* Remove the account disabled flag - we are updating the
* users password from a login.
*/
- if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
+ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
pdb_free_sam(&sampass);
return False;
}
return nt_status;
}
- if (!pdb_set_user_sid(sam_account, &user_sid)) {
+ if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_group_sid(sam_account, &group_sid)) {
+ if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_nt_username(sam_account, nt_username)) {
+ if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_domain(sam_account, nt_domain)) {
+ if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)))) {
+ if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)), PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), True)) {
+ if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), True)) {
+ if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), True)) {
+ if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), True)) {
+ if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), PDB_CHANGED)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
map.priv_set.count=priv_set.count;
map.priv_set.set=priv_set.set;
- add_mapping_entry(&map, TDB_INSERT);
+ pdb_add_group_mapping_entry(&map);
return True;
}
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
- if(!get_group_map_from_sid(sid, map, with_priv))
+ if(!pdb_getgrsid(map, sid, with_priv))
return False;
DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
}
/* The group is in the mapping table */
- if(get_group_map_from_sid(sid, map, with_priv)) {
+ if(pdb_getgrsid(map, sid, with_priv)) {
if (map->sid_name_use!=SID_NAME_ALIAS) {
if (with_priv)
free_privilege(&map->priv_set);
return(False);
}
- if(!get_group_map_from_sid(sid, map, with_priv))
+ if(!pdb_getgrsid(map, sid, with_priv))
return False;
if (map->sid_name_use!=SID_NAME_WKN_GRP) {
/*
* make a group map from scratch if doesn't exist.
*/
- if (!get_group_map_from_gid(gid, map, with_priv)) {
+ if (!pdb_getgrgid(map, gid, with_priv)) {
map->gid=gid;
map->sid_name_use=SID_NAME_ALIAS;
map->systemaccount=PR_ACCESS_FROM_NETWORK;
typedef struct _GROUP_MAP {
+ struct pdb_methods *methods;
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;
* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
-#define PASSDB_INTERFACE_VERSION 2
+#define PASSDB_INTERFACE_VERSION 4
/* use this inside a passdb module */
#define PDB_MODULE_VERSIONING_MAGIC \
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
+
+ NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv);
+
+ NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv);
+
+ NTSTATUS (*pdb_getgrnam)(struct pdb_context *context, GROUP_MAP *map,
+ char *name, BOOL with_priv);
+
+ NTSTATUS (*pdb_add_group_mapping_entry)(struct pdb_context *context,
+ GROUP_MAP *map);
+ NTSTATUS (*pdb_update_group_mapping_entry)(struct pdb_context *context,
+ GROUP_MAP *map);
+
+ NTSTATUS (*pdb_delete_group_mapping_entry)(struct pdb_context *context,
+ DOM_SID sid);
+
+ NTSTATUS (*pdb_enum_group_mapping)(struct pdb_context *context,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv);
+
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
+ NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv);
+
+ NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv);
+
+ NTSTATUS (*getgrnam)(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv);
+
+ NTSTATUS (*add_group_mapping_entry)(struct pdb_methods *methods,
+ GROUP_MAP *map);
+
+ NTSTATUS (*update_group_mapping_entry)(struct pdb_methods *methods,
+ GROUP_MAP *map);
+
+ NTSTATUS (*delete_group_mapping_entry)(struct pdb_methods *methods,
+ DOM_SID sid);
+
+ NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv);
+
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
/*
* bit flags representing initialized fields in SAM_ACCOUNT
*/
-#define FLAG_SAM_UNINIT 0x00000000
-#define FLAG_SAM_UID 0x00000001
-#define FLAG_SAM_GID 0x00000002
-#define FLAG_SAM_SMBHOME 0x00000004
-#define FLAG_SAM_PROFILE 0x00000008
-#define FLAG_SAM_DRIVE 0x00000010
-#define FLAG_SAM_LOGONSCRIPT 0x00000020
-#define FLAG_SAM_LOGONTIME 0x00000040
-#define FLAG_SAM_LOGOFFTIME 0x00000080
-#define FLAG_SAM_KICKOFFTIME 0x00000100
-#define FLAG_SAM_CANCHANGETIME 0x00000200
-#define FLAG_SAM_MUSTCHANGETIME 0x00000400
-#define FLAG_SAM_PLAINTEXT_PW 0x00000800
+enum pdb_elements {
+ PDB_UNINIT,
+ PDB_UID,
+ PDB_GID,
+ PDB_SMBHOME,
+ PDB_PROFILE,
+ PDB_DRIVE,
+ PDB_LOGONSCRIPT,
+ PDB_LOGONTIME,
+ PDB_LOGOFFTIME,
+ PDB_KICKOFFTIME,
+ PDB_CANCHANGETIME,
+ PDB_MUSTCHANGETIME,
+ PDB_PLAINTEXT_PW,
+ PDB_USERNAME,
+ PDB_FULLNAME,
+ PDB_DOMAIN,
+ PDB_NTUSERNAME,
+ PDB_HOURSLEN,
+ PDB_LOGONDIVS,
+ PDB_USERSID,
+ PDB_GROUPSID,
+ PDB_ACCTCTRL,
+ PDB_PASSLASTSET,
+ PDB_UNIXHOMEDIR,
+ PDB_ACCTDESC,
+ PDB_WORKSTATIONS,
+ PDB_UNKNOWNSTR,
+ PDB_MUNGEDDIAL,
+ PDB_HOURS,
+ PDB_UNKNOWN3,
+ PDB_UNKNOWN5,
+ PDB_UNKNOWN6,
+ PDB_LMPASSWD,
+ PDB_NTPASSWD,
+
+ /* this must be the last element */
+ PDB_COUNT,
+};
+
+enum pdb_value_state {
+ PDB_DEFAULT=0,
+ PDB_SET,
+ PDB_CHANGED
+};
#define IS_SAM_UNIX_USER(x) \
- ((pdb_get_init_flag(x) & FLAG_SAM_UID) \
- && (pdb_get_init_flag(x) & FLAG_SAM_GID))
+ (( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \
+ && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT ))
-#define IS_SAM_SET(x, flag) ((x)->private.init_flag & (flag))
+#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
+#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
+#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
typedef struct sam_passwd
{
struct user_data {
/* initiailization flags */
- uint32 init_flag;
-
+ struct bitmap *change_flags;
+ struct bitmap *set_flags;
+
time_t logon_time; /* logon time */
time_t logoff_time; /* logoff time */
time_t kickoff_time; /* kickoff time */
SAFE_FREE(bm);
}
+/****************************************************************************
+talloc a bitmap
+****************************************************************************/
+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
+{
+ struct bitmap *bm;
+
+ if (!mem_ctx) return NULL;
+
+ bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm));
+
+ if (!bm) return NULL;
+
+ bm->n = n;
+ bm->b = (uint32 *)talloc(mem_ctx, sizeof(bm->b[0])*(n+31)/32);
+ if (!bm->b) {
+ return NULL;
+ }
+
+ memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);
+
+ return bm;
+}
+
/****************************************************************************
set a bit in a bitmap
****************************************************************************/
};
static struct enum_list enum_ldap_ssl[] = {
+#ifdef WITH_LDAP_SAMCONFIG
{LDAP_SSL_ON, "Yes"},
{LDAP_SSL_ON, "yes"},
{LDAP_SSL_ON, "on"},
{LDAP_SSL_ON, "On"},
+#endif
{LDAP_SSL_OFF, "no"},
{LDAP_SSL_OFF, "No"},
{LDAP_SSL_OFF, "off"},
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
- user->private.init_flag = FLAG_SAM_UNINIT;
user->private.uid = user->private.gid = -1;
user->private.logon_time = (time_t)0;
pdb_fill_default_sam(sam_account);
- pdb_set_username(sam_account, pwd->pw_name);
- pdb_set_fullname(sam_account, pwd->pw_gecos);
+ pdb_set_username(sam_account, pwd->pw_name, PDB_SET);
+ pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET);
- pdb_set_unix_homedir(sam_account, pwd->pw_dir);
+ pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
- pdb_set_domain (sam_account, lp_workgroup());
+ pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
- pdb_set_uid(sam_account, pwd->pw_uid);
- pdb_set_gid(sam_account, pwd->pw_gid);
+ pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
+ pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
/* Ensure this *must* be set right */
if (strcmp(pwd->pw_name, guest_account) == 0) {
- if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
return NT_STATUS_UNSUCCESSFUL;
}
} else {
if (!pdb_set_user_sid_from_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+ fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
DEBUG(0,("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
/* call the mapping code here */
- if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(sam_account,&map.sid)){
+ if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
DEBUG(0,("Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
else {
- if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+ if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
DEBUG(0,("Can't set Group SID\n"));
return NT_STATUS_INVALID_PARAMETER;
}
lp_logon_path(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_homedir(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_home(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_dir_drive(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_drive(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- False);
+ PDB_DEFAULT);
pdb_set_logon_script(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_script(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- False);
- if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
+ PDB_DEFAULT);
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) {
DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
} else {
- if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
+ if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) {
DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
pdb_free_sam(&sam_account);
- if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
} else {
*/
/* check if it's a mapped group */
- if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrnam(&map, user, MAPPING_WITHOUT_PRIV)) {
/* yes it's a mapped group */
sid_copy(&local_sid, &map.sid);
*psid_name_use = map.sid_name_use;
* JFM, 30/11/2001
*/
- if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
+ if (pdb_getgrgid(&map, grp->gr_gid, MAPPING_WITHOUT_PRIV)){
return False;
}
if (pdb_getsampwsid(sam_user, psid)) {
- if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) {
+ if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
pdb_free_sam(&sam_user);
return False;
}
pdb_free_sam(&sam_user);
- if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
/* It's a group, not a user... */
return False;
sid_copy(psid, get_global_sam_sid());
- if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
}
else {
* Or in the Builtin SID too. JFM, 11/30/2001
*/
- if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
/* the SID is in the mapping table but not mapped */
if (map.gid==-1)
return False;
}
- if (!pdb_set_username(sam_pass, user_name)) {
+ if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
/* the 'other' acb bits not being changed here */
other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
if (local_flags & LOCAL_TRUST_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
*/
if (local_flags & LOCAL_DISABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
if (local_flags & LOCAL_SET_NO_PASSWORD) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
* don't create them disabled). JRA.
*/
if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
}
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
return (0);
}
-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid, enum pdb_value_state flag)
{
DOM_SID u_sid;
const DOM_SID *global_sam_sid;
if (!sid_append_rid(&u_sid, rid))
return False;
- if (!pdb_set_user_sid(sampass, &u_sid))
+ if (!pdb_set_user_sid(sampass, &u_sid, flag))
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
return True;
}
-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid, enum pdb_value_state flag)
{
DOM_SID g_sid;
const DOM_SID *global_sam_sid;
if (!sid_append_rid(&g_sid, grid))
return False;
- if (!pdb_set_group_sid(sampass, &g_sid))
+ if (!pdb_set_group_sid(sampass, &g_sid, flag))
return False;
DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
#define PDB_NOT_QUITE_NULL ""
/*********************************************************************
- Collection of get...() functions for SAM_ACCOUNT_INFO.
+ Collection of get...() functions for SAM_ACCOUNT.
********************************************************************/
uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
* @return the flags indicating the members initialised in the struct.
**/
-uint32 pdb_get_init_flag (const SAM_ACCOUNT *sampass)
+enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_elements element)
{
- if (sampass)
- return sampass->private.init_flag;
- else
- return FLAG_SAM_UNINIT;
+ enum pdb_value_state ret = PDB_DEFAULT;
+
+ if (!sampass || !sampass->private.change_flags || !sampass->private.set_flags)
+ return ret;
+
+ if (bitmap_query(sampass->private.set_flags, element)) {
+ DEBUG(10, ("element %d: SET\n", element));
+ ret = PDB_SET;
+ }
+
+ if (bitmap_query(sampass->private.change_flags, element)) {
+ DEBUG(10, ("element %d: CHANGED\n", element));
+ ret = PDB_CHANGED;
+ }
+
+ if (ret == PDB_DEFAULT) {
+ DEBUG(10, ("element %d: DEFAULT\n", element));
+ }
+
+ return ret;
}
uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
return (NULL);
}
-uint32 pdb_get_unknown3 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_3);
return (-1);
}
-uint32 pdb_get_unknown5 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_5);
return (-1);
}
-uint32 pdb_get_unknown6 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_6);
}
/*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_INFO.
+ Collection of set...() functions for SAM_ACCOUNT.
********************************************************************/
-BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 acct_ctrl, enum pdb_value_state flag)
{
if (!sampass)
return False;
- if (sampass) {
- sampass->private.acct_ctrl = flags;
- return True;
- }
-
- return False;
+ sampass->private.acct_ctrl = acct_ctrl;
+
+ return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
}
-BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.logon_time = mytime;
- if (store)
- pdb_set_init_flag(sampass, FLAG_SAM_LOGONTIME);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
}
-BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.logoff_time = mytime;
- if (store)
- pdb_set_init_flag(sampass, FLAG_SAM_LOGOFFTIME);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
}
-BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.kickoff_time = mytime;
- if (store)
- pdb_set_init_flag(sampass, FLAG_SAM_KICKOFFTIME);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
}
-BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.pass_can_change_time = mytime;
- if (store)
- pdb_set_init_flag(sampass, FLAG_SAM_CANCHANGETIME);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
}
-BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.pass_must_change_time = mytime;
- if (store)
- pdb_set_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
}
-BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.pass_last_set_time = mytime;
- return True;
+ return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
}
-BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.hours_len = len;
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
}
-BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours)
+BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.logon_divs = hours;
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
}
/**
* this flag is only added.
**/
-BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag)
+BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
{
- if (!sampass)
+ if (!sampass || !sampass->mem_ctx)
return False;
- sampass->private.init_flag |= flag;
+ if (!sampass->private.set_flags) {
+ if ((sampass->private.set_flags =
+ bitmap_talloc(sampass->mem_ctx,
+ PDB_COUNT))==NULL) {
+ DEBUG(0,("bitmap_talloc failed\n"));
+ return False;
+ }
+ }
+ if (!sampass->private.change_flags) {
+ if ((sampass->private.change_flags =
+ bitmap_talloc(sampass->mem_ctx,
+ PDB_COUNT))==NULL) {
+ DEBUG(0,("bitmap_talloc failed\n"));
+ return False;
+ }
+ }
+
+ switch(value_flag) {
+ case PDB_CHANGED:
+ if (!bitmap_set(sampass->private.change_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
+ return False;
+ }
+ if (!bitmap_set(sampass->private.set_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
+ return False;
+ }
+ DEBUG(10, ("element %d -> now CHANGED\n", element));
+ break;
+ case PDB_SET:
+ if (!bitmap_clear(sampass->private.change_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
+ return False;
+ }
+ if (!bitmap_set(sampass->private.set_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
+ return False;
+ }
+ DEBUG(10, ("element %d -> now SET\n", element));
+ break;
+ case PDB_DEFAULT:
+ default:
+ if (!bitmap_clear(sampass->private.change_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
+ return False;
+ }
+ if (!bitmap_clear(sampass->private.set_flags, element)) {
+ DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
+ return False;
+ }
+ DEBUG(10, ("element %d -> now DEFAULT\n", element));
+ break;
+ }
return True;
}
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
-{
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag)
+{
if (!sampass)
return False;
(int)uid, (int)sampass->private.uid));
sampass->private.uid = uid;
- pdb_set_init_flag(sampass, FLAG_SAM_UID);
-
- return True;
-
+
+ return pdb_set_init_flags(sampass, PDB_UID, flag);
}
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag)
{
if (!sampass)
return False;
(int)gid, (int)sampass->private.gid));
sampass->private.gid = gid;
- pdb_set_init_flag(sampass, FLAG_SAM_GID);
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_GID, flag);
}
-BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
return False;
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
sid_string_static(&sampass->private.user_sid)));
-
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_USERSID, flag);
}
-BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid)
+BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, enum pdb_value_state flag)
{
DOM_SID new_sid;
+
if (!sampass || !u_sid)
return False;
return False;
}
- if (!pdb_set_user_sid(sampass, &new_sid)) {
+ if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid));
return False;
}
return True;
}
-BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid)
+BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid, enum pdb_value_state flag)
{
if (!sampass || !g_sid)
return False;
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
sid_string_static(&sampass->private.group_sid)));
- return True;
+ return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
}
-BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid)
+BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid, enum pdb_value_state flag)
{
DOM_SID new_sid;
if (!sampass || !g_sid)
return False;
}
- if (!pdb_set_group_sid(sampass, &new_sid)) {
+ if (!pdb_set_group_sid(sampass, &new_sid, flag)) {
DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid));
return False;
}
Set the user's UNIX name.
********************************************************************/
-BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username)
-{
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username, enum pdb_value_state flag)
+{
if (!sampass)
return False;
} else {
sampass->private.username = PDB_NOT_QUITE_NULL;
}
-
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
}
/*********************************************************************
Set the domain name.
********************************************************************/
-BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain)
-{
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain, enum pdb_value_state flag)
+{
if (!sampass)
return False;
sampass->private.domain = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
}
/*********************************************************************
Set the user's NT name.
********************************************************************/
-BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username)
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.nt_username = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
}
/*********************************************************************
Set the user's full name.
********************************************************************/
-BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name)
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.full_name = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
}
/*********************************************************************
Set the user's logon script.
********************************************************************/
-BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL store)
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.logon_script = PDB_NOT_QUITE_NULL;
}
- if (store) {
- DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n"));
- pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
- }
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
}
/*********************************************************************
Set the user's profile path.
********************************************************************/
-BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL store)
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.profile_path = PDB_NOT_QUITE_NULL;
}
- if (store) {
- DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n"));
- pdb_set_init_flag(sampass, FLAG_SAM_PROFILE);
- }
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
}
/*********************************************************************
Set the user's directory drive.
********************************************************************/
-BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store)
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.dir_drive = PDB_NOT_QUITE_NULL;
}
- if (store) {
- DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n"));
- pdb_set_init_flag(sampass, FLAG_SAM_DRIVE);
- }
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
}
/*********************************************************************
Set the user's home directory.
********************************************************************/
-BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store)
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.home_dir = PDB_NOT_QUITE_NULL;
}
- if (store) {
- DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n"));
- pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME);
- }
-
- return True;
+ return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
}
/*********************************************************************
Set the user's unix home directory.
********************************************************************/
-BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir)
+BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_UNIXHOMEDIR, flag);
}
/*********************************************************************
Set the user's account description.
********************************************************************/
-BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc)
+BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.acct_desc = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
}
/*********************************************************************
Set the user's workstation allowed list.
********************************************************************/
-BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations)
+BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.workstations = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
}
/*********************************************************************
Set the user's 'unknown_str', whatever the heck this actually is...
********************************************************************/
-BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str)
+BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.unknown_str = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
}
/*********************************************************************
Set the user's dial string.
********************************************************************/
-BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial)
+BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.munged_dial = PDB_NOT_QUITE_NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
}
/*********************************************************************
Set the user's NT hash.
********************************************************************/
-BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.nt_pw = data_blob(pwd, NT_HASH_LEN);
- return True;
+ return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
}
/*********************************************************************
Set the user's LM hash.
********************************************************************/
-BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
- return True;
+ return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
}
/*********************************************************************
below)
********************************************************************/
-BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
+BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.plaintext_pw = NULL;
}
- return True;
+ return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
}
-BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.unknown_3 = unkn;
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_UNKNOWN3, flag);
}
-BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.unknown_5 = unkn;
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_UNKNOWN5, flag);
}
-BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
+BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
{
if (!sampass)
return False;
sampass->private.unknown_6 = unkn;
- return True;
+
+ return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
}
-BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
+BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, enum pdb_value_state flag)
{
if (!sampass)
return False;
memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
- return True;
+ return pdb_set_init_flags(sampass, PDB_HOURS, flag);
}
if (!sampass)
return False;
- if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
+ if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
return False;
if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
|| (expire==(uint32)-1)) {
- if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), False))
+ if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
return False;
} else {
if (!pdb_set_pass_must_change_time (sampass,
pdb_get_pass_last_set_time(sampass)
- + expire, True))
+ + expire, PDB_CHANGED))
return False;
}
nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
- if (!pdb_set_nt_passwd (sampass, new_nt_p16))
+ if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
return False;
- if (!pdb_set_lanman_passwd (sampass, new_lanman_p16))
+ if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
return False;
- if (!pdb_set_plaintext_pw_only (sampass, plaintext))
+ if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
return False;
if (!pdb_set_pass_changed_now (sampass))
return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
}
+static NTSTATUS context_getgrsid(struct pdb_context *context,
+ GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ struct pdb_methods *curmethods;
+ if ((!context)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+ curmethods = context->pdb_methods;
+ while (curmethods){
+ ret = curmethods->getgrsid(curmethods, map, sid, with_priv);
+ if (NT_STATUS_IS_OK(ret)) {
+ map->methods = curmethods;
+ return ret;
+ }
+ curmethods = curmethods->next;
+ }
+
+ return ret;
+}
+
+static NTSTATUS context_getgrgid(struct pdb_context *context,
+ GROUP_MAP *map, gid_t gid, BOOL with_priv)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ struct pdb_methods *curmethods;
+ if ((!context)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+ curmethods = context->pdb_methods;
+ while (curmethods){
+ ret = curmethods->getgrgid(curmethods, map, gid, with_priv);
+ if (NT_STATUS_IS_OK(ret)) {
+ map->methods = curmethods;
+ return ret;
+ }
+ curmethods = curmethods->next;
+ }
+
+ return ret;
+}
+
+static NTSTATUS context_getgrnam(struct pdb_context *context,
+ GROUP_MAP *map, char *name, BOOL with_priv)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ struct pdb_methods *curmethods;
+ if ((!context)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+ curmethods = context->pdb_methods;
+ while (curmethods){
+ ret = curmethods->getgrnam(curmethods, map, name, with_priv);
+ if (NT_STATUS_IS_OK(ret)) {
+ map->methods = curmethods;
+ return ret;
+ }
+ curmethods = curmethods->next;
+ }
+
+ return ret;
+}
+
+static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
+ GROUP_MAP *map)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
+ map);
+}
+
+static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
+ GROUP_MAP *map)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ return context->
+ pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
+}
+
+static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
+ DOM_SID sid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ return context->
+ pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
+}
+
+static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ return context->pdb_methods->enum_group_mapping(context->pdb_methods,
+ sid_name_use, rmap,
+ num_entries, unix_only,
+ with_priv);
+}
+
/******************************************************************
Free and cleanup a pdb context, any associated data and anything
that the attached modules might have associated.
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
+ (*context)->pdb_getgrsid = context_getgrsid;
+ (*context)->pdb_getgrgid = context_getgrgid;
+ (*context)->pdb_getgrnam = context_getgrnam;
+ (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
+ (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
+ (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
+ (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
(*context)->free_fn = free_pdb_context;
return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
}
+BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_getgrsid(pdb_context, map, sid, with_priv));
+}
+
+BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid, BOOL with_priv)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_getgrgid(pdb_context, map, gid, with_priv));
+}
+
+BOOL pdb_getgrnam(GROUP_MAP *map, char *name, BOOL with_priv)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_getgrnam(pdb_context, map, name, with_priv));
+}
+
+BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_add_group_mapping_entry(pdb_context, map));
+}
+
+BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_update_group_mapping_entry(pdb_context, map));
+}
+
+BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_delete_group_mapping_entry(pdb_context, sid));
+}
+
+BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
+ int *num_entries, BOOL unix_only, BOOL with_priv)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->
+ pdb_enum_group_mapping(pdb_context, sid_name_use,
+ rmap, num_entries, unix_only,
+ with_priv));
+}
+
#endif /* !defined(WITH_NISPLUS_SAM) */
/***************************************************************
LDAPMessage *entry;
int index;
+ time_t last_ping;
/* retrive-once info */
const char *uri;
char *bind_secret;
};
+#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */
static struct ldapsam_privates *static_ldap_state;
"userWorkstations", "rid",
"primaryGroupID", "lmPassword",
"ntPassword", "acctFlags",
- "domain", "description", NULL };
+ "domain", NULL };
/*******************************************************************
open a connection to the ldap server.
******************************************************************/
-static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct)
+static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct)
{
-
+ int rc = LDAP_SUCCESS;
int version;
-
- if (geteuid() != 0) {
- DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n"));
- return False;
- }
+ BOOL ldap_v3 = False;
#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
DEBUG(10, ("ldapsam_open_connection: %s\n", ldap_state->uri));
- if (ldap_initialize(ldap_struct, ldap_state->uri) != LDAP_SUCCESS) {
- DEBUG(0, ("ldap_initialize: %s\n", strerror(errno)));
- return (False);
+ if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) {
+ DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
+ return rc;
}
- if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
- {
- if (version != LDAP_VERSION3)
- {
- version = LDAP_VERSION3;
- ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
- }
- }
-
#else
/* Parse the string manually */
{
- int rc;
- int tls = LDAP_OPT_X_TLS_HARD;
int port = 0;
fstring protocol;
fstring host;
if ( strncasecmp( p, "URL:", 4 ) == 0 ) {
p += 4;
}
-
+
sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port);
if (port == 0) {
DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
}
}
-
+
if ((*ldap_struct = ldap_init(host, port)) == NULL) {
DEBUG(0, ("ldap_init failed !\n"));
- return False;
+ return LDAP_OPERATIONS_ERROR;
}
-
- /* Connect to older servers using SSL and V2 rather than Start TLS */
- if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
- {
- if (version != LDAP_VERSION2)
+
+ if (strequal(protocol, "ldaps")) {
+#ifdef LDAP_OPT_X_TLS
+ int tls = LDAP_OPT_X_TLS_HARD;
+ if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
{
- version = LDAP_VERSION2;
- ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+ DEBUG(0, ("Failed to setup a TLS session\n"));
}
+
+ DEBUG(3,("LDAPS option set...!\n"));
+#else
+ DEBUG(0,("ldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
+ return LDAP_OPERATIONS_ERROR;
+#endif
}
+ }
+#endif
- if (strequal(protocol, "ldaps")) {
- if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
- if (ldap_get_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION,
- &version) == LDAP_OPT_SUCCESS)
- {
- if (version < LDAP_VERSION3)
- {
- version = LDAP_VERSION3;
- ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION,
- &version);
- }
- }
- if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
- {
- DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
- ldap_err2string(rc)));
- return False;
- }
- DEBUG (2, ("StartTLS issued: using a TLS connection\n"));
- } else {
-
- if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
- {
- DEBUG(0, ("Failed to setup a TLS session\n"));
- }
+ if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
+ {
+ if (version != LDAP_VERSION3)
+ {
+ version = LDAP_VERSION3;
+ if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
+ ldap_v3 = True;
}
} else {
- /*
- * No special needs to setup options prior to the LDAP
- * bind (which should be called next via ldap_connect_system()
- */
+ ldap_v3 = True;
}
}
+
+ if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
+#ifdef LDAP_OPT_X_TLS
+ if (ldap_v3) {
+ if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
+ ldap_err2string(rc)));
+ return rc;
+ }
+ DEBUG (3, ("StartTLS issued: using a TLS connection\n"));
+ } else {
+
+ DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
+ return LDAP_OPERATIONS_ERROR;
+ }
+#else
+ DEBUG(0,("ldap_open_connection: StartTLS not supported by LDAP client libraries!\n"));
+ return LDAP_OPERATIONS_ERROR;
#endif
+ }
DEBUG(2, ("ldap_open_connection: connection opened\n"));
- return True;
+ return rc;
}
/*******************************************************************
connect to the ldap server under system privilege.
******************************************************************/
-static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct)
+static int ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct)
{
int rc;
char *ldap_dn;
if (!fetch_ldapsam_pw(&ldap_dn, &ldap_secret))
{
DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n"));
- return False;
+ return LDAP_INVALID_CREDENTIALS;
}
ldap_state->bind_dn = ldap_dn;
if (rc != LDAP_SUCCESS) {
DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc)));
- return False;
+ return rc;
}
DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n"));
- return True;
+ return rc;
+}
+
+/**********************************************************************
+Connect to LDAP server
+*********************************************************************/
+static int ldapsam_open(struct ldapsam_privates *ldap_state)
+{
+ int rc;
+ SMB_ASSERT(ldap_state);
+
+#ifndef NO_LDAP_SECURITY
+ if (geteuid() != 0) {
+ DEBUG(0, ("ldapsam_open: cannot access LDAP when not root..\n"));
+ return LDAP_INSUFFICIENT_ACCESS;
+ }
+#endif
+
+ if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) {
+ struct sockaddr_un addr;
+ socklen_t len;
+ int sd;
+ if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
+ getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
+ /* the other end has died. reopen. */
+ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
+ ldap_state->ldap_struct = NULL;
+ ldap_state->last_ping = (time_t)0;
+ } else {
+ ldap_state->last_ping = time(NULL);
+ }
+ }
+
+ if (ldap_state->ldap_struct != NULL) {
+ DEBUG(5,("ldapsam_open: allready connected to the LDAP server\n"));
+ return LDAP_SUCCESS;
+ }
+
+ if ((rc = ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct))) {
+ return rc;
+ }
+
+ if ((rc = ldapsam_connect_system(ldap_state, ldap_state->ldap_struct))) {
+ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
+ ldap_state->ldap_struct = NULL;
+ return rc;
+ }
+
+
+ ldap_state->last_ping = time(NULL);
+ DEBUG(4,("The LDAP server is succesful connected\n"));
+
+ return LDAP_SUCCESS;
+}
+
+/**********************************************************************
+Disconnect from LDAP server
+*********************************************************************/
+static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (ldap_state->ldap_struct != NULL) {
+ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
+ ldap_state->ldap_struct = NULL;
+ }
+
+ DEBUG(5,("The connection to the LDAP server was closed\n"));
+ /* maybe free the results here --metze */
+
+ return NT_STATUS_OK;
+}
+
+static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts)
+{
+ int rc;
+
+ SMB_ASSERT(ldap_state && attempts);
+
+ if (*attempts != 0) {
+ /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */
+ msleep((((*attempts)*(*attempts))/2)*1000);
+ }
+ (*attempts)++;
+
+ if ((rc = ldapsam_open(ldap_state))) {
+ DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts));
+ return rc;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+static int ldapsam_search(struct ldapsam_privates *ldap_state, char *base, int scope, char *filter, char *attrs[], int attrsonly, LDAPMessage **res)
+{
+ int rc = LDAP_SERVER_DOWN;
+ int attempts = 0;
+
+ SMB_ASSERT(ldap_state);
+
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+
+ if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ continue;
+
+ rc = ldap_search_s(ldap_state->ldap_struct, base, scope, filter, attrs, attrsonly, res);
+ }
+
+ if (rc == LDAP_SERVER_DOWN) {
+ DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
+ ldapsam_close(ldap_state);
+ }
+
+ return rc;
+}
+
+static int ldapsam_modify(struct ldapsam_privates *ldap_state, char *dn, LDAPMod *attrs[])
+{
+ int rc = LDAP_SERVER_DOWN;
+ int attempts = 0;
+
+ if (!ldap_state)
+ return (-1);
+
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+
+ if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ continue;
+
+ rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs);
+ }
+
+ if (rc == LDAP_SERVER_DOWN) {
+ DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
+ ldapsam_close(ldap_state);
+ }
+
+ return rc;
+}
+
+static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
+{
+ int rc = LDAP_SERVER_DOWN;
+ int attempts = 0;
+
+ if (!ldap_state)
+ return (-1);
+
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+
+ if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ continue;
+
+ rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs);
+ }
+
+ if (rc == LDAP_SERVER_DOWN) {
+ DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
+ ldapsam_close(ldap_state);
+ }
+
+ return rc;
+}
+
+static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
+{
+ int rc = LDAP_SERVER_DOWN;
+ int attempts = 0;
+
+ if (!ldap_state)
+ return (-1);
+
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+
+ if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ continue;
+
+ rc = ldap_delete_s(ldap_state->ldap_struct, dn);
+ }
+
+ if (rc == LDAP_SERVER_DOWN) {
+ DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
+ ldapsam_close(ldap_state);
+ }
+
+ return rc;
+}
+
+static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
+{
+ int rc = LDAP_SERVER_DOWN;
+ int attempts = 0;
+
+ if (!ldap_state)
+ return (-1);
+
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+
+ if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ continue;
+
+ rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
+ }
+
+ if (rc == LDAP_SERVER_DOWN) {
+ DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
+ ldapsam_close(ldap_state);
+ }
+
+ return rc;
}
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
+static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result);
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, (char *)filter, (char **)attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n",
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *user,
+static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, const char *user,
LDAPMessage ** result)
{
pstring filter;
*/
all_string_sub(filter, "%u", user, sizeof(pstring));
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by uid.
******************************************************************/
static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, int uid,
+ int uid,
LDAPMessage ** result)
{
struct passwd *user;
passwd_free(&user);
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by rid.
******************************************************************/
static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, uint32 rid,
+ uint32 rid,
LDAPMessage ** result)
{
pstring filter;
/* check if the user rid exsists, if not, try searching on the uid */
snprintf(filter, sizeof(filter) - 1, "rid=%i", rid);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, result);
if (rc != LDAP_SUCCESS)
- rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct,
+ rc = ldapsam_search_one_user_by_uid(ldap_state,
fallback_pdb_user_rid_to_uid(rid),
result);
*********************************************************************/
static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAP * ldap_struct, LDAPMessage * entry)
+ LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
struct passwd *pw;
uint32 user_rid,
group_rid;
- uint8 smblmpwd[16],
- smbntpwd[16];
+ uint8 smblmpwd[LM_HASH_LEN],
+ smbntpwd[NT_HASH_LEN];
uint16 acct_ctrl,
logon_divs;
uint32 hours_len;
workstations[0] = '\0';
- if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
+ if (sampass == NULL || ldap_state == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
return False;
}
- get_single_attribute(ldap_struct, entry, "uid", username);
+ if (ldap_state->ldap_struct == NULL) {
+ DEBUG(0, ("init_sam_from_ldap: ldap_state->ldap_struct is NULL!\n"));
+ return False;
+ }
+
+ get_single_attribute(ldap_state->ldap_struct, entry, "uid", username);
DEBUG(2, ("Entry found for user: %s\n", username));
pstrcpy(nt_username, username);
pstrcpy(domain, lp_workgroup());
+
+ pdb_set_username(sampass, username, PDB_SET);
+
+ pdb_set_domain(sampass, domain, PDB_DEFAULT);
+ pdb_set_nt_username(sampass, nt_username, PDB_SET);
- get_single_attribute(ldap_struct, entry, "rid", temp);
+ get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp);
user_rid = (uint32)atol(temp);
- pdb_set_user_sid_from_rid(sampass, user_rid);
+ pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
- if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
group_rid = 0;
} else {
group_rid = (uint32)atol(temp);
- pdb_set_group_sid_from_rid(sampass, group_rid);
+ pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
}
if ((ldap_state->permit_non_unix_accounts)
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_unix_homedir(sampass, pw->pw_dir);
+ pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
passwd_free(&pw);
- pdb_set_uid(sampass, uid);
- pdb_set_gid(sampass, gid);
+ pdb_set_uid(sampass, uid, PDB_SET);
+ pdb_set_gid(sampass, gid, PDB_SET);
if (group_rid == 0) {
GROUP_MAP map;
/* call the mapping code here */
- if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
- pdb_set_group_sid(sampass, &map.sid);
+ if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ pdb_set_group_sid(sampass, &map.sid, PDB_SET);
}
else {
- pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid));
+ pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
}
}
- if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) {
/* leave as default */
} else {
pass_last_set_time = (time_t) atol(temp);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+ pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) {
/* leave as default */
} else {
logon_time = (time_t) atol(temp);
- pdb_set_logon_time(sampass, logon_time, True);
+ pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) {
/* leave as default */
} else {
logoff_time = (time_t) atol(temp);
- pdb_set_logoff_time(sampass, logoff_time, True);
+ pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) {
/* leave as default */
} else {
kickoff_time = (time_t) atol(temp);
- pdb_set_kickoff_time(sampass, kickoff_time, True);
+ pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) {
/* leave as default */
} else {
pass_can_change_time = (time_t) atol(temp);
- pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+ pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) {
/* leave as default */
} else {
pass_must_change_time = (time_t) atol(temp);
- pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+ pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
}
/* recommend that 'gecos' and 'displayName' should refer to the same
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
- if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", fullname)) {
/* leave as default */
} else {
- pdb_set_fullname(sampass, fullname);
+ pdb_set_fullname(sampass, fullname, PDB_SET);
}
} else {
- pdb_set_fullname(sampass, fullname);
+ pdb_set_fullname(sampass, fullname, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) {
pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
} else {
- pdb_set_dir_drive(sampass, dir_drive, True);
+ pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) {
pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_home(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
} else {
- pdb_set_homedir(sampass, homedir, True);
+ pdb_set_homedir(sampass, homedir, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) {
pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
} else {
- pdb_set_logon_script(sampass, logon_script, True);
+ pdb_set_logon_script(sampass, logon_script, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) {
pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
} else {
- pdb_set_profile_path(sampass, profile_path, True);
+ pdb_set_profile_path(sampass, profile_path, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) {
/* leave as default */
} else {
- pdb_set_acct_desc(sampass, acct_desc);
+ pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) {
/* leave as default */;
} else {
- pdb_set_workstations(sampass, workstations);
+ pdb_set_workstations(sampass, workstations, PDB_SET);
}
/* FIXME: hours stuff should be cleaner */
hours_len = 21;
memset(hours, 0xff, hours_len);
- if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smblmpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_lanman_passwd(sampass, smblmpwd))
+ if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
return False;
ZERO_STRUCT(smblmpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smbntpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_nt_passwd(sampass, smbntpwd))
+ if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
return False;
ZERO_STRUCT(smbntpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) {
acct_ctrl |= ACB_NORMAL;
} else {
acct_ctrl = pdb_decode_acct_ctrl(temp);
if (acct_ctrl == 0)
acct_ctrl |= ACB_NORMAL;
- pdb_set_acct_ctrl(sampass, acct_ctrl);
+ pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
}
- pdb_set_hours_len(sampass, hours_len);
- pdb_set_logon_divs(sampass, logon_divs);
-
- pdb_set_username(sampass, username);
-
- pdb_set_domain(sampass, domain);
- pdb_set_nt_username(sampass, nt_username);
+ pdb_set_hours_len(sampass, hours_len, PDB_SET);
+ pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- pdb_set_munged_dial(sampass, munged_dial);
+ pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
- /* pdb_set_unknown_3(sampass, unknown3); */
- /* pdb_set_unknown_5(sampass, unknown5); */
- /* pdb_set_unknown_6(sampass, unknown6); */
+ /* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
+ /* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
+ /* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
- pdb_set_hours(sampass, hours);
+ pdb_set_hours(sampass, hours, PDB_SET);
return True;
}
+static BOOL need_ldap_mod(BOOL pdb_add, const SAM_ACCOUNT * sampass, enum pdb_elements element) {
+ if (pdb_add) {
+ return (!IS_SAM_DEFAULT(sampass, element));
+ } else {
+ return IS_SAM_CHANGED(sampass, element);
+ }
+}
+
/**********************************************************************
Initialize SAM_ACCOUNT from an LDAP query
(Based on init_buffer_from_sam in pdb_tdb.c)
*********************************************************************/
static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
LDAPMod *** mods, int ldap_op,
+ BOOL pdb_add,
const SAM_ACCOUNT * sampass)
{
pstring temp;
* took out adding "objectclass: sambaAccount"
* do this on a per-mod basis
*/
-
- make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
- DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
-
- if ( pdb_get_user_rid(sampass) ) {
- rid = pdb_get_user_rid(sampass);
- } else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_USERNAME)) {
+ make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
+ DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
+ }
+
+ if ((rid = pdb_get_user_rid(sampass))!=0 ) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_USERSID)) {
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "rid", temp);
+ }
+ } else if (!IS_SAM_DEFAULT(sampass, PDB_UID)) {
rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass));
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "rid", temp);
} else if (ldap_state->permit_non_unix_accounts) {
rid = ldapsam_get_next_available_nua_rid(ldap_state);
if (rid == 0) {
DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass)));
return False;
}
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "rid", temp);
} else {
DEBUG(0, ("NO user RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
return False;
}
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "rid", temp);
- if ( pdb_get_group_rid(sampass) ) {
- rid = pdb_get_group_rid(sampass);
- } else if (IS_SAM_SET(sampass, FLAG_SAM_GID)) {
+
+ if ((rid = pdb_get_group_rid(sampass))!=0 ) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_GROUPSID)) {
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "primaryGroupID", temp);
+ }
+ } else if (!IS_SAM_DEFAULT(sampass, PDB_GID)) {
rid = pdb_gid_to_group_rid(pdb_get_gid(sampass));
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "primaryGroupID", temp);
} else if (ldap_state->permit_non_unix_accounts) {
rid = DOMAIN_GROUP_RID_USERS;
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "primaryGroupID", temp);
} else {
DEBUG(0, ("NO group RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
return False;
}
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "primaryGroupID", temp);
/* displayName, cn, and gecos should all be the same
* most easily accomplished by giving them the same OID
* gecos isn't set here b/c it should be handled by the
* add-user script
*/
-
- make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
- make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
- make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
- make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
-
+ if (need_ldap_mod(pdb_add, sampass, PDB_FULLNAME)) {
+ make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
+ make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
+ }
+ if (need_ldap_mod(pdb_add, sampass, PDB_ACCTDESC)) {
+ make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
+ }
+ if (need_ldap_mod(pdb_add, sampass, PDB_WORKSTATIONS)) {
+ make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
+ }
/*
* Only updates fields which have been set (not defaults from smb.conf)
*/
- if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME))
+ if (need_ldap_mod(pdb_add, sampass, PDB_SMBHOME)) {
make_a_mod(mods, ldap_op, "smbHome", pdb_get_homedir(sampass));
-
- if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
+ }
+
+ if (need_ldap_mod(pdb_add, sampass, PDB_DRIVE)) {
make_a_mod(mods, ldap_op, "homeDrive", pdb_get_dir_drive(sampass));
+ }
- if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT))
+ if (need_ldap_mod(pdb_add, sampass, PDB_LOGONSCRIPT)) {
make_a_mod(mods, ldap_op, "scriptPath", pdb_get_logon_script(sampass));
-
- if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE))
+ }
+
+ if (need_ldap_mod(pdb_add, sampass, PDB_PROFILE))
make_a_mod(mods, ldap_op, "profilePath", pdb_get_profile_path(sampass));
- if (IS_SAM_SET(sampass, FLAG_SAM_LOGONTIME)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_LOGONTIME)) {
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
make_a_mod(mods, ldap_op, "logonTime", temp);
}
- if (IS_SAM_SET(sampass, FLAG_SAM_LOGOFFTIME)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_LOGOFFTIME)) {
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
make_a_mod(mods, ldap_op, "logoffTime", temp);
}
- if (IS_SAM_SET(sampass, FLAG_SAM_KICKOFFTIME)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_KICKOFFTIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
make_a_mod(mods, ldap_op, "kickoffTime", temp);
}
- if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_CANCHANGETIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
make_a_mod(mods, ldap_op, "pwdCanChange", temp);
}
- if (IS_SAM_SET(sampass, FLAG_SAM_MUSTCHANGETIME)) {
+ if (need_ldap_mod(pdb_add, sampass, PDB_MUSTCHANGETIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
make_a_mod(mods, ldap_op, "pwdMustChange", temp);
}
if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))||
(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
- pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "lmPassword", temp);
-
- pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "ntPassword", temp);
-
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
- make_a_mod(mods, ldap_op, "pwdLastSet", temp);
-
+ if (need_ldap_mod(pdb_add, sampass, PDB_LMPASSWD)) {
+ pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "lmPassword", temp);
+ }
+
+ if (need_ldap_mod(pdb_add, sampass, PDB_NTPASSWD)) {
+ pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "ntPassword", temp);
+ }
+
+ if (need_ldap_mod(pdb_add, sampass, PDB_PASSLASTSET)) {
+ slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+ make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+ }
}
/* FIXME: Hours stuff goes in LDAP */
-
- make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
- NEW_PW_FORMAT_SPACE_PADDED_LEN));
-
+ if (need_ldap_mod(pdb_add, sampass, PDB_ACCTCTRL)) {
+ make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
+ NEW_PW_FORMAT_SPACE_PADDED_LEN));
+ }
+
return True;
}
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid, LDAP *ldap_struct)
+static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid)
{
LDAPMessage *result;
uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER;
return 0;
}
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
+ if (ldapsam_search_one_user_by_rid(ldap_state, final_rid, &result) != LDAP_SUCCESS) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
}
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
/**********************************************************************
Extract the RID from an LDAP entry
*********************************************************************/
-static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry, LDAP *ldap_struct) {
+static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry) {
uint32 rid;
SAM_ACCOUNT *user = NULL;
if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
return 0;
}
- if (init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (init_sam_from_ldap(ldap_state, user, entry)) {
rid = pdb_get_user_rid(user);
} else {
rid =0;
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap_struct)
+static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state)
{
int rc;
pstring filter;
#endif
DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0,
&result);
return 0;
}
- count = ldap_count_entries(ldap_struct, result);
+ count = ldap_count_entries(ldap_state->ldap_struct, result);
DEBUG(2, ("search_top_nua_rid: %d entries in the base!\n", count));
if (count == 0) {
}
free(final_filter);
- entry = ldap_first_entry(ldap_struct,result);
+ entry = ldap_first_entry(ldap_state->ldap_struct,result);
- top_rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ top_rid = entry_to_user_rid(ldap_state, entry);
- while ((entry = ldap_next_entry(ldap_struct, entry))) {
+ while ((entry = ldap_next_entry(ldap_state->ldap_struct, entry))) {
- rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ rid = entry_to_user_rid(ldap_state, entry);
if (rid > top_rid) {
top_rid = rid;
}
Connect to LDAP server and find the next available RID.
*********************************************************************/
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) {
- LDAP *ldap_struct;
uint32 next_nua_rid;
uint32 top_nua_rid;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) {
- return 0;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return 0;
- }
-
- top_nua_rid = search_top_nua_rid(ldap_state, ldap_struct);
+ top_nua_rid = search_top_nua_rid(ldap_state);
next_nua_rid = check_nua_rid_is_avail(ldap_state,
- top_nua_rid, ldap_struct);
+ top_nua_rid);
- ldap_unbind(ldap_struct);
return next_nua_rid;
}
*********************************************************************/
static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
- return ret;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
- ldap_unbind(ldap_state->ldap_struct);
- return ret;
- }
-
pstrcpy(filter, lp_ldap_filter());
all_string_sub(filter, "%u", "*", sizeof(pstring));
- rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0,
&ldap_state->result);
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
static void ldapsam_endsampwent(struct pdb_methods *my_methods)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- if (ldap_state->ldap_struct && ldap_state->result) {
+ if (ldap_state->result) {
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
}
}
return ret;
ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->ldap_struct,
- ldap_state->entry);
+ bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
ldap_state->entry);
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this user [%s] count=%d\n", sname,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
return ret;
}
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this rid [%i] count=%d\n", rid,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
return ret;
}
return ldapsam_getsampwrid(my_methods, user, rid);
}
-static NTSTATUS ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op)
+/********************************************************************
+Do the actual modification - also change a plaittext passord if
+it it set.
+**********************************************************************/
+
+static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
+ SAM_ACCOUNT *newpwd, char *dn,
+ LDAPMod **mods, int ldap_op, BOOL pdb_add)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- int version;
+ struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
- switch(ldap_op)
- {
- case LDAP_MOD_ADD:
+ if (!my_methods || !newpwd || !dn) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!mods) {
+ DEBUG(5,("mods is empty: nothing to modify\n"));
+ /* may be password change below however */
+ } else {
+ switch(ldap_op)
+ {
+ case LDAP_MOD_ADD:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account");
- if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
- char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
- &ld_error);
- DEBUG(0,
- ("failed to add user with uid = %s with: %s\n\t%s\n",
- pdb_get_username(newpwd), ldap_err2string(rc),
- ld_error));
- free(ld_error);
- return ret;
- }
+ rc = ldapsam_add(ldap_state, dn, mods);
break;
- case LDAP_MOD_REPLACE:
- if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
- char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
- &ld_error);
- DEBUG(0,
- ("failed to modify user with uid = %s with: %s\n\t%s\n",
- pdb_get_username(newpwd), ldap_err2string(rc),
- ld_error));
- free(ld_error);
- return ret;
- }
+ case LDAP_MOD_REPLACE:
+ rc = ldapsam_modify(ldap_state, dn ,mods);
break;
- default:
- DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
- return ret;
+ default:
+ DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (rc!=LDAP_SUCCESS) {
+ char *ld_error;
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ DEBUG(1,
+ ("failed to %s user dn= %s with: %s\n\t%s\n",
+ ldap_op == LDAP_MOD_ADD ? "add" : "modify",
+ dn, ldap_err2string(rc),
+ ld_error));
+ free(ld_error);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
}
#ifdef LDAP_EXOP_X_MODIFY_PASSWD
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))&&
(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&&
+ need_ldap_mod(pdb_add, newpwd, PDB_PLAINTEXT_PW)&&
(pdb_get_plaintext_passwd(newpwd)!=NULL)) {
BerElement *ber;
struct berval *bv;
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn);
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ber_flatten returns a value <0\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_free(ber,1);
-
- if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD,
+
+ if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD,
bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
*********************************************************************/
static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
const char *sname;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *entry;
LDAPMessage *result;
if (!sam_acct) {
DEBUG(0, ("sam_acct was NULL!\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
sname = pdb_get_username(sam_acct);
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind (ldap_struct);
- DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname));
- return ret;
- }
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result);
- if (ldap_count_entries (ldap_struct, result) == 0) {
+ rc = ldapsam_search_one_user_by_name(ldap_state, sname, &result);
+ if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) {
DEBUG (0, ("User doesn't exit!\n"));
ldap_msgfree (result);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry (ldap_struct, result);
- dn = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ dn = ldap_get_dn (ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- rc = ldap_delete_s (ldap_struct, dn);
+ rc = ldapsam_delete(ldap_state, dn);
ldap_memfree (dn);
if (rc != LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option (ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
sname, ldap_err2string (rc), ld_error));
free (ld_error);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
- ldap_unbind (ldap_struct);
return NT_STATUS_OK;
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
LDAPMod **mods;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
- }
-
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct,
- pdb_get_username(newpwd), &result);
-
- if (ldap_count_entries(ldap_struct, result) == 0) {
- DEBUG(0, ("No user to modify!\n"));
+ if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, False, newpwd)) {
+ DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
+
+ if (mods == NULL) {
+ DEBUG(4,("mods is empty: nothing to update for user: %s\n",pdb_get_username(newpwd)));
+ return NT_STATUS_OK;
+ }
+
+ rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
- if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, newpwd)) {
- DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
+ if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
+ DEBUG(0, ("No user to modify!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
- dn = ldap_get_dn(ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, False);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify user with uid = %s\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
("successfully modified uid = %s in the LDAP database\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- LDAP *ldap_struct = NULL;
LDAPMessage *result = NULL;
pstring dn;
LDAPMod **mods = NULL;
const char *username = pdb_get_username(newpwd);
if (!username || !*username) {
DEBUG(0, ("Cannot add user without a username!\n"));
- return ret;
- }
-
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result);
+ rc = ldapsam_search_one_user_by_name (ldap_state, username, &result);
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0,("User already in the base, with samba properties\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, &result);
- num_result = ldap_count_entries(ldap_struct, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, &result);
+ num_result = ldap_count_entries(ldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
ldap_msgfree(result);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
/* Check if we need to update an existing entry */
DEBUG(3,("User exists without samba properties: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_struct, result);
- tmp = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ tmp = ldap_get_dn (ldap_state->ldap_struct, entry);
slprintf (dn, sizeof (dn) - 1, "%s", tmp);
ldap_memfree (tmp);
} else {
ldap_msgfree(result);
- if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, newpwd)) {
+ if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, True, newpwd)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
+
+ if (mods == NULL) {
+ DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, True);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
- pdb_get_username(newpwd),dn));
+ pdb_get_username(newpwd),dn));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
+static NTSTATUS lsapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv)
+{
+ return get_group_map_from_sid(sid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv)
+{
+ return get_group_map_from_gid(gid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv)
+{
+ return get_group_map_from_ntname(name, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_add_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_INSERT) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_update_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_REPLACE) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_delete_group_mapping_entry(struct pdb_methods *methods,
+ DOM_SID sid)
+{
+ return group_map_remove(sid) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS lsapsam_enum_group_mapping(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
+ with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
- if ((*ldap_state)->ldap_struct) {
- ldap_unbind((*ldap_state)->ldap_struct);
- }
+ ldapsam_close(*ldap_state);
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
+ ldapsam_close(*ldap_state);
+
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
+ (*pdb_method)->getgrsid = lsapsam_getgrsid;
+ (*pdb_method)->getgrgid = lsapsam_getgrgid;
+ (*pdb_method)->getgrnam = lsapsam_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = lsapsam_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = lsapsam_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = lsapsam_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = lsapsam_enum_group_mapping;
/* TODO: Setup private data and free */
} else {
int ldap_port = lp_ldap_port();
- /* remap default port is no SSL */
- if ( (lp_ldap_ssl() == LDAP_SSL_OFF) && (ldap_port == 636) ) {
+ /* remap default port if not using SSL (ie clear or TLS) */
+ if ( (lp_ldap_ssl() != LDAP_SSL_ON) && (ldap_port == 636) ) {
ldap_port = 389;
}
- ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() ? "ldap" : "ldaps", lp_ldap_server(), ldap_port);
+ ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", lp_ldap_server(), ldap_port);
if (!ldap_state->uri) {
return NT_STATUS_NO_MEMORY;
}
#else
} else {
- ldap_state->uri = "ldaps://localhost";
+ ldap_state->uri = "ldap://localhost";
#endif
}
/* Don't change these timestamp settings without a good reason. They are
important for NT member server compatibility. */
- pdb_set_logon_time (pw_buf, (time_t) 0, True);
+ pdb_set_logon_time (pw_buf, (time_t) 0, PDB_DEFAULT);
ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGON_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LNT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_logon_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- True);
+ PDB_SET);
}
}
- pdb_set_logoff_time (pw_buf, get_time_t_max (), True);
+ pdb_set_logoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGOFF_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LOT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_logoff_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- True);
+ PDB_SET);
}
}
- pdb_set_kickoff_time (pw_buf, get_time_t_max (), True);
+ pdb_set_kickoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
ptr = (uchar *) ENTRY_VAL (obj, NPF_KICK_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "KOT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_kickoff_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- True);
+ PDB_SET);
}
}
- pdb_set_pass_last_set_time (pw_buf, (time_t) 0);
+ pdb_set_pass_last_set_time (pw_buf, (time_t) 0, PDB_DEFAULT);
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDLSET_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LCT-", 4) == 0)) {
int i;
pdb_set_pass_last_set_time (pw_buf,
(time_t) strtol (ptr,
NULL,
- 16));
+ 16),
+ PDB_SET);
}
}
- pdb_set_pass_can_change_time (pw_buf, (time_t) 0, True);
+ pdb_set_pass_can_change_time (pw_buf, (time_t) 0, PDB_DEFAULT);
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDCCHG_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "CCT-", 4) == 0)) {
int i;
(time_t) strtol (ptr,
NULL,
16),
- True);
+ PDB_SET);
}
}
- pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), True); /* Password never expires. */
+ pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), PDB_DEFAULT); /* Password never expires. */
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDMCHG_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "MCT-", 4) == 0)) {
int i;
(time_t) strtol (ptr,
NULL,
16),
- True);
+ PDB_SET);
}
}
/* string values */
- pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME));
- pdb_set_domain (pw_buf, lp_workgroup ());
+ pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME), PDB_SET);
+ pdb_set_domain (pw_buf, lp_workgroup (), PDB_DEFAULT);
/* pdb_set_nt_username() -- cant set it here... */
get_single_attribute (obj, NPF_FULL_NAME, full_name,
#if 0
unix_to_dos (full_name, True);
#endif
- pdb_set_fullname (pw_buf, full_name);
+ pdb_set_fullname (pw_buf, full_name, PDB_SET);
pdb_set_acct_ctrl (pw_buf, pdb_decode_acct_ctrl (ENTRY_VAL (obj,
- NPF_ACB)));
+ NPF_ACB), PDB_SET));
get_single_attribute (obj, NPF_ACCT_DESC, acct_desc,
sizeof (pstring));
#if 0
unix_to_dos (acct_desc, True);
#endif
- pdb_set_acct_desc (pw_buf, acct_desc);
+ pdb_set_acct_desc (pw_buf, acct_desc, PDB_SET);
- pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS));
- pdb_set_munged_dial (pw_buf, NULL);
+ pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
+ pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
- pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)));
- pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)));
+ pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
+ pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
pdb_set_user_sid_from_rid (pw_buf,
- atoi (ENTRY_VAL (obj, NPF_USER_RID)));
+ atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
pdb_set_group_sid_from_rid (pw_buf,
- atoi (ENTRY_VAL (obj, NPF_GROUP_RID)));
+ atoi (ENTRY_VAL (obj, NPF_GROUP_RID)), PDB_SET);
/* values, must exist for user */
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_WSTRUST)) {
sizeof (pstring));
if (!(home_dir && *home_dir)) {
pstrcpy (home_dir, lp_logon_home ());
- pdb_set_homedir (pw_buf, home_dir, False);
+ pdb_set_homedir (pw_buf, home_dir, PDB_DEFAULT);
} else
- pdb_set_homedir (pw_buf, home_dir, True);
+ pdb_set_homedir (pw_buf, home_dir, PDB_SET);
get_single_attribute (obj, NPF_DIR_DRIVE, home_drive,
sizeof (pstring));
if (!(home_drive && *home_drive)) {
pstrcpy (home_drive, lp_logon_drive ());
- pdb_set_dir_drive (pw_buf, home_drive, False);
+ pdb_set_dir_drive (pw_buf, home_drive, PDB_DEFAULT);
} else
- pdb_set_dir_drive (pw_buf, home_drive, True);
+ pdb_set_dir_drive (pw_buf, home_drive, PDB_SET);
get_single_attribute (obj, NPF_LOGON_SCRIPT, logon_script,
sizeof (pstring));
if (!(logon_script && *logon_script)) {
pstrcpy (logon_script, lp_logon_script ());
+ pdb_set_logon_script (pw_buf, logon_script, PDB_DEFAULT);
} else
- pdb_set_logon_script (pw_buf, logon_script, True);
+ pdb_set_logon_script (pw_buf, logon_script, PDB_SET);
get_single_attribute (obj, NPF_PROFILE_PATH, profile_path,
sizeof (pstring));
if (!(profile_path && *profile_path)) {
pstrcpy (profile_path, lp_logon_path ());
- pdb_set_profile_path (pw_buf, profile_path, False);
+ pdb_set_profile_path (pw_buf, profile_path, PDB_DEFAULT);
} else
- pdb_set_profile_path (pw_buf, profile_path, True);
+ pdb_set_profile_path (pw_buf, profile_path, PDB_SET);
} else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
- pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
}
/* Check the lanman password column. */
ptr = (char *) ENTRY_VAL (obj, NPF_LMPWD);
- if (!pdb_set_lanman_passwd (pw_buf, NULL))
+ if (!pdb_set_lanman_passwd (pw_buf, NULL, PDB_DEFAULT))
return False;
if (!strncasecmp (ptr, "NO PASSWORD", 11)) {
pdb_set_acct_ctrl (pw_buf,
- pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ);
+ pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ, PDB_SET);
} else {
if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbpwd)) {
DEBUG (0, ("malformed LM pwd entry: %s.\n",
pdb_get_username (pw_buf)));
return False;
}
- if (!pdb_set_lanman_passwd (pw_buf, smbpwd))
+ if (!pdb_set_lanman_passwd (pw_buf, smbpwd, PDB_SET))
return False;
}
/* Check the NT password column. */
ptr = ENTRY_VAL (obj, NPF_NTPWD);
- if (!pdb_set_nt_passwd (pw_buf, NULL))
+ if (!pdb_set_nt_passwd (pw_buf, NULL, PDB_DEFAULT))
return False;
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
uid = %d.\n", pdb_get_uid (pw_buf)));
return False;
}
- if (!pdb_set_nt_passwd (pw_buf, smbntpwd))
+ if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
return False;
}
- pdb_set_unknown_3 (pw_buf, 0xffffff); /* don't know */
- pdb_set_logon_divs (pw_buf, 168); /* hours per week */
+ pdb_set_unknown_3 (pw_buf, 0xffffff, PDB_DEFAULT); /* don't know */
+ pdb_set_logon_divs (pw_buf, 168, PDB_DEFAULT); /* hours per week */
if ((hours_len = ENTRY_LEN (obj, NPF_HOURS)) == 21) {
memcpy (hours, ENTRY_VAL (obj, NPF_HOURS), hours_len);
/* available at all hours */
memset (hours, 0xff, hours_len);
}
- pdb_set_hours_len (pw_buf, hours_len);
- pdb_set_hours (pw_buf, hours);
+ pdb_set_hours_len (pw_buf, hours_len, PDB_SET);
+ pdb_set_hours (pw_buf, hours, PDB_SET);
- pdb_set_unknown_5 (pw_buf, 0x00020000); /* don't know */
- pdb_set_unknown_6 (pw_buf, 0x000004ec); /* don't know */
+ pdb_set_unknown_5 (pw_buf, 0x00020000, PDB_DEFAULT); /* don't know */
+ pdb_set_unknown_6 (pw_buf, 0x000004ec, PDB_DEFAULT); /* don't know */
return True;
}
rid = pdb_get_group_rid (sampass);
if (rid == 0) {
- if (get_group_map_from_gid
- (pdb_get_gid (sampass), &map,
- MAPPING_WITHOUT_PRIV)) {
+ if (pdb_getgrgid(&map, pdb_get_gid (sampass),
+ MAPPING_WITHOUT_PRIV)) {
if (!sid_peek_check_rid
(get_global_sam_sid (), &map.sid, &rid))
return False;
&& (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
&& (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
- pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
+ pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here.
This was down the bottom for machines, but it looks pretty good as
a general default for non-unix users. --abartlet 2002-01-08
*/
- pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
- pdb_set_username (sam_pass, pw_buf->smb_name);
- pdb_set_domain (sam_pass, lp_workgroup());
+ pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET);
+ pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
+ pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
} else {
pwfile = getpwnam_alloc(pw_buf->smb_name);
passwd_free(&pwfile);
}
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
- pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
- pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
- pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
- pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+ pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
+ pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
+ pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
+ pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
+ pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
#if 0 /* JERRY */
/* the smbpasswd format doesn't have a must change time field, so
we can't get this right. The best we can do is to set this to
some time in the future. 21 days seems as reasonable as any other value :)
*/
- pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+ pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
#endif
return True;
}
return NT_STATUS_UNSUCCESSFUL;
}
+static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods,
+ DOM_SID sid)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static void free_private_data(void **vp)
{
struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
+ (*pdb_method)->getgrsid = smbpasswd_getgrsid;
+ (*pdb_method)->getgrgid = smbpasswd_getgrgid;
+ (*pdb_method)->getgrnam = smbpasswd_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = smbpasswd_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = smbpasswd_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = smbpasswd_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = smbpasswd_enum_group_mapping;
/* Setup private data and free function */
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_unix_homedir(sampass, pw->pw_dir);
+ pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
passwd_free(&pw);
- pdb_set_uid(sampass, uid);
- pdb_set_gid(sampass, gid);
+ pdb_set_uid(sampass, uid, PDB_SET);
+ pdb_set_gid(sampass, gid, PDB_SET);
}
- pdb_set_logon_time(sampass, logon_time, True);
- pdb_set_logoff_time(sampass, logoff_time, True);
- pdb_set_kickoff_time(sampass, kickoff_time, True);
- pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
- pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+ pdb_set_logon_time(sampass, logon_time, PDB_SET);
+ pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
+ pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
+ pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+ pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+ pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
- pdb_set_username (sampass, username);
- pdb_set_domain (sampass, domain);
- pdb_set_nt_username (sampass, nt_username);
- pdb_set_fullname (sampass, fullname);
+ pdb_set_username (sampass, username, PDB_SET);
+ pdb_set_domain (sampass, domain, PDB_SET);
+ pdb_set_nt_username (sampass, nt_username, PDB_SET);
+ pdb_set_fullname (sampass, fullname, PDB_SET);
if (homedir) {
- pdb_set_homedir(sampass, homedir, True);
+ pdb_set_homedir(sampass, homedir, PDB_SET);
}
else {
pdb_set_homedir(sampass,
lp_logon_home(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
}
if (dir_drive)
- pdb_set_dir_drive(sampass, dir_drive, True);
+ pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
else {
pdb_set_dir_drive(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
}
if (logon_script)
- pdb_set_logon_script(sampass, logon_script, True);
+ pdb_set_logon_script(sampass, logon_script, PDB_SET);
else {
pdb_set_logon_script(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
}
if (profile_path) {
- pdb_set_profile_path(sampass, profile_path, True);
+ pdb_set_profile_path(sampass, profile_path, PDB_SET);
} else {
pdb_set_profile_path(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
uid, gid),
- False);
+ PDB_DEFAULT);
}
- pdb_set_acct_desc (sampass, acct_desc);
- pdb_set_workstations (sampass, workstations);
- pdb_set_munged_dial (sampass, munged_dial);
+ pdb_set_acct_desc (sampass, acct_desc, PDB_SET);
+ pdb_set_workstations (sampass, workstations, PDB_SET);
+ pdb_set_munged_dial (sampass, munged_dial, PDB_SET);
if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
- if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) {
+ if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
ret = False;
goto done;
}
}
if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
- if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) {
+ if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
ret = False;
goto done;
}
}
- pdb_set_user_sid_from_rid(sampass, user_rid);
- pdb_set_group_sid_from_rid(sampass, group_rid);
- pdb_set_unknown_3(sampass, unknown_3);
- pdb_set_hours_len(sampass, hours_len);
- pdb_set_unknown_5(sampass, unknown_5);
- pdb_set_unknown_6(sampass, unknown_6);
- pdb_set_acct_ctrl(sampass, acct_ctrl);
- pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_hours(sampass, hours);
+ pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
+ pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+ pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
+ pdb_set_hours_len(sampass, hours_len, PDB_SET);
+ pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
+ pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
+ pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+ pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
+ pdb_set_hours(sampass, hours, PDB_SET);
done:
* Only updates fields which have been set (not defaults from smb.conf)
*/
- if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
+ if (!IS_SAM_DEFAULT(sampass, PDB_DRIVE))
dir_drive = pdb_get_dir_drive(sampass);
else dir_drive = NULL;
if (dir_drive) dir_drive_len = strlen(dir_drive) +1;
else dir_drive_len = 0;
- if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME)) homedir = pdb_get_homedir(sampass);
+ if (!IS_SAM_DEFAULT(sampass, PDB_SMBHOME)) homedir = pdb_get_homedir(sampass);
else homedir = NULL;
if (homedir) homedir_len = strlen(homedir) +1;
else homedir_len = 0;
- if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass);
+ if (!IS_SAM_DEFAULT(sampass, PDB_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass);
else logon_script = NULL;
if (logon_script) logon_script_len = strlen(logon_script) +1;
else logon_script_len = 0;
- if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE)) profile_path = pdb_get_profile_path(sampass);
+ if (!IS_SAM_DEFAULT(sampass, PDB_PROFILE)) profile_path = pdb_get_profile_path(sampass);
else profile_path = NULL;
if (profile_path) profile_path_len = strlen(profile_path) +1;
else profile_path_len = 0;
lm_pw_len, lm_pw,
nt_pw_len, nt_pw,
pdb_get_acct_ctrl(sampass),
- pdb_get_unknown3(sampass),
+ pdb_get_unknown_3(sampass),
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_unknown5(sampass),
- pdb_get_unknown6(sampass));
+ pdb_get_unknown_5(sampass),
+ pdb_get_unknown_6(sampass));
/* malloc the space needed */
lm_pw_len, lm_pw,
nt_pw_len, nt_pw,
pdb_get_acct_ctrl(sampass),
- pdb_get_unknown3(sampass),
+ pdb_get_unknown_3(sampass),
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_unknown5(sampass),
- pdb_get_unknown6(sampass));
+ pdb_get_unknown_5(sampass),
+ pdb_get_unknown_6(sampass));
/* check to make sure we got it correct */
goto done;
}
}
- pdb_set_user_sid_from_rid(newpwd, user_rid);
+ pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
} else {
user_rid = tdb_state->low_nua_rid;
tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
ret = False;
goto done;
}
- pdb_set_user_sid_from_rid(newpwd, user_rid);
+ pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
goto done;
} else {
/* This seems like a good default choice for non-unix users */
- pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
return NT_STATUS_UNSUCCESSFUL;
}
+static NTSTATUS tdbsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv)
+{
+ return get_group_map_from_sid(sid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv)
+{
+ return get_group_map_from_gid(gid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv)
+{
+ return get_group_map_from_ntname(name, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_add_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_INSERT) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_update_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return add_mapping_entry(map, TDB_REPLACE) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_delete_group_mapping_entry(struct pdb_methods *methods,
+ DOM_SID sid)
+{
+ return group_map_remove(sid) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS tdbsam_enum_group_mapping(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
+ with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
static void free_private_data(void **vp)
{
struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
+ (*pdb_method)->getgrsid = tdbsam_getgrsid;
+ (*pdb_method)->getgrgid = tdbsam_getgrgid;
+ (*pdb_method)->getgrnam = tdbsam_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = tdbsam_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = tdbsam_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = tdbsam_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = tdbsam_enum_group_mapping;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
SAM_ACCOUNT *user, uint32 rid)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass;
+ struct passwd *pass = NULL;
const char *guest_account = lp_guestaccount();
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
}
} else if (pdb_rid_is_user(rid)) {
pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
- } else {
+ }
+
+ if (pass == NULL) {
return nt_status;
}
return; /* NT_STATUS_NOT_IMPLEMENTED; */
}
+static NTSTATUS unixsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+ DOM_SID sid, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+ gid_t gid, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+ char *name, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_add_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_update_group_mapping_entry(struct pdb_methods *methods,
+ GROUP_MAP *map)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_delete_group_mapping_entry(struct pdb_methods *methods,
+ DOM_SID sid)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS unixsam_enum_group_mapping(struct pdb_methods *methods,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
(*pdb_method)->add_sam_account = unixsam_add_sam_account;
(*pdb_method)->update_sam_account = unixsam_update_sam_account;
(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
+ (*pdb_method)->getgrsid = unixsam_getgrsid;
+ (*pdb_method)->getgrgid = unixsam_getgrgid;
+ (*pdb_method)->getgrnam = unixsam_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = unixsam_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = unixsam_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = unixsam_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = unixsam_enum_group_mapping;
/* There's not very much to initialise here */
return NT_STATUS_OK;
usr->user_rid = user_rid;
usr->group_rid = group_rid;
usr->acb_info = pdb_get_acct_ctrl(pw);
- usr->unknown_3 = pdb_get_unknown3(pw);
+
+ /*
+ Look at a user on a real NT4 PDC with usrmgr, press
+ 'ok'. Then you will see that unknown_3 is set to
+ 0x08f827fa. Look at the user immediately after that again,
+ and you will see that 0x00fffff is returned. This solves
+ the problem that you get access denied after having looked
+ at the user.
+ -- Volker
+ */
+ usr->unknown_3 = 0x00ffffff;
usr->logon_divs = pdb_get_logon_divs(pw);
usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
- usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
+ usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
if (pdb_get_pass_must_change_time(pw) == 0) {
usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
- usr->unknown_6 = pdb_get_unknown6(pw);
+ usr->unknown_6 = pdb_get_unknown_6(pw);
usr->padding4 = 0;
if (pdb_get_hours(pw)) {
return NT_STATUS_ACCESS_DENIED;
/* get the list of mapped groups (domain, local, builtin) */
- if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return NT_STATUS_OK;
if (q_u->enum_context >= num_entries)
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+ if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
/*
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
map.systemaccount=q_u->access;
- if(!add_mapping_entry(&map, TDB_REPLACE))
+ if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
set=&q_u->set;
add_privilege(&map.priv_set, *luid_attr);
}
- if(!add_mapping_entry(&map, TDB_REPLACE))
+ if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
if (q_u->allrights!=0) {
remove_privilege(&map.priv_set, *luid_attr);
}
- if(!add_mapping_entry(&map, TDB_REPLACE))
+ if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
- if (!pdb_set_lanman_passwd (sampass, pwd)) {
+ if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_nt_passwd (sampass, pwd)) {
+ if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_MEMORY;
}
/* These now zero out the old password */
- pdb_set_lanman_passwd(sam_pass, NULL);
- pdb_set_nt_passwd(sam_pass, NULL);
+ pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT);
+ pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
}
return NT_STATUS_OK;
}
- if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
return NT_STATUS_NO_MEMORY;
}
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
- enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
- if(!get_group_from_gid(grp->gr_gid, &smap, MAPPING_WITHOUT_PRIV))
+ if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV))
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
*p_num_entries = 0;
- enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
num_entries=group_entries-start_idx;
!sid_check_is_in_builtin(&sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!get_group_map_from_sid(sid, &map, MAPPING_WITHOUT_PRIV))
+ if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
switch (q_u->switch_level) {
return nt_status;
}
- if (!pdb_set_username(sam_pass, account)) {
+ if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
}
- pdb_set_acct_ctrl(sam_pass, acb_info);
+ pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
if (!pdb_add_sam_account(sam_pass)) {
pdb_free_sam(&sam_pass);
pdb_free_sam(&pwd);
return False;
}
-
- if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) {
+
+ /* FIX ME: check if the value is really changed --metze */
+ if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) {
pdb_free_sam(&pwd);
return False;
}
return False;
}
- if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) {
+ if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) {
pdb_free_sam(&pwd);
return False;
}
- if (!pdb_set_nt_passwd (pwd, id12->nt_pwd)) {
+ if (!pdb_set_nt_passwd (pwd, id12->nt_pwd, PDB_CHANGED)) {
pdb_free_sam(&pwd);
return False;
}
if (sid_equal(&alias_sid, &global_sid_Builtin)) {
DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
- if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_equal(&alias_sid, get_global_sam_sid())) {
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
- } else {
- passwd_free(&pwd);
}
- if ((grp=getgrgid(map.gid)) == NULL)
+ if ((grp=getgrgid(map.gid)) == NULL) {
+ passwd_free(&pwd);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
- if(user_in_group_list(pwd->pw_name, grp_name))
+ if(user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_IN_ALIAS;
+ }
/*
* ok, the group exist, the user exist, the user is not in the group,
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
- if(!user_in_group_list(pwd->pw_name, grp_name))
+ if(!user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */
+ }
+ passwd_free(&pwd);
return NT_STATUS_OK;
}
GROUP_MAP map;
uid_t uid;
NTSTATUS ret;
- SAM_ACCOUNT *sam_user;
+ SAM_ACCOUNT *sam_user=NULL;
BOOL check;
uint32 acc_granted;
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
- } else {
- passwd_free(&pwd);
}
- if ((grp=getgrgid(map.gid)) == NULL)
+ if ((grp=getgrgid(map.gid)) == NULL) {
+ passwd_free(&pwd);
return NT_STATUS_NO_SUCH_GROUP;
+ }
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
- if(user_in_group_list(pwd->pw_name, grp_name))
+ if(user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_IN_GROUP;
+ }
/*
* ok, the group exist, the user exist, the user is not in the group,
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
- if(!user_in_group_list(pwd->pw_name, grp_name))
+ if(!user_in_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */
+ }
+ passwd_free(&pwd);
return NT_STATUS_OK;
}
if ( (grp=getgrgid(gid)) != NULL)
return NT_STATUS_ACCESS_DENIED;
- if(!group_map_remove(group_sid))
+ if(!pdb_delete_group_mapping_entry(group_sid))
return NT_STATUS_ACCESS_DENIED;
if (!close_policy_hnd(p, &q_u->group_pol))
return NT_STATUS_ACCESS_DENIED;
/* don't check if we removed it as it could be an un-mapped group */
- group_map_remove(alias_sid);
+ pdb_delete_group_mapping_entry(alias_sid);
if (!close_policy_hnd(p, &q_u->alias_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
return NT_STATUS_INVALID_INFO_CLASS;
}
- if(!add_mapping_entry(&map, TDB_REPLACE)) {
+ if(!pdb_update_group_mapping_entry(&map)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
return NT_STATUS_INVALID_INFO_CLASS;
}
- if(!add_mapping_entry(&map, TDB_REPLACE)) {
+ if(!pdb_update_group_mapping_entry(&map)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
stored_time = pdb_get_logon_time(to);
DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, True);
+ pdb_set_logon_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->logoff_time)) {
unix_time=nt_time_to_unix(&from->logoff_time);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, True);
+ pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->kickoff_time)) {
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , True);
+ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_can_change_time)) {
stored_time = pdb_get_pass_can_change_time(to);
DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_can_change_time(to, unix_time, True);
+ pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_last_set_time)) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time);
+ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_must_change_time)) {
stored_time=pdb_get_pass_must_change_time(to);
DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_must_change_time(to, unix_time, True);
+ pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
}
/* Backend should check this for sainity */
new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
if (STRING_CHANGED)
- pdb_set_username(to , new_string);
+ pdb_set_username(to , new_string, PDB_CHANGED);
}
if (from->hdr_full_name.buffer) {
old_string = pdb_get_fullname(to);
- new_string = pdb_unistr2_convert(&from->uni_user_name);
+ new_string = pdb_unistr2_convert(&from->uni_full_name);
DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_fullname(to , new_string);
+ pdb_set_fullname(to , new_string, PDB_CHANGED);
}
if (from->hdr_home_dir.buffer) {
new_string = pdb_unistr2_convert(&from->uni_home_dir);
DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, True);
+ pdb_set_homedir(to , new_string, PDB_CHANGED);
}
if (from->hdr_dir_drive.buffer) {
new_string = pdb_unistr2_convert(&from->uni_dir_drive);
DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, True);
+ pdb_set_dir_drive(to , new_string, PDB_CHANGED);
}
if (from->hdr_logon_script.buffer) {
new_string = pdb_unistr2_convert(&from->uni_logon_script);
DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, True);
+ pdb_set_logon_script(to , new_string, PDB_CHANGED);
}
if (from->hdr_profile_path.buffer) {
new_string = pdb_unistr2_convert(&from->uni_profile_path);
DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, True);
+ pdb_set_profile_path(to , new_string, PDB_CHANGED);
}
if (from->hdr_acct_desc.buffer) {
new_string = pdb_unistr2_convert(&from->uni_acct_desc);
DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string);
+ pdb_set_acct_desc(to , new_string, PDB_CHANGED);
}
if (from->hdr_workstations.buffer) {
new_string = pdb_unistr2_convert(&from->uni_workstations);
DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_workstations(to , new_string);
+ pdb_set_workstations(to , new_string, PDB_CHANGED);
}
if (from->hdr_unknown_str.buffer) {
new_string = pdb_unistr2_convert(&from->uni_unknown_str);
DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_unknown_str(to , new_string);
+ pdb_set_unknown_str(to , new_string, PDB_CHANGED);
}
if (from->hdr_munged_dial.buffer) {
new_string = pdb_unistr2_convert(&from->uni_munged_dial);
DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string);
+ pdb_set_munged_dial(to , new_string, PDB_CHANGED);
}
- if (from->user_rid) {
+ if (from->user_rid != pdb_get_user_rid(to)) {
DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
/* we really allow this ??? metze */
- /* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+ /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
}
- if (from->group_rid) {
+ if (from->group_rid != pdb_get_group_rid(to)) {
DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid);
+ pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
}
DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- pdb_set_acct_ctrl(to, from->acb_info);
+ if (from->acb_info != pdb_get_acct_ctrl(to)) {
+ pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+ }
- DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
- pdb_set_unknown_3(to, from->unknown_3);
-
+ DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+ if (from->unknown_3 != pdb_get_unknown_3(to)) {
+ pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+ }
DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- pdb_set_logon_divs(to, from->logon_divs);
+ if (from->logon_divs != pdb_get_logon_divs(to)) {
+ pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+ }
DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- pdb_set_hours_len(to, from->logon_hrs.len);
+ if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+ pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+ }
+
DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
- pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+ pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
- pdb_set_unknown_5(to, from->unknown_5);
+ DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+ if (from->unknown_5 != pdb_get_unknown_5(to)) {
+ pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+ }
- DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
- pdb_set_unknown_6(to, from->unknown_6);
+ DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+ if (from->unknown_6 != pdb_get_unknown_6(to)) {
+ pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+ }
DEBUG(10,("INFO_21 PADDING1 %02X %02X %02X %02X %02X %02X\n",
from->padding1[0],
DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, True);
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
}
DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
stored_time = pdb_get_logon_time(to);
DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, True);
+ pdb_set_logon_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->logoff_time)) {
unix_time=nt_time_to_unix(&from->logoff_time);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, True);
+ pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->kickoff_time)) {
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , True);
+ pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_can_change_time)) {
stored_time = pdb_get_pass_can_change_time(to);
DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_can_change_time(to, unix_time, True);
+ pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_last_set_time)) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time);
+ pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
if (!nt_time_is_zero(&from->pass_must_change_time)) {
stored_time=pdb_get_pass_must_change_time(to);
DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_must_change_time(to, unix_time, True);
+ pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
}
/* Backend should check this for sainity */
new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
if (STRING_CHANGED)
- pdb_set_username(to , new_string);
+ pdb_set_username(to , new_string, PDB_CHANGED);
}
if (from->hdr_full_name.buffer) {
old_string = pdb_get_fullname(to);
- new_string = pdb_unistr2_convert(&from->uni_user_name);
+ new_string = pdb_unistr2_convert(&from->uni_full_name);
DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_fullname(to , new_string);
+ pdb_set_fullname(to , new_string, PDB_CHANGED);
}
if (from->hdr_home_dir.buffer) {
new_string = pdb_unistr2_convert(&from->uni_home_dir);
DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, True);
+ pdb_set_homedir(to , new_string, PDB_CHANGED);
}
if (from->hdr_dir_drive.buffer) {
new_string = pdb_unistr2_convert(&from->uni_dir_drive);
DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, True);
+ pdb_set_dir_drive(to , new_string, PDB_CHANGED);
}
if (from->hdr_logon_script.buffer) {
new_string = pdb_unistr2_convert(&from->uni_logon_script);
DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, True);
+ pdb_set_logon_script(to , new_string, PDB_CHANGED);
}
if (from->hdr_profile_path.buffer) {
new_string = pdb_unistr2_convert(&from->uni_profile_path);
DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, True);
+ pdb_set_profile_path(to , new_string, PDB_CHANGED);
}
if (from->hdr_acct_desc.buffer) {
new_string = pdb_unistr2_convert(&from->uni_acct_desc);
DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string);
+ pdb_set_acct_desc(to , new_string, PDB_CHANGED);
}
if (from->hdr_workstations.buffer) {
new_string = pdb_unistr2_convert(&from->uni_workstations);
DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_workstations(to , new_string);
+ pdb_set_workstations(to , new_string, PDB_CHANGED);
}
if (from->hdr_unknown_str.buffer) {
new_string = pdb_unistr2_convert(&from->uni_unknown_str);
DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_unknown_str(to , new_string);
+ pdb_set_unknown_str(to , new_string, PDB_CHANGED);
}
if (from->hdr_munged_dial.buffer) {
new_string = pdb_unistr2_convert(&from->uni_munged_dial);
DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string);
+ pdb_set_munged_dial(to , new_string, PDB_CHANGED);
}
- if (from->user_rid) {
+ if (from->user_rid != pdb_get_user_rid(to)) {
DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
/* we really allow this ??? metze */
- /* pdb_set_user_sid_from_rid(to, from->user_rid);*/
+ /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
}
- if (from->group_rid) {
+ if (from->group_rid != pdb_get_group_rid(to)) {
DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid);
+ pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
}
DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- pdb_set_acct_ctrl(to, from->acb_info);
+ if (from->acb_info != pdb_get_acct_ctrl(to)) {
+ pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+ }
- DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
- pdb_set_unknown_3(to, from->unknown_3);
-
+ DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+ if (from->unknown_3 != pdb_get_unknown_3(to)) {
+ pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
+ }
DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- pdb_set_logon_divs(to, from->logon_divs);
+ if (from->logon_divs != pdb_get_logon_divs(to)) {
+ pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+ }
DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- pdb_set_hours_len(to, from->logon_hrs.len);
+ if (from->logon_hrs.len != pdb_get_hours_len(to)) {
+ pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+ }
+
DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
- pdb_set_hours(to, from->logon_hrs.hours);
+/* Fix me: only update if it changes --metze */
+ pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
- pdb_set_unknown_5(to, from->unknown_5);
+ DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
+ if (from->unknown_5 != pdb_get_unknown_5(to)) {
+ pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+ }
- DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
- pdb_set_unknown_6(to, from->unknown_6);
+ DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+ if (from->unknown_6 != pdb_get_unknown_6(to)) {
+ pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
+ }
DEBUG(10,("INFO_23 PADDING1 %02X %02X %02X %02X %02X %02X\n",
from->padding1[0],
DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, True);
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
}
DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
- if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
D_P16(pwd, pass2, unenc_new_pw);
}
- if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) {
+ if (!pdb_set_lanman_passwd(sampass, unenc_new_pw, PDB_CHANGED)) {
return False;
}
- if (!pdb_set_nt_passwd (sampass, NULL)) {
+ if (!pdb_set_nt_passwd (sampass, NULL, PDB_CHANGED)) {
return False; /* We lose the NT hash. Sorry. */
}
return False;
/* get list of domain groups SID_DOMAIN_GRP=2 */
- if(!enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
+ if(!pdb_enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
DEBUG(3,("api_RNetGroupEnum:failed to get group list"));
return False;
}
* the new real sam db won't have reference to unix uids or gids
*/
if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT (flags:%x)\n", pdb_get_init_flag(server_info->sam_account)));
+ DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n"));
free(vuser);
return UID_FIELD_INVALID;
}
static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds)
{
- unsigned last_rid = -1;
+ unsigned sync_context = 0;
NTSTATUS result;
int i;
TALLOC_CTX *mem_ctx;
d_printf("Dumping database %u\n", db_type);
do {
- result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1,
+ result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type,
+ sync_context,
&num_deltas, &hdr_deltas, &deltas);
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds);
- last_rid = 0;
for (i = 0; i < num_deltas; i++) {
display_sam_entry(&hdr_deltas[i], &deltas[i]);
- last_rid = hdr_deltas[i].target_rid;
}
- } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+ sync_context += 1;
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
talloc_destroy(mem_ctx);
}
desc, workstations, profile. */
unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
- pdb_set_nt_username(account, s);
+ pdb_set_nt_username(account, s, PDB_CHANGED);
/* Unix username is the same - for sainity */
- pdb_set_username(account, s);
+ pdb_set_username(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
- pdb_set_fullname(account, s);
+ pdb_set_fullname(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
- pdb_set_homedir(account, s, True);
+ pdb_set_homedir(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
- pdb_set_dir_drive(account, s, True);
+ pdb_set_dir_drive(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
- pdb_set_logon_script(account, s, True);
+ pdb_set_logon_script(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
- pdb_set_acct_desc(account, s);
+ pdb_set_acct_desc(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
- pdb_set_workstations(account, s);
+ pdb_set_workstations(account, s, PDB_CHANGED);
unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
- pdb_set_profile_path(account, s, True);
+ pdb_set_profile_path(account, s, PDB_CHANGED);
/* User and group sid */
- pdb_set_user_sid_from_rid(account, delta->user_rid);
- pdb_set_group_sid_from_rid(account, delta->group_rid);
+ pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
+ pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);
/* Logon and password information */
- pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
+ pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED);
pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
- True);
- pdb_set_logon_divs(account, delta->logon_divs);
+ PDB_CHANGED);
+ pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
/* TODO: logon hours */
/* TODO: bad password count */
/* TODO: logon count */
pdb_set_pass_last_set_time(
- account, nt_time_to_unix(&delta->pwd_last_set_time));
+ account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED);
- pdb_set_kickoff_time(account, get_time_t_max(), True);
+ pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED);
/* Decode hashes from password hash */
sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
- pdb_set_nt_passwd(account, nt_passwd);
- pdb_set_lanman_passwd(account, lm_passwd);
+ pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
+ pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
/* TODO: account expiry time */
- pdb_set_acct_ctrl(account, delta->acb_info);
+ pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED);
return NT_STATUS_OK;
}
pdb_update_sam_account(sam_account);
}
- if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account),
- &map, False)) {
+ if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
pdb_free_sam(&sam_account);
DOM_SID group_sid;
fstring sid_string;
GROUP_MAP map;
- int flag = TDB_INSERT;
+ BOOL insert = True;
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
sid_append_rid(&group_sid, rid);
sid_to_string(sid_string, &group_sid);
- if (get_group_map_from_sid(group_sid, &map, False)) {
+ if (pdb_getgrsid(&map, group_sid, False)) {
grp = getgrgid(map.gid);
- flag = 0; /* Don't TDB_INSERT, mapping exists */
+ insert = False;
}
if (grp == NULL)
map.priv_set.count = 0;
map.priv_set.set = NULL;
- add_mapping_entry(&map, flag);
+ if (insert)
+ pdb_add_group_mapping_entry(&map);
+ else
+ pdb_update_group_mapping_entry(&map);
return NT_STATUS_OK;
}
DOM_SID alias_sid;
fstring sid_string;
GROUP_MAP map;
- int insert_flag = TDB_INSERT;
+ BOOL insert = True;
unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1);
sid_append_rid(&alias_sid, rid);
sid_to_string(sid_string, &alias_sid);
- if (get_group_map_from_sid(alias_sid, &map, False)) {
+ if (pdb_getgrsid(&map, alias_sid, False)) {
grp = getgrgid(map.gid);
- insert_flag = 0; /* Don't TDB_INSERT, mapping exists */
+ insert = False;
}
if (grp == NULL) {
map.priv_set.count = 0;
map.priv_set.set = NULL;
- add_mapping_entry(&map, insert_flag);
+ if (insert)
+ pdb_add_group_mapping_entry(&map);
+ else
+ pdb_update_group_mapping_entry(&map);
return NT_STATUS_OK;
}
fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds,
DOM_SID dom_sid)
{
- unsigned last_rid = -1;
+ unsigned sync_context = 0;
NTSTATUS result;
int i;
TALLOC_CTX *mem_ctx;
do {
result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds,
- db_type, last_rid+1,
+ db_type, sync_context,
&num_deltas,
&hdr_deltas, &deltas);
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred),
ret_creds);
- last_rid = 0;
for (i = 0; i < num_deltas; i++) {
fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid);
- last_rid = hdr_deltas[i].target_rid;
}
- } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+ sync_context += 1;
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
talloc_destroy(mem_ctx);
}
}
if (fullname)
- pdb_set_fullname(sam_pwent, fullname);
+ pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
- pdb_set_homedir(sam_pwent, homedir, True);
+ pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
if (drive)
- pdb_set_dir_drive(sam_pwent,drive, True);
+ pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
if (script)
- pdb_set_logon_script(sam_pwent, script, True);
+ pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
- pdb_set_profile_path (sam_pwent, profile, True);
+ pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
} else {
fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
pdb_init_sam(&sam_pwent);
- if (!pdb_set_username(sam_pwent, username)) {
+ if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
return False;
}
}
SAFE_FREE(password2);
if (fullname)
- pdb_set_fullname(sam_pwent, fullname);
+ pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
- pdb_set_homedir (sam_pwent, homedir, True);
+ pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
if (drive)
- pdb_set_dir_drive (sam_pwent, drive, True);
+ pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
if (script)
- pdb_set_logon_script(sam_pwent, script, True);
+ pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
if (profile)
- pdb_set_profile_path (sam_pwent, profile, True);
+ pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
- pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
+ pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
print_user_info (in, username, True, False);
pdb_set_plaintext_passwd (sam_pwent, password);
- pdb_set_username (sam_pwent, name);
+ pdb_set_username (sam_pwent, name, PDB_CHANGED);
- pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+ pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
- pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+ pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED);
if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
print_user_info (in, name, True, False);
if (StrnCaseCmp( input, "S-", 2)) {
/* Perhaps its the NT group name? */
- if (!get_group_map_from_ntname(input, &map, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) {
printf("NT Group %s doesn't exist in mapping DB\n", input);
return False;
} else {
}
/* Get the current mapping from the database */
- if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
+ if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) {
printf("This SID does not exist in the database\n");
return -1;
}
if (privilege!=NULL)
convert_priv_from_text(&map.priv_set, privilege);
- if (!add_mapping_entry(&map, TDB_REPLACE)) {
- printf("Count not update group database\n");
+ if (!pdb_update_group_mapping_entry(&map)) {
+ printf("Could not update group database\n");
free_privilege(&map.priv_set);
return -1;
}
return -1;
}
- if(!group_map_remove(sid)) {
+ if(!pdb_delete_group_mapping_entry(sid)) {
printf("removing group %s from the mapping db failed!\n", group);
return -1;
}
if (!long_list)
printf("NT group (SID) -> Unix group\n");
- if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
+ if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
return -1;
for (i=0; i<entries; i++) {
git.samba.org / samba.git / commitdiff