filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
+ SAFE_FREE(escape_user);
return LDAP_NO_MEMORY;
}
/*
filter = talloc_all_string_sub(talloc_tos(),
filter, "%u", escape_user);
+ SAFE_FREE(escape_user);
if (!filter) {
return LDAP_NO_MEMORY;
}
- SAFE_FREE(escape_user);
ret = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr, result);
filter = talloc_asprintf(talloc_tos(), "(&(%s=%s)%s)",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, sid),
+ sid_to_fstring(sid_string, sid),
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
return LDAP_NO_MEMORY;
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, user_sid));
+ sid_to_fstring(sid_string, user_sid));
break;
default:
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid));
+ LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_fstring(sid_string, group_sid));
break;
default:
return True;
}
-/**********************************************************************
- Connect to LDAP server for password enumeration.
-*********************************************************************/
-
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- int rc;
- char *filter = NULL;
- const char *suffix;
- const char **attr_list;
- bool machine_mask = False, user_mask = False;
- NTSTATUS status = NT_STATUS_OK;
- TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent");
-
- if (!ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)",
- get_objclass_filter(ldap_state->schema_ver));
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- filter = talloc_all_string_sub(ctx, filter, "%u", "*");
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
- user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
-
- if (machine_mask) {
- suffix = lp_ldap_machine_suffix();
- } else if (user_mask) {
- suffix = lp_ldap_user_suffix();
- } else {
- suffix = lp_ldap_suffix();
- }
-
- DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
- acb_mask, suffix));
-
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
- rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- TALLOC_FREE( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- status = NT_STATUS_UNSUCCESSFUL;
- goto out;
- }
-
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result), suffix));
-
- ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result);
- ldap_state->index = 0;
-
- out:
-
- TALLOC_FREE(ctx);
- return status;
-}
-
/**********************************************************************
End enumeration of the LDAP password list.
*********************************************************************/
}
}
-/**********************************************************************
-Get the next entry in the LDAP password database.
-*********************************************************************/
-
-static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods,
- struct samu *user)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)my_methods->private_data;
- bool bret = False;
-
- while (!bret) {
- if (!ldap_state->entry)
- return ret;
-
- ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
-
- ldap_state->entry = ldap_next_entry(priv2ld(ldap_state),
- ldap_state->entry);
- }
-
- return NT_STATUS_OK;
-}
-
static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
const char *new_attr)
{
struct berval *retdata = NULL;
char *utf8_password;
char *utf8_dn;
+ size_t converted_size;
if (!ldap_state->is_nds_ldap) {
}
}
- if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {
+ if (!push_utf8_allocate(&utf8_password,
+ pdb_get_plaintext_passwd(newpwd),
+ &converted_size))
+ {
return NT_STATUS_NO_MEMORY;
}
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
SAFE_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_UNSUCCESSFUL;
}
- ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "n}");
+ if ((ber_printf (ber, "{") < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
+ (ber_printf (ber, "n}") < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
}
-
- if (mods == NULL) {
+
+ if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+ && (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
SAFE_FREE(dn);
}
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
- ldap_mods_free(mods,True);
+
+ if (mods != NULL) {
+ ldap_mods_free(mods,True);
+ }
+
SAFE_FREE(dn);
/*
/* rename the posix user */
rename_script = SMB_STRDUP(lp_renameuser_script());
- if (rename_script) {
+ if (rename_script == NULL) {
return NT_STATUS_NO_MEMORY;
}
{
char *filter = NULL;
NTSTATUS status;
+ fstring tmp;
if (asprintf(&filter, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID),
- sid_string_static(&sid)) < 0) {
+ sid_to_fstring(tmp, &sid)) < 0) {
return NT_STATUS_NO_MEMORY;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
/* This sid will be replaced later */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
}
LDAPMod **mods = NULL;
int rc;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
char *filter = NULL;
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
smbldap_set_mod(&mods, modop,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_SID_LIST),
- sid_string_static(member));
+ sid_to_fstring(tmp, member));
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
char *filter = NULL;
size_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
*pp_members = NULL;
*p_num_members = 0;
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<count; i++) {
DOM_SID member;
+ NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ status = add_sid_to_array(NULL, &member, pp_members,
+ &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint32 acct_flags;
DEBUG(5, ("\"uid\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "displayName");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->fullname),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
if ((result->account_name == NULL) ||
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint16 group_type;
DEBUG(5, ("\"cn\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc "
+ "failed: %s", strerror(errno)));
+ }
}
- else {
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
}
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
ldap_value_free(vals);
if ((result->account_name == NULL) ||
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
+ fstring tmp;
state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
if (state == NULL) {
state->filter = talloc_asprintf(search->mem_ctx,
"(&(objectclass=sambaGroupMapping)"
"(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_string_static(sid));
+ type, sid_to_fstring(tmp, sid));
state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
(*pdb_method)->name = "ldapsam";
- (*pdb_method)->setsampwent = ldapsam_setsampwent;
- (*pdb_method)->endsampwent = ldapsam_endsampwent;
- (*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
(*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- NULL);
+ talloc_tos());
if (domain_sid_string) {
bool found_sid;
entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
- NULL);
+ talloc_tos());
if (alg_rid_base_string) {
alg_rid_base = (uint32)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {