY(ctx, uint8,
- pwHistLen * PW_HISTORY_ENTRY_LEN)) ==
- NULL){
+ pwhist = TALLOC_ARRAY(ctx, uint8,
+ pwHistLen * PW_HISTORY_ENTRY_LEN);
+ if (pwhist == NULL) {
DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
goto fn_exit;
}
}
}
if (hex_failed) {
- DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ DEBUG(2,("init_sam_from_ldap: Failed to get password history for user %s\n",
username));
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
LDAP_ATTR_BAD_PASSWORD_COUNT),
ctx);
if (temp) {
- bad_password_count = (uint32) atol(temp);
+ bad_password_count = (uint32_t) atol(temp);
pdb_set_bad_password_count(sampass,
bad_password_count, PDB_SET);
}
LDAP_ATTR_LOGON_COUNT),
ctx);
if (temp) {
- logon_count = (uint32) atol(temp);
+ logon_count = (uint32_t) atol(temp);
pdb_set_logon_count(sampass, logon_count, PDB_SET);
}
}
if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
+ struct passwd unix_pw;
+ bool have_uid = false;
+ bool have_gid = false;
+ struct dom_sid mapped_gsid;
+ const struct dom_sid *primary_gsid;
+
+ ZERO_STRUCT(unix_pw);
+
+ unix_pw.pw_name = username;
+ unix_pw.pw_passwd = discard_const_p(char, "x");
+
temp = smbldap_talloc_single_attribute(
priv2ld(ldap_state),
entry,
ctx);
if (temp) {
/* We've got a uid, feed the cache */
- uid_t uid = strtoul(temp, NULL, 10);
- store_uid_sid_cache(pdb_get_user_sid(sampass), uid);
+ unix_pw.pw_uid = strtoul(temp, NULL, 10);
+ have_uid = true;
+ }
+ temp = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "gidNumber",
+ ctx);
+ if (temp) {
+ /* We've got a uid, feed the cache */
+ unix_pw.pw_gid = strtoul(temp, NULL, 10);
+ have_gid = true;
+ }
+ unix_pw.pw_gecos = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "gecos",
+ ctx);
+ if (unix_pw.pw_gecos) {
+ unix_pw.pw_gecos = fullname;
+ }
+ unix_pw.pw_dir = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "homeDirectory",
+ ctx);
+ if (unix_pw.pw_dir) {
+ unix_pw.pw_dir = discard_const_p(char, "");
+ }
+ unix_pw.pw_shell = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "loginShell",
+ ctx);
+ if (unix_pw.pw_shell) {
+ unix_pw.pw_shell = discard_const_p(char, "");
+ }
+
+ if (have_uid && have_gid) {
+ sampass->unix_pw = tcopy_passwd(sampass, &unix_pw);
+ } else {
+ sampass->unix_pw = Get_Pwnam_alloc(sampass, unix_pw.pw_name);
+ }
+
+ if (sampass->unix_pw == NULL) {
+ DEBUG(0,("init_sam_from_ldap: Failed to find Unix account for %s\n",
+ pdb_get_username(sampass)));
+ goto fn_exit;
+ }
+
+ store_uid_sid_cache(pdb_get_user_sid(sampass),
+ sampass->unix_pw->pw_uid);
+ idmap_cache_set_sid2uid(pdb_get_user_sid(sampass),
+ sampass->unix_pw->pw_uid);
+
+ gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
+ primary_gsid = pdb_get_group_sid(sampass);
+ if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ store_gid_sid_cache(primary_gsid,
+ sampass->unix_pw->pw_gid);
+ idmap_cache_set_sid2gid(primary_gsid,
+ sampass->unix_pw->pw_gid);
}
}
}
/* see if we have newer updates */
- if (!(cache_entry = login_cache_read(sampass))) {
+ if (!login_cache_read(sampass, &cache_entry)) {
DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n",
(unsigned int)pdb_get_bad_password_count(sampass),
(unsigned int)pdb_get_bad_password_time(sampass)));
DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n",
(unsigned int)ldap_entry_time,
- (unsigned int)cache_entry->entry_timestamp,
- (unsigned int)cache_entry->bad_password_time));
+ (unsigned int)cache_entry.entry_timestamp,
+ (unsigned int)cache_entry.bad_password_time));
- if (ldap_entry_time > cache_entry->entry_timestamp) {
+ if (ldap_entry_time > cache_entry.entry_timestamp) {
/* cache is older than directory , so
we need to delete the entry but allow the
fields to be written out */
/* read cache in */
pdb_set_acct_ctrl(sampass,
pdb_get_acct_ctrl(sampass) |
- (cache_entry->acct_ctrl & ACB_AUTOLOCK),
+ (cache_entry.acct_ctrl & ACB_AUTOLOCK),
PDB_SET);
pdb_set_bad_password_count(sampass,
- cache_entry->bad_password_count,
+ cache_entry.bad_password_count,
PDB_SET);
pdb_set_bad_password_time(sampass,
- cache_entry->bad_password_time,
+ cache_entry.bad_password_time,
PDB_SET);
}
fn_exit:
TALLOC_FREE(ctx);
- SAFE_FREE(cache_entry);
return ret;
}
enum pdb_elements))
{
char *temp = NULL;
- uint32 rid;
+ uint32_t rid;
if (mods == NULL || sampass == NULL) {
DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n"));
/* only update the RID if we actually need to */
if (need_update(sampass, PDB_USERSID)) {
fstring sid_string;
- const DOM_SID *user_sid = pdb_get_user_sid(sampass);
+ const struct dom_sid *user_sid = pdb_get_user_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (need_update(sampass, PDB_GROUPSID)) {
fstring sid_string;
- const DOM_SID *group_sid = pdb_get_group_sid(sampass);
+ const struct dom_sid *group_sid = pdb_get_group_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
- if (asprintf(&temp, "%li", pdb_get_logon_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logon_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGONTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_logoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGOFFTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_kickoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_kickoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_KICKOFFTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_CANCHANGETIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_must_change_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_must_change_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_MUSTCHANGETIME))
if (need_update(sampass, PDB_PWHISTORY)) {
char *pwstr = NULL;
- uint32 pwHistLen = 0;
- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+ uint32_t pwHistLen = 0;
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
pwstr = SMB_MALLOC_ARRAY(char, 1024);
if (!pwstr) {
pwstr[64] = '\0';
} else {
int i;
- uint32 currHistLen = 0;
+ uint32_t currHistLen = 0;
const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);
if (pwhist != NULL) {
/* We can only store (1024-1/64 password history entries. */
if (need_update(sampass, PDB_PASSLASTSET)) {
if (asprintf(&temp, "%li",
- pdb_get_pass_last_set_time(sampass)) < 0) {
+ (long int)pdb_get_pass_last_set_time(sampass)) < 0) {
return false;
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
if (need_update(sampass, PDB_BAD_PASSWORD_COUNT)) /* &&
need_update(sampass, PDB_BAD_PASSWORD_TIME)) */ {
- uint16 badcount = pdb_get_bad_password_count(sampass);
+ uint16_t badcount = pdb_get_bad_password_count(sampass);
time_t badtime = pdb_get_bad_password_time(sampass);
- uint32 pol;
- pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+ uint32_t pol;
+ pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", badtime) < 0) {
+ if (asprintf(&temp, "%li", (long int)badtime) < 0) {
return false;
}
smbldap_make_mod(
DEBUG(7, ("bad password count is reset, deleting login cache entry for %s\n", pdb_get_nt_username(sampass)));
login_cache_delentry(sampass);
} else {
- LOGIN_CACHE cache_entry;
+ struct login_cache cache_entry;
cache_entry.entry_timestamp = time(NULL);
cache_entry.acct_ctrl = pdb_get_acct_ctrl(sampass);
cache_entry.bad_password_time = badtime;
DEBUG(7, ("Updating bad password count and time in login cache\n"));
- login_cache_write(sampass, cache_entry);
+ login_cache_write(sampass, &cache_entry);
}
}
(*attr_list)[i+1] = NULL;
}
+static void ldapsam_add_unix_attributes(TALLOC_CTX *mem_ctx,
+ const char ***attr_list)
+{
+ append_attr(mem_ctx, attr_list, "uidNumber");
+ append_attr(mem_ctx, attr_list, "gidNumber");
+ append_attr(mem_ctx, attr_list, "homeDirectory");
+ append_attr(mem_ctx, attr_list, "loginShell");
+ append_attr(mem_ctx, attr_list, "gecos");
+}
+
/**********************************************************************
Get struct samu entry from LDAP by username.
*********************************************************************/
int count;
const char ** attr_list;
int rc;
-
+
attr_list = get_userattr_list( user, ldap_state->schema_ver );
append_attr(user, &attr_list,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_MOD_TIMESTAMP));
- append_attr(user, &attr_list, "uidNumber");
+ ldapsam_add_unix_attributes(user, &attr_list);
rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result,
attr_list);
TALLOC_FREE( attr_list );
if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
-
+
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count));
ldap_msgfree(result);
}
static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage **result)
+ const struct dom_sid *sid, LDAPMessage **result)
{
int rc = -1;
const char ** attr_list;
- uint32 rid;
+ uint32_t rid;
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBASAMACCOUNT: {
get_userattr_key2string(
ldap_state->schema_ver,
LDAP_ATTR_MOD_TIMESTAMP));
- append_attr(tmp_ctx, &attr_list, "uidNumber");
+ ldapsam_add_unix_attributes(tmp_ctx, &attr_list);
rc = ldapsam_search_suffix_by_sid(ldap_state, sid,
result, attr_list);
TALLOC_FREE(tmp_ctx);
return rc;
break;
}
-
+
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
-
+
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list );
Get struct samu entry from LDAP by SID.
*********************************************************************/
-static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
+static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result = NULL;
return NT_STATUS_NO_SUCH_USER;
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
"count=%d\n", sid_string_dbg(sid), count));
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
-
+
if (!newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
-
- if (!mods) {
- DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
- /* may be password change below however */
- } else {
- switch(ldap_op) {
- case LDAP_MOD_ADD:
- if (ldap_state->is_nds_ldap) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass",
- "inetOrgPerson");
- } else {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass",
- LDAP_OBJ_ACCOUNT);
- }
- rc = smbldap_add(ldap_state->smbldap_state,
- dn, mods);
- break;
- case LDAP_MOD_REPLACE:
- rc = smbldap_modify(ldap_state->smbldap_state,
- dn ,mods);
- break;
- default:
- DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",
- ldap_op));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (rc!=LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
+
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
char *utf8_password;
char *utf8_dn;
size_t converted_size;
+ int ret;
if (!ldap_state->is_nds_ldap) {
}
}
- if (!push_utf8_allocate(&utf8_password,
+ if (!push_utf8_talloc(talloc_tos(), &utf8_password,
pdb_get_plaintext_passwd(newpwd),
&converted_size))
{
return NT_STATUS_NO_MEMORY;
}
- if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
- SAFE_FREE(utf8_password);
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ TALLOC_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- SAFE_FREE(utf8_password);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
return NT_STATUS_UNSUCCESSFUL;
}
if ((ber_printf (ber, "{") < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
- (ber_printf (ber, "n}") < 0)) {
- DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
- ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
- return NT_STATUS_UNSUCCESSFUL;
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+ utf8_dn) < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if ((utf8_password != NULL) && (*utf8_password != '\0')) {
+ ret = ber_printf(ber, "ts}",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+ utf8_password);
+ } else {
+ ret = ber_printf(ber, "}");
+ }
+
+ if (ret < 0) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
}
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
return NT_STATUS_UNSUCCESSFUL;
}
-
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
ber_free(ber, 1);
if (!ldap_state->is_nds_ldap) {
}
ber_bvfree(bv);
}
+
+ if (!mods) {
+ DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
+ /* may be password change below however */
+ } else {
+ switch(ldap_op) {
+ case LDAP_MOD_ADD:
+ if (ldap_state->is_nds_ldap) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "objectclass",
+ "inetOrgPerson");
+ } else {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "objectclass",
+ LDAP_OBJ_ACCOUNT);
+ }
+ rc = smbldap_add(ldap_state->smbldap_state,
+ dn, mods);
+ break;
+ case LDAP_MOD_REPLACE:
+ rc = smbldap_modify(ldap_state->smbldap_state,
+ dn ,mods);
+ break;
+ default:
+ DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",
+ ldap_op));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (rc!=LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
return NT_STATUS_OK;
}
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
rc = ldapsam_delete_entry(
priv, mem_ctx, entry,
priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ?
}
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
return NT_STATUS_UNSUCCESSFUL;
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (mods != NULL)
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
&& (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
-
+
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
if (mods != NULL) {
ldap_mods_free(mods,True);
}
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
/*
* We need to set the backend private data to NULL here. For example
- The "rename user script" has full responsibility for changing everything
***************************************************************************/
+static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
+ TALLOC_CTX *tmp_ctx,
+ uint32_t group_rid,
+ uint32_t member_rid);
+
+static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *user,
+ struct dom_sid **pp_sids,
+ gid_t **pp_gids,
+ size_t *p_num_groups);
+
static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
struct samu *old_acct,
const char *newname)
newname_lower,
true,
true);
- if (rename_script) {
+ if (!rename_script) {
return NT_STATUS_NO_MEMORY;
}
rename_script = realloc_string_sub2(rename_script,
LDAPMessage *entry = NULL;
LDAPMod **mods = NULL;
int ldap_op = LDAP_MOD_REPLACE;
- uint32 num_result;
+ uint32_t num_result;
const char **attr_list;
char *escape_user = NULL;
const char *username = pdb_get_username(newpwd);
- const DOM_SID *sid = pdb_get_user_sid(newpwd);
+ const struct dom_sid *sid = pdb_get_user_sid(newpwd);
char *filter = NULL;
char *dn = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
/* does the entry already exist but without a samba attributes?
we need to return the samba attributes here */
- escape_user = escape_ldap_string_alloc( username );
+ escape_user = escape_ldap_string(talloc_tos(), username);
filter = talloc_strdup(attr_list, "(uid=%u)");
if (!filter) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
}
filter = talloc_all_string_sub(attr_list, filter, "%u", escape_user);
+ TALLOC_FREE(escape_user);
if (!filter) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
}
- SAFE_FREE(escape_user);
rc = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr_list, &result);
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
-
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn (ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
fn_exit:
TALLOC_FREE(ctx);
- SAFE_FREE(escape_user);
if (result) {
ldap_msgfree(result);
}
attr_list = get_attr_list(NULL, groupmap_attr_list);
rc = smbldap_search(ldap_state->smbldap_state,
- lp_ldap_group_suffix (), scope,
+ lp_ldap_suffix (), scope,
filter, attr_list, 0, result);
TALLOC_FREE(attr_list);
if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
store_gid_sid_cache(&map->sid, map->gid);
+ idmap_cache_set_sid2gid(&map->sid, map->gid);
}
TALLOC_FREE(ctx);
*********************************************************************/
static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
char *filter = NULL;
NTSTATUS status;
const char *name)
{
char *filter = NULL;
- char *escape_name = escape_ldap_string_alloc(name);
+ char *escape_name = escape_ldap_string(talloc_tos(), name);
NTSTATUS status;
if (!escape_name) {
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN),
escape_name) < 0) {
- SAFE_FREE(escape_name);
+ TALLOC_FREE(escape_name);
return NT_STATUS_NO_MEMORY;
}
- SAFE_FREE(escape_name);
+ TALLOC_FREE(escape_name);
status = ldapsam_getgroup(methods, filter, map);
SAFE_FREE(filter);
return status;
static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
LDAPMessage *entry,
- const DOM_SID *domain_sid,
- uint32 *rid)
+ const struct dom_sid *domain_sid,
+ uint32_t *rid)
{
fstring str;
- DOM_SID sid;
+ struct dom_sid sid;
if (!smbldap_get_single_attribute(ldap_struct, entry, "sambaSID",
str, sizeof(str)-1)) {
static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group,
- uint32 **pp_member_rids,
+ const struct dom_sid *group,
+ uint32_t **pp_member_rids,
size_t *p_num_members)
{
struct ldapsam_privates *ldap_state =
goto done;
}
- rc = smbldap_search(conn, lp_ldap_group_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, id_attrs, 0,
&result);
values = ldap_get_values(conn->ldap_struct, entry, "memberUid");
- if (values) {
+ if ((values != NULL) && (values[0] != NULL)) {
filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) {
for (memberuid = values; *memberuid != NULL; memberuid += 1) {
char *escape_memberuid;
- escape_memberuid = escape_ldap_string_alloc(*memberuid);
+ escape_memberuid = escape_ldap_string(talloc_tos(),
+ *memberuid);
if (escape_memberuid == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
+
filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
+ TALLOC_FREE(escape_memberuid);
if (filter == NULL) {
- SAFE_FREE(escape_memberuid);
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
- SAFE_FREE(escape_memberuid);
}
filter = talloc_asprintf_append_buffer(filter, "))");
entry = ldap_next_entry(conn->ldap_struct, entry))
{
char *sidstr;
- DOM_SID sid;
- uint32 rid;
+ struct dom_sid sid;
+ uint32_t rid;
sidstr = smbldap_talloc_single_attribute(conn->ldap_struct,
entry, "sambaSID",
mem_ctx);
if (!sidstr) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
+ "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
entry != NULL;
entry = ldap_next_entry(conn->ldap_struct, entry))
{
- uint32 rid;
+ uint32_t rid;
if (!ldapsam_extract_rid_from_entry(conn->ldap_struct,
entry,
get_global_sam_sid(),
&rid)) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the samba SID" "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
}
ret = NT_STATUS_OK;
-
+
done:
if (values)
static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
struct samu *user,
- DOM_SID **pp_sids,
+ struct dom_sid **pp_sids,
gid_t **pp_gids,
size_t *p_num_groups)
{
LDAPMessage *result = NULL;
LDAPMessage *entry;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- size_t num_sids, num_gids;
+ uint32_t num_sids;
+ size_t num_gids;
char *gidstr;
gid_t primary_gid = -1;
return NT_STATUS_INVALID_PARAMETER;
}
- escape_name = escape_ldap_string_alloc(pdb_get_username(user));
+ escape_name = escape_ldap_string(talloc_tos(), pdb_get_username(user));
if (escape_name == NULL)
return NT_STATUS_NO_MEMORY;
- /* retrieve the users primary gid */
- filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(uid=%s))",
- LDAP_OBJ_SAMBASAMACCOUNT,
- escape_name);
- if (filter == NULL) {
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (user->unix_pw) {
+ primary_gid = user->unix_pw->pw_gid;
+ } else {
+ /* retrieve the users primary gid */
+ filter = talloc_asprintf(mem_ctx,
+ "(&(objectClass=%s)(uid=%s))",
+ LDAP_OBJ_SAMBASAMACCOUNT,
+ escape_name);
+ if (filter == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- rc = smbldap_search(conn, lp_ldap_suffix(),
- LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
+ rc = smbldap_search(conn, lp_ldap_suffix(),
+ LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
- if (rc != LDAP_SUCCESS)
- goto done;
+ if (rc != LDAP_SUCCESS)
+ goto done;
- talloc_autofree_ldapmsg(mem_ctx, result);
+ talloc_autofree_ldapmsg(mem_ctx, result);
- count = ldap_count_entries(priv2ld(ldap_state), result);
+ count = ldap_count_entries(priv2ld(ldap_state), result);
- switch (count) {
- case 0:
- DEBUG(1, ("User account [%s] not found!\n", pdb_get_username(user)));
- ret = NT_STATUS_NO_SUCH_USER;
- goto done;
- case 1:
- entry = ldap_first_entry(priv2ld(ldap_state), result);
+ switch (count) {
+ case 0:
+ DEBUG(1, ("User account [%s] not found!\n", pdb_get_username(user)));
+ ret = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ case 1:
+ entry = ldap_first_entry(priv2ld(ldap_state), result);
- gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx);
- if (!gidstr) {
- DEBUG (1, ("Unable to find the member's gid!\n"));
+ gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx);
+ if (!gidstr) {
+ DEBUG (1, ("Unable to find the member's gid!\n"));
+ ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ goto done;
+ }
+ primary_gid = strtoul(gidstr, NULL, 10);
+ break;
+ default:
+ DEBUG(1, ("found more than one account with the same user name ?!\n"));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
- primary_gid = strtoul(gidstr, NULL, 10);
- break;
- default:
- DEBUG(1, ("found more than one account with the same user name ?!\n"));
- ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
- goto done;
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%d)))",
- LDAP_OBJ_POSIXGROUP, escape_name, primary_gid);
+ "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
+ LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- rc = smbldap_search(conn, lp_ldap_group_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
entry = ldap_next_entry(conn->ldap_struct, entry))
{
fstring str;
- DOM_SID sid;
+ struct dom_sid sid;
gid_t gid;
char *end;
done:
- SAFE_FREE(escape_name);
+ TALLOC_FREE(escape_name);
return ret;
}
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=posixGroup)(gidNumber=%u))",
- map->gid);
+ "(&(objectClass=%s)(gidNumber=%u))",
+ LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
- "sambaGroupMapping");
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
TALLOC_CTX *mem_ctx;
NTSTATUS result;
- DOM_SID sid;
+ struct dom_sid sid;
int rc;
}
if (pdb_gid_to_sid(map->gid, &sid)) {
- DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to "
- "add\n", map->gid, sid_string_dbg(&sid)));
+ DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
+ "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
mods = NULL;
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaSidEntry");
+ LDAP_OBJ_SID_ENTRY);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaGroupMapping");
-
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description",
map->comment);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber",
- talloc_asprintf(mem_ctx, "%u", map->gid));
+ talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid));
talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
sid_string_talloc(mem_ctx, &map->sid),
- map->gid, map->sid_name_use);
+ (unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
*********************************************************************/
static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
rc = ldapsam_delete_entry(priv, mem_ctx, entry, LDAP_OBJ_GROUPMAP,
get_attr_list(mem_ctx,
groupmap_attr_list_to_delete));
-
+
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
}
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
return NT_STATUS_NO_MEMORY;
}
attr_list = get_attr_list( NULL, groupmap_attr_list );
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
+ rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &ldap_state->result);
TALLOC_FREE(attr_list);
DEBUG(0, ("ldapsam_setsamgrent: LDAP search failed: %s\n",
ldap_err2string(rc)));
DEBUG(3, ("ldapsam_setsamgrent: Query was: %s, %s\n",
- lp_ldap_group_suffix(), filter));
+ lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
TALLOC_FREE(filter);
while (!bret) {
if (!ldap_state->entry)
return ret;
-
+
ldap_state->index++;
bret = init_group_from_ldap(ldap_state, map,
ldap_state->entry);
-
+
ldap_state->entry =
ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
*********************************************************************/
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *domsid, enum lsa_SidType sid_name_use,
+ const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
bool unix_only)
}
static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member,
+ const struct dom_sid *alias,
+ const struct dom_sid *member,
int modop)
{
struct ldapsam_privates *ldap_state =
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
ldap_mods_free(mods, True);
ldap_msgfree(result);
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_ALIAS;
}
static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD);
}
static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return ldapsam_modify_aliasmem(methods, alias, member,
LDAP_MOD_DELETE);
}
static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- DOM_SID **pp_members,
+ const struct dom_sid *alias,
+ TALLOC_CTX *mem_ctx,
+ struct dom_sid **pp_members,
size_t *p_num_members)
{
struct ldapsam_privates *ldap_state =
char **values = NULL;
int i;
char *filter = NULL;
- size_t num_members = 0;
+ uint32_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
fstring tmp;
count = ldap_count_values(values);
for (i=0; i<count; i++) {
- DOM_SID member;
+ struct dom_sid member;
NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- status = add_sid_to_array(NULL, &member, pp_members,
+ status = add_sid_to_array(mem_ctx, &member, pp_members,
&num_members);
if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- const DOM_SID *members,
+ const struct dom_sid *domain_sid,
+ const struct dom_sid *members,
size_t num_members,
- uint32 **pp_alias_rids,
+ uint32_t **pp_alias_rids,
size_t *p_num_alias_rids)
{
struct ldapsam_privates *ldap_state =
int rc;
char *filter;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ bool is_builtin = false;
+ bool sid_added = false;
+
+ *pp_alias_rids = NULL;
+ *p_num_alias_rids = 0;
if (sid_check_is_builtin(domain_sid)) {
+ is_builtin = true;
type = SID_NAME_ALIAS;
}
return NT_STATUS_UNSUCCESSFUL;
}
+ if (num_members == 0) {
+ return NT_STATUS_OK;
+ }
+
filter = talloc_asprintf(mem_ctx,
- "(&(|(objectclass=%s)(sambaGroupType=%d))(|",
+ "(&(objectclass=%s)(sambaGroupType=%d)(|",
LDAP_OBJ_GROUPMAP, type);
for (i=0; i<num_members; i++)
return NT_STATUS_NO_MEMORY;
}
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
- LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
-
- if (rc != LDAP_SUCCESS)
- return NT_STATUS_UNSUCCESSFUL;
+ if (is_builtin &&
+ ldap_state->search_cache.filter &&
+ strcmp(ldap_state->search_cache.filter, filter) == 0) {
+ filter = talloc_move(filter, &ldap_state->search_cache.filter);
+ result = ldap_state->search_cache.result;
+ ldap_state->search_cache.result = NULL;
+ } else {
+ rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
+ LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
+ if (rc != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ talloc_autofree_ldapmsg(filter, result);
+ }
ldap_struct = ldap_state->smbldap_state->ldap_struct;
entry = ldap_next_entry(ldap_struct, entry))
{
fstring sid_str;
- DOM_SID sid;
- uint32 rid;
+ struct dom_sid sid;
+ uint32_t rid;
if (!smbldap_get_single_attribute(ldap_struct, entry,
LDAP_ATTRIBUTE_SID,
if (!sid_peek_check_rid(domain_sid, &sid, &rid))
continue;
+ sid_added = true;
+
if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids,
p_num_alias_rids)) {
- ldap_msgfree(result);
return NT_STATUS_NO_MEMORY;
}
}
- ldap_msgfree(result);
+ if (!is_builtin && !sid_added) {
+ TALLOC_FREE(ldap_state->search_cache.filter);
+ /*
+ * Note: result is a talloc child of filter because of the
+ * talloc_autofree_ldapmsg() usage
+ */
+ ldap_state->search_cache.filter = talloc_move(ldap_state, &filter);
+ ldap_state->search_cache.result = result;
+ }
+
return NT_STATUS_OK;
}
static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
- int policy_index,
- uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
int rc;
return NT_STATUS_INVALID_PARAMETER;
}
- policy_attr = get_account_policy_attr(policy_index);
+ policy_attr = get_account_policy_attr(type);
if (policy_attr == NULL) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
"policy\n"));
return ntstatus;
}
- if (!cache_account_policy_set(policy_index, value)) {
+ if (!cache_account_policy_set(type, value)) {
DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
"update local tdb cache\n"));
return ntstatus;
}
static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
- int policy_index, uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
- return ldapsam_set_account_policy_in_ldap(methods, policy_index,
+ return ldapsam_set_account_policy_in_ldap(methods, type,
value);
}
static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
- int policy_index,
- uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
LDAPMessage *result = NULL;
int count;
int rc;
char **vals = NULL;
+ char *filter;
const char *policy_attr = NULL;
struct ldapsam_privates *ldap_state =
return NT_STATUS_INVALID_PARAMETER;
}
- policy_attr = get_account_policy_attr(policy_index);
+ policy_attr = get_account_policy_attr(type);
if (!policy_attr) {
DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
- "policy index: %d\n", policy_index));
+ "policy index: %d\n", type));
return ntstatus;
}
attrs[0] = policy_attr;
attrs[1] = NULL;
+ filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", LDAP_OBJ_DOMINFO);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
- LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0,
+ LDAP_SCOPE_BASE, filter, attrs, 0,
&result);
-
+ TALLOC_FREE(filter);
if (rc != LDAP_SUCCESS) {
return ntstatus;
}
goto out;
}
- *value = (uint32)atol(vals[0]);
-
+ *value = (uint32_t)atol(vals[0]);
+
ntstatus = NT_STATUS_OK;
out:
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
-
+
- if there is a valid cache entry, return that
- if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
Guenther
*/
static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
- int policy_index, uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- if (cache_account_policy_get(policy_index, value)) {
+ if (cache_account_policy_get(type, value)) {
DEBUG(11,("ldapsam_get_account_policy: got valid value from "
"cache\n"));
return NT_STATUS_OK;
}
- ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
+ ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
value);
if (NT_STATUS_IS_OK(ntstatus)) {
goto update_cache;
#if 0
/* should we automagically migrate old tdb value here ? */
- if (account_policy_get(policy_index, value))
+ if (account_policy_get(type, value))
goto update_ldap;
DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
- "default\n", policy_index));
+ "default\n", type));
#endif
- if (!account_policy_get_default(policy_index, value)) {
+ if (!account_policy_get_default(type, value)) {
return ntstatus;
}
-
+
/* update_ldap: */
-
- ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
+
+ ntstatus = ldapsam_set_account_policy(methods, type, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
-
+
update_cache:
-
- if (!cache_account_policy_set(policy_index, *value)) {
+
+ if (!cache_account_policy_set(type, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
return NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
int num_rids,
- uint32 *rids,
+ uint32_t *rids,
const char **names,
enum lsa_SidType *attrs)
{
goto done;
}
+ if (num_rids == 0) {
+ result = NT_STATUS_NONE_MAPPED;
+ goto done;
+ }
+
for (i=0; i<num_rids; i++)
attrs[i] = SID_NAME_UNKNOWN;
}
for (i=0; i<num_rids; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
sid_compose(&sid, domain_sid, rids[i]);
allsids = talloc_asprintf_append_buffer(
allsids, "(sambaSid=%s)",
for (entry = ldap_first_entry(ld, msg);
entry != NULL;
entry = ldap_next_entry(ld, entry)) {
- uint32 rid;
+ uint32_t rid;
int rid_index;
const char *name;
}
rc = smbldap_search(ldap_state->smbldap_state,
- lp_ldap_group_suffix(),
+ lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0,
&msg);
talloc_autofree_ldapmsg(mem_ctx, msg);
entry != NULL;
entry = ldap_next_entry(ld, entry))
{
- uint32 rid;
+ uint32_t rid;
int rid_index;
const char *attr;
enum lsa_SidType type;
char *escaped = NULL;
char *result = NULL;
- asprintf(&filter, "(&%s(objectclass=sambaSamAccount))",
- "(uid=%u)");
- if (filter == NULL) goto done;
+ if (asprintf(&filter, "(&%s(objectclass=%s))",
+ "(uid=%u)", LDAP_OBJ_SAMBASAMACCOUNT) < 0) {
+ goto done;
+ }
- escaped = escape_ldap_string_alloc(username);
+ escaped = escape_ldap_string(talloc_tos(), username);
if (escaped == NULL) goto done;
result = talloc_string_sub(mem_ctx, filter, "%u", username);
done:
SAFE_FREE(filter);
- SAFE_FREE(escaped);
+ TALLOC_FREE(escaped);
return result;
}
-const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
+static const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
{
int i, num = 0;
va_list ap;
result[i] = talloc_strdup(result, va_arg(ap, const char*));
if (result[i] == NULL) {
talloc_free(result);
+ va_end(ap);
return NULL;
}
}
struct ldap_search_state {
struct smbldap_state *connection;
- uint32 acct_flags;
- uint16 group_type;
+ uint32_t acct_flags;
+ uint16_t group_type;
const char *base;
int scope;
}
state->current_entry = ldap_first_entry(ld, state->entries);
- if (state->current_entry == NULL) {
- ldap_msgfree(state->entries);
- state->entries = NULL;
- }
-
return True;
}
if (state->current_entry == NULL) {
ldap_msgfree(state->entries);
state->entries = NULL;
+ return false;
}
return True;
!ldapsam_search_nextpage(search))
return False;
- result = state->ldap2displayentry(state, search->mem_ctx, state->connection->ldap_struct,
+ if (state->current_entry == NULL) {
+ return false;
+ }
+
+ result = state->ldap2displayentry(state, search,
+ state->connection->ldap_struct,
state->current_entry, entry);
if (!result) {
{
char **vals;
size_t converted_size;
- DOM_SID sid;
- uint32 acct_flags;
+ struct dom_sid sid;
+ uint32_t acct_flags;
vals = ldap_get_values(ld, entry, "sambaAcctFlags");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
static bool ldapsam_search_users(struct pdb_methods *methods,
struct pdb_search *search,
- uint32 acct_flags)
+ uint32_t acct_flags)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
state->base = lp_ldap_suffix();
state->acct_flags = acct_flags;
- state->base = talloc_strdup(search->mem_ctx, state->base);
+ state->base = talloc_strdup(search, state->base);
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = get_ldap_filter(search->mem_ctx, "*");
- state->attrs = talloc_attrs(search->mem_ctx, "uid", "sambaSid",
+ state->filter = get_ldap_filter(search, "*");
+ state->attrs = talloc_attrs(search, "uid", "sambaSid",
"displayName", "description",
"sambaAcctFlags", NULL);
state->attrsonly = 0;
{
char **vals;
size_t converted_size;
- DOM_SID sid;
- uint16 group_type;
+ struct dom_sid sid;
+ uint16_t group_type;
result->account_name = "";
result->fullname = "";
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
return False;
}
break;
-
+
default:
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
}
-
+
+ result->acct_flags = 0;
+
return True;
}
static bool ldapsam_search_grouptype(struct pdb_methods *methods,
struct pdb_search *search,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
enum lsa_SidType type)
{
struct ldapsam_privates *ldap_state =
struct ldap_search_state *state;
fstring tmp;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
state->connection = ldap_state->smbldap_state;
- state->base = talloc_strdup(search->mem_ctx, lp_ldap_group_suffix());
+ state->base = talloc_strdup(search, lp_ldap_suffix());
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = talloc_asprintf(search->mem_ctx,
- "(&(objectclass=sambaGroupMapping)"
- "(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_to_fstring(tmp, sid));
- state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
+ state->filter = talloc_asprintf(search, "(&(objectclass=%s)"
+ "(sambaGroupType=%d)(sambaSID=%s*))",
+ LDAP_OBJ_GROUPMAP,
+ type, sid_to_fstring(tmp, sid));
+ state->attrs = talloc_attrs(search, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
state->attrsonly = 0;
static bool ldapsam_search_aliases(struct pdb_methods *methods,
struct pdb_search *search,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
}
-static bool ldapsam_rid_algorithm(struct pdb_methods *methods)
+static uint32_t ldapsam_capabilities(struct pdb_methods *methods)
{
- return False;
+ return PDB_CAP_STORE_RIDS;
}
static NTSTATUS ldapsam_get_new_rid(struct ldapsam_privates *priv,
- uint32 *rid)
+ uint32_t *rid)
{
struct smbldap_state *smbldap_state = priv->smbldap_state;
NTSTATUS status;
char *value;
int rc;
- uint32 nextRid = 0;
+ uint32_t nextRid = 0;
const char *dn;
TALLOC_CTX *mem_ctx;
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextUserRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextGroupRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
return status;
}
-static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *rid)
+static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32_t *rid)
{
int i;
return NT_STATUS_ACCESS_DENIED;
}
-static bool ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)
+static bool ldapsam_new_rid(struct pdb_methods *methods, uint32_t *rid)
{
NTSTATUS result = ldapsam_new_rid_internal(methods, rid);
return NT_STATUS_IS_OK(result) ? True : False;
}
static bool ldapsam_sid_to_id(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
union unid_t *id, enum lsa_SidType *type)
{
struct ldapsam_privates *priv =
id->gid = strtoul(gid_str, NULL, 10);
*type = (enum lsa_SidType)strtoul(value, NULL, 10);
+ store_gid_sid_cache(sid, id->gid);
+ idmap_cache_set_sid2gid(sid, id->gid);
ret = True;
goto done;
}
id->uid = strtoul(value, NULL, 10);
*type = SID_NAME_USER;
+ store_uid_sid_cache(sid, id->uid);
+ idmap_cache_set_sid2uid(sid, id->uid);
ret = True;
done:
return ret;
}
+/**
+ * Find the SID for a uid.
+ * This is shortcut is only used if ldapsam:trusted is set to true.
+ */
+static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
+ struct dom_sid *sid)
+{
+ struct ldapsam_privates *priv =
+ (struct ldapsam_privates *)methods->private_data;
+ char *filter;
+ const char *attrs[] = { "sambaSID", NULL };
+ LDAPMessage *result = NULL;
+ LDAPMessage *entry = NULL;
+ bool ret = false;
+ char *user_sid_string;
+ struct dom_sid user_sid;
+ int rc;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ filter = talloc_asprintf(tmp_ctx,
+ "(&(uidNumber=%u)"
+ "(objectClass=%s)"
+ "(objectClass=%s))",
+ (unsigned int)uid,
+ LDAP_OBJ_POSIXACCOUNT,
+ LDAP_OBJ_SAMBASAMACCOUNT);
+ if (filter == NULL) {
+ DEBUG(3, ("talloc_asprintf failed\n"));
+ goto done;
+ }
+
+ rc = smbldap_search_suffix(priv->smbldap_state, filter, attrs, &result);
+ if (rc != LDAP_SUCCESS) {
+ goto done;
+ }
+ talloc_autofree_ldapmsg(tmp_ctx, result);
+
+ if (ldap_count_entries(priv2ld(priv), result) != 1) {
+ DEBUG(3, ("ERROR: Got %d entries for uid %u, expected one\n",
+ ldap_count_entries(priv2ld(priv), result),
+ (unsigned int)uid));
+ goto done;
+ }
+
+ entry = ldap_first_entry(priv2ld(priv), result);
+
+ user_sid_string = smbldap_talloc_single_attribute(priv2ld(priv), entry,
+ "sambaSID", tmp_ctx);
+ if (user_sid_string == NULL) {
+ DEBUG(1, ("Could not find sambaSID in object '%s'\n",
+ smbldap_talloc_dn(tmp_ctx, priv2ld(priv), entry)));
+ goto done;
+ }
+
+ if (!string_to_sid(&user_sid, user_sid_string)) {
+ DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n",
+ user_sid_string));
+ goto done;
+ }
+
+ sid_copy(sid, &user_sid);
+
+ store_uid_sid_cache(sid, uid);
+ idmap_cache_set_sid2uid(sid, uid);
+
+ ret = true;
+
+ done:
+ TALLOC_FREE(tmp_ctx);
+ return ret;
+}
+
+/**
+ * Find the SID for a gid.
+ * This is shortcut is only used if ldapsam:trusted is set to true.
+ */
+static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
+ struct dom_sid *sid)
+{
+ struct ldapsam_privates *priv =
+ (struct ldapsam_privates *)methods->private_data;
+ char *filter;
+ const char *attrs[] = { "sambaSID", NULL };
+ LDAPMessage *result = NULL;
+ LDAPMessage *entry = NULL;
+ bool ret = false;
+ char *group_sid_string;
+ struct dom_sid group_sid;
+ int rc;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ filter = talloc_asprintf(tmp_ctx,
+ "(&(gidNumber=%u)"
+ "(objectClass=%s))",
+ (unsigned int)gid,
+ LDAP_OBJ_GROUPMAP);
+ if (filter == NULL) {
+ DEBUG(3, ("talloc_asprintf failed\n"));
+ goto done;
+ }
+
+ rc = smbldap_search_suffix(priv->smbldap_state, filter, attrs, &result);
+ if (rc != LDAP_SUCCESS) {
+ goto done;
+ }
+ talloc_autofree_ldapmsg(tmp_ctx, result);
+
+ if (ldap_count_entries(priv2ld(priv), result) != 1) {
+ DEBUG(3, ("ERROR: Got %d entries for gid %u, expected one\n",
+ ldap_count_entries(priv2ld(priv), result),
+ (unsigned int)gid));
+ goto done;
+ }
+
+ entry = ldap_first_entry(priv2ld(priv), result);
+
+ group_sid_string = smbldap_talloc_single_attribute(priv2ld(priv), entry,
+ "sambaSID", tmp_ctx);
+ if (group_sid_string == NULL) {
+ DEBUG(1, ("Could not find sambaSID in object '%s'\n",
+ smbldap_talloc_dn(tmp_ctx, priv2ld(priv), entry)));
+ goto done;
+ }
+
+ if (!string_to_sid(&group_sid, group_sid_string)) {
+ DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n",
+ group_sid_string));
+ goto done;
+ }
+
+ sid_copy(sid, &group_sid);
+
+ store_gid_sid_cache(sid, gid);
+ idmap_cache_set_sid2gid(sid, gid);
+
+ ret = true;
+
+ done:
+ TALLOC_FREE(tmp_ctx);
+ return ret;
+}
+
+
/*
- * The following functions is called only if
+ * The following functions are called only if
* ldapsam:trusted and ldapsam:editposix are
* set to true
*/
static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx, const char *name,
- uint32 acb_info, uint32 *rid)
+ uint32_t acb_info, uint32_t *rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
bool is_machine = False;
bool add_posix = False;
LDAPMod **mods = NULL;
char *uidstr;
char *shell;
const char *dn = NULL;
- DOM_SID group_sid;
- DOM_SID user_sid;
+ struct dom_sid group_sid;
+ struct dom_sid user_sid;
gid_t gid = -1;
uid_t uid = -1;
NTSTATUS ret;
int rc;
-
+
if (((acb_info & ACB_NORMAL) && name[strlen(name)-1] == '$') ||
acb_info & ACB_WSTRUST ||
acb_info & ACB_SVRTRUST ||
is_machine = True;
}
- username = escape_ldap_string_alloc(name);
+ username = escape_ldap_string(talloc_tos(), name);
filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
username, LDAP_OBJ_POSIXACCOUNT);
- SAFE_FREE(username);
+ TALLOC_FREE(username);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_ACCESS_DENIED;
}
talloc_autofree_ldapmsg(tmp_ctx, result);
DEBUG (0, ("ldapsam_create_user: More than one user with name [%s] ?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix account.
if (num_result == 0) {
add_posix = True;
}
-
+
/* Create the basic samu structure and generate the mods for the ldap commit */
if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n"));
DEBUG(3,("ldapsam_create_user: Creating new posix user\n"));
/* retrieve the Domain Users group gid */
- if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) ||
+ if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) ||
!sid_to_gid(&group_sid, &gid)) {
DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n"));
return NT_STATUS_INVALID_PRIMARY_GROUP;
homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
}
- uidstr = talloc_asprintf(tmp_ctx, "%d", uid);
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
int rc;
DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct)));
-
+
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
return NT_STATUS_NO_MEMORY;
}
+ /* try to remove memberships first */
+ {
+ NTSTATUS status;
+ struct dom_sid *sids = NULL;
+ gid_t *gids = NULL;
+ size_t num_groups = 0;
+ int i;
+ uint32_t user_rid = pdb_get_user_rid(sam_acct);
+
+ status = ldapsam_enum_group_memberships(my_methods,
+ tmp_ctx,
+ sam_acct,
+ &sids,
+ &gids,
+ &num_groups);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto delete_dn;
+ }
+
+ for (i=0; i < num_groups; i++) {
+
+ uint32_t group_rid;
+
+ sid_peek_rid(&sids[i], &group_rid);
+
+ ldapsam_del_groupmem(my_methods,
+ tmp_ctx,
+ group_rid,
+ user_rid);
+ }
+ }
+
+ delete_dn:
+
rc = smbldap_delete(ldap_state->smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
const char *name,
- uint32 *rid)
+ uint32_t *rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
NTSTATUS ret;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
bool is_new_entry = False;
LDAPMod **mods = NULL;
char *filter;
char *grouptype;
char *gidstr;
const char *dn = NULL;
- DOM_SID group_sid;
+ struct dom_sid group_sid;
gid_t gid = -1;
int rc;
-
- groupname = escape_ldap_string_alloc(name);
+
+ groupname = escape_ldap_string(talloc_tos(), name);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
groupname, LDAP_OBJ_POSIXGROUP);
- SAFE_FREE(groupname);
+ TALLOC_FREE(groupname);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG (0, ("ldapsam_create_group: There exists more than one group with name [%s]: bailing out!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix group.
DEBUG (1, ("ldapsam_create_group: Couldn't retrieve the gidNumber for [%s]?!?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
gid = strtoul(tmp, NULL, 10);
dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry);
}
if (num_result == 0) {
+ is_new_entry = true;
+ }
+
+ if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
+ DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n"));
+ return ret;
+ }
+
+ sid_compose(&group_sid, get_global_sam_sid(), *rid);
+
+ groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
+ &group_sid));
+ grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
+
+ if (!groupsidstr || !grouptype) {
+ DEBUG(0,("ldapsam_create_group: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
+
+ if (is_new_entry) {
char *escape_name;
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
- is_new_entry = True;
-
/* lets allocate a new groupid for this group */
if (!winbind_allocate_gid(&gid)) {
DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
}
- if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
- DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n"));
- return ret;
- }
-
- sid_compose(&group_sid, get_global_sam_sid(), *rid);
-
- groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
- &group_sid));
- grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
-
- if (!groupsidstr || !grouptype) {
- DEBUG(0,("ldapsam_create_group: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
talloc_autofree_ldapmod(tmp_ctx, mods);
if (is_new_entry) {
return NT_STATUS_OK;
}
-static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 rid)
+static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32_t rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result = NULL;
const char *dn;
char *gidstr;
char *filter;
- DOM_SID group_sid;
+ struct dom_sid group_sid;
int rc;
/* get the group sid */
static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid,
+ uint32_t group_rid,
+ uint32_t member_rid,
int modop)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
LDAPMod **mods = NULL;
char *filter;
char *uidstr;
const char *dn = NULL;
- DOM_SID group_sid;
- DOM_SID member_sid;
+ struct dom_sid group_sid;
+ struct dom_sid member_sid;
int rc;
switch (modop) {
default:
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* get member sid */
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
/* check if we are trying to remove the member from his primary group */
char *gidstr;
gid_t user_gid, group_gid;
-
+
gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx);
if (!gidstr) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n"));
}
user_gid = strtoul(gidstr, NULL, 10);
-
+
if (!sid_to_gid(&group_sid, &group_gid)) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_UNSUCCESSFUL;
}
-
+
return NT_STATUS_OK;
}
static NTSTATUS ldapsam_add_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid)
+ uint32_t group_rid,
+ uint32_t member_rid)
{
return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_ADD);
}
static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid)
+ uint32_t group_rid,
+ uint32_t member_rid)
{
return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_DELETE);
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
LDAPMod **mods = NULL;
char *filter;
char *escape_username;
DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
- DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+ DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(mem_ctx, "%d", gid);
+ gidstr = talloc_asprintf(mem_ctx, "%u", (unsigned int)gid);
if (!gidstr) {
DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;
}
- escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+ escape_username = escape_ldap_string(talloc_tos(),
+ pdb_get_username(sampass));
if (escape_username== NULL) {
return NT_STATUS_NO_MEMORY;
}
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
- SAFE_FREE(escape_username);
+ TALLOC_FREE(escape_username);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ TALLOC_CTX *mem_ctx,
const char *domain, LDAPMessage **entry)
{
int rc;
int attrsonly = 0; /* 0: return values too */
LDAPMessage *result = NULL;
char *trusted_dn;
- uint32 num_result;
+ uint32_t num_result;
filter = talloc_asprintf(talloc_tos(),
"(&(objectClass=%s)(sambaDomainName=%s))",
rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
filter, attrs, attrsonly, &result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc == LDAP_NO_SUCH_OBJECT) {
*entry = NULL;
return True;
if (num_result > 1) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
- "sambaTrustedDomainPassword object for domain '%s'"
- "?!\n", domain));
+ "%s object for domain '%s'?!\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
return False;
}
if (num_result == 0) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
- "sambaTrustedDomainPassword object for domain %s.\n",
- domain));
+ "%s object for domain %s.\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
*entry = NULL;
} else {
*entry = ldap_first_entry(priv2ld(ldap_state), result);
static bool ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
const char *domain,
char** pwd,
- DOM_SID *sid,
+ struct dom_sid *sid,
time_t *pass_last_set_time)
{
struct ldapsam_privates *ldap_state =
DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
(entry == NULL))
{
return False;
/* domain sid */
if (sid != NULL) {
char *sid_str;
- DOM_SID *dom_sid;
+ struct dom_sid dom_sid;
sid_str = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaSID",
talloc_tos());
if (sid_str == NULL) {
return False;
}
- dom_sid = string_sid_talloc(talloc_tos(), sid_str);
- if (dom_sid == NULL) {
+ if (!string_to_sid(&dom_sid, sid_str)) {
return False;
}
- sid_copy(sid, dom_sid);
+ sid_copy(sid, &dom_sid);
}
return True;
static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
const char* domain,
const char* pwd,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
* get the current entry (if there is one) in order to put the
* current password into the previous password attribute
*/
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
mods = NULL;
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- "sambaTrustedDomainPassword");
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
sid_string_tos(sid));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaPwdLastSet",
- talloc_asprintf(talloc_tos(), "%li", time(NULL)));
+ talloc_asprintf(talloc_tos(), "%li", (long int)time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
+
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
}
}
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
trusted_dn = trusteddom_dn(ldap_state, domain);
if (trusted_dn == NULL) {
return False;
LDAPMessage *entry = NULL;
const char *trusted_dn;
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
+ uint32_t *num_domains,
struct trustdom_info ***domains)
{
int rc;
attrsonly,
&result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
(*pdb_method)->get_seq_num = ldapsam_get_seq_num;
- (*pdb_method)->rid_algorithm = ldapsam_rid_algorithm;
+ (*pdb_method)->capabilities = ldapsam_capabilities;
(*pdb_method)->new_rid = ldapsam_new_rid;
(*pdb_method)->get_trusteddom_pw = ldapsam_get_trusteddom_pw;
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state = NULL;
- uint32 alg_rid_base;
+ uint32_t alg_rid_base;
char *alg_rid_base_string = NULL;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- DOM_SID ldap_domain_sid;
- DOM_SID secrets_domain_sid;
+ struct dom_sid ldap_domain_sid;
+ struct dom_sid secrets_domain_sid;
char *domain_sid_string = NULL;
char *dn = NULL;
char *uri = talloc_strdup( NULL, location );
trim_char( uri, '\"', '\"' );
nt_status = pdb_init_ldapsam_common(pdb_method, uri);
- if (uri) {
- TALLOC_FREE(uri);
- }
+
+ TALLOC_FREE(uri);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
+ (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
+ (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid;
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
ldap_state->domain_dn = smb_xstrdup(dn);
- ldap_memfree(dn);
+ TALLOC_FREE(dn);
domain_sid_string = smbldap_talloc_single_attribute(
ldap_state->smbldap_state->ldap_struct,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
talloc_tos());
if (alg_rid_base_string) {
- alg_rid_base = (uint32)atol(alg_rid_base_string);
+ alg_rid_base = (uint32_t)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {
DEBUG(0, ("The value of 'algorithmic RID base' has "
"changed since the LDAP\n"