*/
#include "includes.h"
+#include "passdb.h"
#include "../libcli/auth/libcli_auth.h"
#include "secrets.h"
#include "idmap_cache.h"
+#include "../libcli/security/security.h"
+#include "../lib/util/util_pw.h"
+#include "lib/winbind_util.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
#include <lber.h>
#include <ldap.h>
-/*
- * Work around versions of the LDAP client libs that don't have the OIDs
- * defined, or have them defined under the old name.
- * This functionality is really a factor of the server, not the client
- *
- */
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)
-#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD)
-#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
-#endif
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_EXOP_X_MODIFY_PASSWD_ID
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
-#endif
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD_NEW) && !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_EXOP_X_MODIFY_PASSWD_NEW
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
-#endif
-
#include "smbldap.h"
Simple helper function to make stuff better readable
**********************************************************************/
-static LDAP *priv2ld(struct ldapsam_privates *priv)
+LDAP *priv2ld(struct ldapsam_privates *priv)
{
return priv->smbldap_state->ldap_struct;
}
if (mem_ctx == NULL)
return NT_STATUS_NO_MEMORY;
- if ((attrs = TALLOC_ARRAY(mem_ctx, const char *, 2)) == NULL) {
+ if ((attrs = talloc_array(mem_ctx, const char *, 2)) == NULL) {
ntstatus = NT_STATUS_NO_MEMORY;
goto done;
}
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
- char *history_string = TALLOC_ARRAY(ctx, char,
+ char *history_string = talloc_array(ctx, char,
MAX_PW_HISTORY_LEN*64);
if (!history_string) {
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- pwhist = TALLOC_ARRAY(ctx, uint8,
+ pwhist = talloc_array(ctx, uint8,
pwHistLen * PW_HISTORY_ENTRY_LEN);
if (pwhist == NULL) {
DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
if (temp) {
pdb_gethexhours(temp, hours);
memset((char *)temp, '\0', strlen(temp) +1);
- pdb_set_hours(sampass, hours, PDB_SET);
+ pdb_set_hours(sampass, hours, hours_len, PDB_SET);
ZERO_STRUCT(hours);
}
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
primary_gsid = pdb_get_group_sid(sampass);
- if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
store_gid_sid_cache(primary_gsid,
sampass->unix_pw->pw_gid);
idmap_cache_set_sid2gid(primary_gsid,
;
}
- (*attr_list) = TALLOC_REALLOC_ARRAY(mem_ctx, (*attr_list),
+ (*attr_list) = talloc_realloc(mem_ctx, (*attr_list),
const char *, i+2);
SMB_ASSERT((*attr_list) != NULL);
(*attr_list)[i] = talloc_strdup((*attr_list), new_attr);
return result;
}
-/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
-*********************************************************************/
-
-static bool element_is_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return IS_SAM_CHANGED(sampass, element);
-}
-
/**********************************************************************
Update struct samu.
*********************************************************************/
DEBUG(4, ("ldapsam_update_sam_account: user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn));
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_changed)) {
+ pdb_element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
TALLOC_FREE(dn);
if (mods != NULL)
return NT_STATUS_OK;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, pdb_element_is_changed);
if (mods != NULL) {
ldap_mods_free(mods,True);
struct samu *user,
struct dom_sid **pp_sids,
gid_t **pp_gids,
- size_t *p_num_groups);
+ uint32_t *p_num_groups);
static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
struct samu *old_acct,
return NT_STATUS_OK;
}
-/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
- *********************************************************************/
-
-static bool element_is_set_or_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return (IS_SAM_SET(sampass, element) ||
- IS_SAM_CHANGED(sampass, element));
-}
-
/**********************************************************************
Add struct samu to LDAP.
*********************************************************************/
ldap_msgfree(result);
result = NULL;
- if (element_is_set_or_changed(newpwd, PDB_USERSID)) {
+ if (pdb_element_is_set_or_changed(newpwd, PDB_USERSID)) {
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
if (rc == LDAP_SUCCESS) {
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_set_or_changed)) {
+ pdb_element_is_set_or_changed)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
if (mods != NULL) {
ldap_mods_free(mods, true);
break;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, element_is_set_or_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, pdb_element_is_set_or_changed);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
return False;
}
- if (sid_compare_domain(&sid, domain_sid) != 0) {
+ if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
str, sid_string_dbg(domain_sid)));
return False;
struct samu *user,
struct dom_sid **pp_sids,
gid_t **pp_gids,
- size_t *p_num_groups)
+ uint32_t *p_num_groups)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
LDAPMessage *entry;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
uint32_t num_sids;
- size_t num_gids;
+ uint32_t num_gids;
char *gidstr;
gid_t primary_gid = -1;
}
}
- if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
+ if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
DEBUG(3, ("primary group of [%s] not found\n",
pdb_get_username(user)));
goto done;
size_t *p_num_entries,
bool unix_only)
{
- GROUP_MAP map;
+ GROUP_MAP map = { 0, };
size_t entries = 0;
*p_num_entries = 0;
num += 1;
va_end(ap);
- if ((result = TALLOC_ARRAY(mem_ctx, const char *, num+1)) == NULL) {
+ if ((result = talloc_array(mem_ctx, const char *, num+1)) == NULL) {
return NULL;
}
return False;
}
if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
+ discard_const_p(char *, &result->account_name),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
+ discard_const_p(char *, &result->fullname),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
+ discard_const_p(char *, &result->description),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
return False;
}
if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **,
+ discard_const_p(char *,
&result->account_name),
vals[0], &converted_size))
{
}
}
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **,
+ discard_const_p(char *,
&result->account_name),
vals[0], &converted_size))
{
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
+ discard_const_p(char *, &result->description),
vals[0], &converted_size))
{
DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
break;
default:
- DEBUG(0,("unkown group type: %d\n", group_type));
+ DEBUG(0,("unknown group type: %d\n", group_type));
return False;
}
return NT_STATUS_UNSUCCESSFUL;
}
- if (!init_ldap_from_sam(ldap_state, NULL, &mods, user, element_is_set_or_changed)) {
+ if (!init_ldap_from_sam(ldap_state, entry, &mods, user, pdb_element_is_set_or_changed)) {
DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS status;
struct dom_sid *sids = NULL;
gid_t *gids = NULL;
- size_t num_groups = 0;
+ uint32_t num_groups = 0;
int i;
uint32_t user_rid = pdb_get_user_rid(sam_acct);
}
*num_domains = 0;
- if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
+ if (!(*domains = talloc_array(mem_ctx, struct trustdom_info *, 1))) {
DEBUG(1, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
char *dom_name, *dom_sid_str;
struct trustdom_info *dom_info;
- dom_info = TALLOC_P(*domains, struct trustdom_info);
+ dom_info = talloc(*domains, struct trustdom_info);
if (dom_info == NULL) {
DEBUG(1, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
/* TODO: Setup private data and free */
- if ( !(ldap_state = TALLOC_ZERO_P(*pdb_method, struct ldapsam_privates)) ) {
+ if ( !(ldap_state = talloc_zero(*pdb_method, struct ldapsam_privates)) ) {
DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
"info, nor add one to the domain\n"));
DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, "
"will be unable to allocate new users/groups, "
- "and will risk BDCs having inconsistant SIDs\n"));
+ "and will risk BDCs having inconsistent SIDs\n"));
sid_copy(&ldap_state->domain_sid, get_global_sam_sid());
return NT_STATUS_OK;
}
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
- if (!found_sid || !sid_equal(&secrets_domain_sid,
+ if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
/* Let pdb_nds register backends */
pdb_nds_init();
+ pdb_ipa_init();
+
return NT_STATUS_OK;
}
git.samba.org / idra / samba.git / blobdiff