*/
#include "includes.h"
+#include "passdb.h"
#include "../libcli/auth/libcli_auth.h"
+#include "secrets.h"
+#include "idmap_cache.h"
+#include "../libcli/security/security.h"
+#include "../lib/util/util_pw.h"
+#include "lib/winbind_util.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
#include <lber.h>
#include <ldap.h>
-/*
- * Work around versions of the LDAP client libs that don't have the OIDs
- * defined, or have them defined under the old name.
- * This functionality is really a factor of the server, not the client
- *
- */
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)
-#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD)
-#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
-#endif
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_EXOP_X_MODIFY_PASSWD_ID
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
-#endif
-
-#if defined(LDAP_EXOP_X_MODIFY_PASSWD_NEW) && !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_EXOP_X_MODIFY_PASSWD_NEW
-#elif !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
-#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
-#endif
-
#include "smbldap.h"
Simple helper function to make stuff better readable
**********************************************************************/
-static LDAP *priv2ld(struct ldapsam_privates *priv)
+LDAP *priv2ld(struct ldapsam_privates *priv)
{
return priv->smbldap_state->ldap_struct;
}
if (mem_ctx == NULL)
return NT_STATUS_NO_MEMORY;
- if ((attrs = TALLOC_ARRAY(mem_ctx, const char *, 2)) == NULL) {
+ if ((attrs = talloc_array(mem_ctx, const char *, 2)) == NULL) {
ntstatus = NT_STATUS_NO_MEMORY;
goto done;
}
******************************************************************/
static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid, LDAPMessage ** result,
+ uint32_t rid, LDAPMessage ** result,
const char **attr)
{
char *filter = NULL;
******************************************************************/
static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage ** result,
+ const struct dom_sid *sid, LDAPMessage ** result,
const char **attr)
{
char *filter = NULL;
*acct_desc = NULL,
*workstations = NULL,
*munged_dial = NULL;
- uint32 user_rid;
+ uint32_t user_rid;
uint8 smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
bool use_samba_attrs = True;
- uint32 acct_ctrl = 0;
- uint16 logon_divs;
- uint16 bad_password_count = 0,
+ uint32_t acct_ctrl = 0;
+ uint16_t logon_divs;
+ uint16_t bad_password_count = 0,
logon_count = 0;
- uint32 hours_len;
+ uint32_t hours_len;
uint8 hours[MAX_HOURS_LEN];
char *temp = NULL;
- LOGIN_CACHE *cache_entry = NULL;
- uint32 pwHistLen;
+ struct login_cache cache_entry;
+ uint32_t pwHistLen;
bool expand_explicit = lp_passdb_expand_explicit();
bool ret = false;
TALLOC_CTX *ctx = talloc_init("init_sam_from_ldap");
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_RID),
ctx))!=NULL) {
- user_rid = (uint32)atol(temp);
+ user_rid = (uint32_t)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
}
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
- char *history_string = TALLOC_ARRAY(ctx, char,
+ char *history_string = talloc_array(ctx, char,
MAX_PW_HISTORY_LEN*64);
if (!history_string) {
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- pwhist = TALLOC_ARRAY(ctx, uint8,
+ pwhist = talloc_array(ctx, uint8,
pwHistLen * PW_HISTORY_ENTRY_LEN);
if (pwhist == NULL) {
DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
LDAP_ATTR_BAD_PASSWORD_COUNT),
ctx);
if (temp) {
- bad_password_count = (uint32) atol(temp);
+ bad_password_count = (uint32_t) atol(temp);
pdb_set_bad_password_count(sampass,
bad_password_count, PDB_SET);
}
LDAP_ATTR_LOGON_COUNT),
ctx);
if (temp) {
- logon_count = (uint32) atol(temp);
+ logon_count = (uint32_t) atol(temp);
pdb_set_logon_count(sampass, logon_count, PDB_SET);
}
if (temp) {
pdb_gethexhours(temp, hours);
memset((char *)temp, '\0', strlen(temp) +1);
- pdb_set_hours(sampass, hours, PDB_SET);
+ pdb_set_hours(sampass, hours, hours_len, PDB_SET);
ZERO_STRUCT(hours);
}
struct passwd unix_pw;
bool have_uid = false;
bool have_gid = false;
- DOM_SID mapped_gsid;
- const DOM_SID *primary_gsid;
+ struct dom_sid mapped_gsid;
+ const struct dom_sid *primary_gsid;
ZERO_STRUCT(unix_pw);
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
primary_gsid = pdb_get_group_sid(sampass);
- if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {
+ if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
store_gid_sid_cache(primary_gsid,
sampass->unix_pw->pw_gid);
- idmap_cache_set_sid2uid(primary_gsid,
+ idmap_cache_set_sid2gid(primary_gsid,
sampass->unix_pw->pw_gid);
}
}
}
/* see if we have newer updates */
- if (!(cache_entry = login_cache_read(sampass))) {
+ if (!login_cache_read(sampass, &cache_entry)) {
DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n",
(unsigned int)pdb_get_bad_password_count(sampass),
(unsigned int)pdb_get_bad_password_time(sampass)));
DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n",
(unsigned int)ldap_entry_time,
- (unsigned int)cache_entry->entry_timestamp,
- (unsigned int)cache_entry->bad_password_time));
+ (unsigned int)cache_entry.entry_timestamp,
+ (unsigned int)cache_entry.bad_password_time));
- if (ldap_entry_time > cache_entry->entry_timestamp) {
+ if (ldap_entry_time > cache_entry.entry_timestamp) {
/* cache is older than directory , so
we need to delete the entry but allow the
fields to be written out */
/* read cache in */
pdb_set_acct_ctrl(sampass,
pdb_get_acct_ctrl(sampass) |
- (cache_entry->acct_ctrl & ACB_AUTOLOCK),
+ (cache_entry.acct_ctrl & ACB_AUTOLOCK),
PDB_SET);
pdb_set_bad_password_count(sampass,
- cache_entry->bad_password_count,
+ cache_entry.bad_password_count,
PDB_SET);
pdb_set_bad_password_time(sampass,
- cache_entry->bad_password_time,
+ cache_entry.bad_password_time,
PDB_SET);
}
fn_exit:
TALLOC_FREE(ctx);
- SAFE_FREE(cache_entry);
return ret;
}
enum pdb_elements))
{
char *temp = NULL;
- uint32 rid;
+ uint32_t rid;
if (mods == NULL || sampass == NULL) {
DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n"));
/* only update the RID if we actually need to */
if (need_update(sampass, PDB_USERSID)) {
fstring sid_string;
- const DOM_SID *user_sid = pdb_get_user_sid(sampass);
+ const struct dom_sid *user_sid = pdb_get_user_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (need_update(sampass, PDB_GROUPSID)) {
fstring sid_string;
- const DOM_SID *group_sid = pdb_get_group_sid(sampass);
+ const struct dom_sid *group_sid = pdb_get_group_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (need_update(sampass, PDB_PWHISTORY)) {
char *pwstr = NULL;
- uint32 pwHistLen = 0;
+ uint32_t pwHistLen = 0;
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
pwstr = SMB_MALLOC_ARRAY(char, 1024);
pwstr[64] = '\0';
} else {
int i;
- uint32 currHistLen = 0;
+ uint32_t currHistLen = 0;
const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);
if (pwhist != NULL) {
/* We can only store (1024-1/64 password history entries. */
if (need_update(sampass, PDB_BAD_PASSWORD_COUNT)) /* &&
need_update(sampass, PDB_BAD_PASSWORD_TIME)) */ {
- uint16 badcount = pdb_get_bad_password_count(sampass);
+ uint16_t badcount = pdb_get_bad_password_count(sampass);
time_t badtime = pdb_get_bad_password_time(sampass);
- uint32 pol;
+ uint32_t pol;
pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
DEBUG(7, ("bad password count is reset, deleting login cache entry for %s\n", pdb_get_nt_username(sampass)));
login_cache_delentry(sampass);
} else {
- LOGIN_CACHE cache_entry;
+ struct login_cache cache_entry;
cache_entry.entry_timestamp = time(NULL);
cache_entry.acct_ctrl = pdb_get_acct_ctrl(sampass);
cache_entry.bad_password_time = badtime;
DEBUG(7, ("Updating bad password count and time in login cache\n"));
- login_cache_write(sampass, cache_entry);
+ login_cache_write(sampass, &cache_entry);
}
}
;
}
- (*attr_list) = TALLOC_REALLOC_ARRAY(mem_ctx, (*attr_list),
+ (*attr_list) = talloc_realloc(mem_ctx, (*attr_list),
const char *, i+2);
SMB_ASSERT((*attr_list) != NULL);
(*attr_list)[i] = talloc_strdup((*attr_list), new_attr);
}
static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage **result)
+ const struct dom_sid *sid, LDAPMessage **result)
{
int rc = -1;
const char ** attr_list;
- uint32 rid;
+ uint32_t rid;
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBASAMACCOUNT: {
Get struct samu entry from LDAP by SID.
*********************************************************************/
-static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID *sid)
+static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result = NULL;
return NT_STATUS_INVALID_PARAMETER;
}
- if (!mods) {
- DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
- /* may be password change below however */
- } else {
- switch(ldap_op) {
- case LDAP_MOD_ADD:
- if (ldap_state->is_nds_ldap) {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass",
- "inetOrgPerson");
- } else {
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- "objectclass",
- LDAP_OBJ_ACCOUNT);
- }
- rc = smbldap_add(ldap_state->smbldap_state,
- dn, mods);
- break;
- case LDAP_MOD_REPLACE:
- rc = smbldap_modify(ldap_state->smbldap_state,
- dn ,mods);
- break;
- default:
- DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",
- ldap_op));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (rc!=LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
}
ber_bvfree(bv);
}
+
+ if (!mods) {
+ DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
+ /* may be password change below however */
+ } else {
+ switch(ldap_op) {
+ case LDAP_MOD_ADD:
+ if (ldap_state->is_nds_ldap) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "objectclass",
+ "inetOrgPerson");
+ } else {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "objectclass",
+ LDAP_OBJ_ACCOUNT);
+ }
+ rc = smbldap_add(ldap_state->smbldap_state,
+ dn, mods);
+ break;
+ case LDAP_MOD_REPLACE:
+ rc = smbldap_modify(ldap_state->smbldap_state,
+ dn ,mods);
+ break;
+ default:
+ DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",
+ ldap_op));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (rc!=LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
return NT_STATUS_OK;
}
return result;
}
-/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
-*********************************************************************/
-
-static bool element_is_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return IS_SAM_CHANGED(sampass, element);
-}
-
/**********************************************************************
Update struct samu.
*********************************************************************/
DEBUG(4, ("ldapsam_update_sam_account: user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn));
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_changed)) {
+ pdb_element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
TALLOC_FREE(dn);
if (mods != NULL)
return NT_STATUS_OK;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, pdb_element_is_changed);
if (mods != NULL) {
ldap_mods_free(mods,True);
static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid);
+ uint32_t group_rid,
+ uint32_t member_rid);
static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
struct samu *user,
- DOM_SID **pp_sids,
+ struct dom_sid **pp_sids,
gid_t **pp_gids,
- size_t *p_num_groups);
+ uint32_t *p_num_groups);
static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
struct samu *old_acct,
return NT_STATUS_OK;
}
-/**********************************************************************
- Helper function to determine for update_sam_account whether
- we need LDAP modification.
- *********************************************************************/
-
-static bool element_is_set_or_changed(const struct samu *sampass,
- enum pdb_elements element)
-{
- return (IS_SAM_SET(sampass, element) ||
- IS_SAM_CHANGED(sampass, element));
-}
-
/**********************************************************************
Add struct samu to LDAP.
*********************************************************************/
LDAPMessage *entry = NULL;
LDAPMod **mods = NULL;
int ldap_op = LDAP_MOD_REPLACE;
- uint32 num_result;
+ uint32_t num_result;
const char **attr_list;
char *escape_user = NULL;
const char *username = pdb_get_username(newpwd);
- const DOM_SID *sid = pdb_get_user_sid(newpwd);
+ const struct dom_sid *sid = pdb_get_user_sid(newpwd);
char *filter = NULL;
char *dn = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
ldap_msgfree(result);
result = NULL;
- if (element_is_set_or_changed(newpwd, PDB_USERSID)) {
+ if (pdb_element_is_set_or_changed(newpwd, PDB_USERSID)) {
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
if (rc == LDAP_SUCCESS) {
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
- element_is_set_or_changed)) {
+ pdb_element_is_set_or_changed)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
if (mods != NULL) {
ldap_mods_free(mods, true);
break;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, element_is_set_or_changed);
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, pdb_element_is_set_or_changed);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
*********************************************************************/
static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
char *filter = NULL;
NTSTATUS status;
static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
LDAPMessage *entry,
- const DOM_SID *domain_sid,
- uint32 *rid)
+ const struct dom_sid *domain_sid,
+ uint32_t *rid)
{
fstring str;
- DOM_SID sid;
+ struct dom_sid sid;
if (!smbldap_get_single_attribute(ldap_struct, entry, "sambaSID",
str, sizeof(str)-1)) {
return False;
}
- if (sid_compare_domain(&sid, domain_sid) != 0) {
+ if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
str, sid_string_dbg(domain_sid)));
return False;
static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group,
- uint32 **pp_member_rids,
+ const struct dom_sid *group,
+ uint32_t **pp_member_rids,
size_t *p_num_members)
{
struct ldapsam_privates *ldap_state =
entry = ldap_next_entry(conn->ldap_struct, entry))
{
char *sidstr;
- DOM_SID sid;
- uint32 rid;
+ struct dom_sid sid;
+ uint32_t rid;
sidstr = smbldap_talloc_single_attribute(conn->ldap_struct,
entry, "sambaSID",
entry != NULL;
entry = ldap_next_entry(conn->ldap_struct, entry))
{
- uint32 rid;
+ uint32_t rid;
if (!ldapsam_extract_rid_from_entry(conn->ldap_struct,
entry,
static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
struct samu *user,
- DOM_SID **pp_sids,
+ struct dom_sid **pp_sids,
gid_t **pp_gids,
- size_t *p_num_groups)
+ uint32_t *p_num_groups)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
LDAPMessage *result = NULL;
LDAPMessage *entry;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- size_t num_sids, num_gids;
+ uint32_t num_sids;
+ uint32_t num_gids;
char *gidstr;
gid_t primary_gid = -1;
entry = ldap_next_entry(conn->ldap_struct, entry))
{
fstring str;
- DOM_SID sid;
+ struct dom_sid sid;
gid_t gid;
char *end;
}
}
- if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
+ if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {
DEBUG(3, ("primary group of [%s] not found\n",
pdb_get_username(user)));
goto done;
TALLOC_CTX *mem_ctx;
NTSTATUS result;
- DOM_SID sid;
+ struct dom_sid sid;
int rc;
*********************************************************************/
static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
*********************************************************************/
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *domsid, enum lsa_SidType sid_name_use,
+ const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
bool unix_only)
{
- GROUP_MAP map;
+ GROUP_MAP map = { 0, };
size_t entries = 0;
*p_num_entries = 0;
}
static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member,
+ const struct dom_sid *alias,
+ const struct dom_sid *member,
int modop)
{
struct ldapsam_privates *ldap_state =
}
static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD);
}
static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return ldapsam_modify_aliasmem(methods, alias, member,
LDAP_MOD_DELETE);
}
static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias,
+ const struct dom_sid *alias,
TALLOC_CTX *mem_ctx,
- DOM_SID **pp_members,
+ struct dom_sid **pp_members,
size_t *p_num_members)
{
struct ldapsam_privates *ldap_state =
char **values = NULL;
int i;
char *filter = NULL;
- size_t num_members = 0;
+ uint32_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
fstring tmp;
count = ldap_count_values(values);
for (i=0; i<count; i++) {
- DOM_SID member;
+ struct dom_sid member;
NTSTATUS status;
if (!string_to_sid(&member, values[i]))
static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- const DOM_SID *members,
+ const struct dom_sid *domain_sid,
+ const struct dom_sid *members,
size_t num_members,
- uint32 **pp_alias_rids,
+ uint32_t **pp_alias_rids,
size_t *p_num_alias_rids)
{
struct ldapsam_privates *ldap_state =
}
filter = talloc_asprintf(mem_ctx,
- "(&(|(objectclass=%s)(sambaGroupType=%d))(|",
+ "(&(objectclass=%s)(sambaGroupType=%d)(|",
LDAP_OBJ_GROUPMAP, type);
for (i=0; i<num_members; i++)
entry = ldap_next_entry(ldap_struct, entry))
{
fstring sid_str;
- DOM_SID sid;
- uint32 rid;
+ struct dom_sid sid;
+ uint32_t rid;
if (!smbldap_get_single_attribute(ldap_struct, entry,
LDAP_ATTRIBUTE_SID,
static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
enum pdb_policy_type type,
- uint32 value)
+ uint32_t value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
int rc;
static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
enum pdb_policy_type type,
- uint32 *value)
+ uint32_t *value)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
LDAPMessage *result = NULL;
attrs[0] = policy_attr;
attrs[1] = NULL;
- filter = talloc_asprintf(NULL, "(objectClass=%s)", LDAP_OBJ_DOMINFO);
+ filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", LDAP_OBJ_DOMINFO);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
LDAP_SCOPE_BASE, filter, attrs, 0,
&result);
-
+ TALLOC_FREE(filter);
if (rc != LDAP_SUCCESS) {
return ntstatus;
}
goto out;
}
- *value = (uint32)atol(vals[0]);
+ *value = (uint32_t)atol(vals[0]);
ntstatus = NT_STATUS_OK;
}
static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
int num_rids,
- uint32 *rids,
+ uint32_t *rids,
const char **names,
enum lsa_SidType *attrs)
{
}
for (i=0; i<num_rids; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
sid_compose(&sid, domain_sid, rids[i]);
allsids = talloc_asprintf_append_buffer(
allsids, "(sambaSid=%s)",
for (entry = ldap_first_entry(ld, msg);
entry != NULL;
entry = ldap_next_entry(ld, entry)) {
- uint32 rid;
+ uint32_t rid;
int rid_index;
const char *name;
entry != NULL;
entry = ldap_next_entry(ld, entry))
{
- uint32 rid;
+ uint32_t rid;
int rid_index;
const char *attr;
enum lsa_SidType type;
return result;
}
-const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
+static const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
{
int i, num = 0;
va_list ap;
num += 1;
va_end(ap);
- if ((result = TALLOC_ARRAY(mem_ctx, const char *, num+1)) == NULL) {
+ if ((result = talloc_array(mem_ctx, const char *, num+1)) == NULL) {
return NULL;
}
struct ldap_search_state {
struct smbldap_state *connection;
- uint32 acct_flags;
- uint16 group_type;
+ uint32_t acct_flags;
+ uint16_t group_type;
const char *base;
int scope;
}
state->current_entry = ldap_first_entry(ld, state->entries);
- if (state->current_entry == NULL) {
- ldap_msgfree(state->entries);
- state->entries = NULL;
- return false;
- }
-
return True;
}
!ldapsam_search_nextpage(search))
return False;
+ if (state->current_entry == NULL) {
+ return false;
+ }
+
result = state->ldap2displayentry(state, search,
state->connection->ldap_struct,
state->current_entry, entry);
{
char **vals;
size_t converted_size;
- DOM_SID sid;
- uint32 acct_flags;
+ struct dom_sid sid;
+ uint32_t acct_flags;
vals = ldap_get_values(ld, entry, "sambaAcctFlags");
if ((vals == NULL) || (vals[0] == NULL)) {
return False;
}
if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
+ discard_const_p(char *, &result->account_name),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
+ discard_const_p(char *, &result->fullname),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
+ discard_const_p(char *, &result->description),
vals[0], &converted_size))
{
DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
static bool ldapsam_search_users(struct pdb_methods *methods,
struct pdb_search *search,
- uint32 acct_flags)
+ uint32_t acct_flags)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
{
char **vals;
size_t converted_size;
- DOM_SID sid;
- uint16 group_type;
+ struct dom_sid sid;
+ uint16_t group_type;
result->account_name = "";
result->fullname = "";
return False;
}
if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **,
+ discard_const_p(char *,
&result->account_name),
vals[0], &converted_size))
{
}
}
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **,
+ discard_const_p(char *,
&result->account_name),
vals[0], &converted_size))
{
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
else if (!pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
+ discard_const_p(char *, &result->description),
vals[0], &converted_size))
{
DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
break;
default:
- DEBUG(0,("unkown group type: %d\n", group_type));
+ DEBUG(0,("unknown group type: %d\n", group_type));
return False;
}
static bool ldapsam_search_grouptype(struct pdb_methods *methods,
struct pdb_search *search,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
enum lsa_SidType type)
{
struct ldapsam_privates *ldap_state =
static bool ldapsam_search_aliases(struct pdb_methods *methods,
struct pdb_search *search,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
}
}
static NTSTATUS ldapsam_get_new_rid(struct ldapsam_privates *priv,
- uint32 *rid)
+ uint32_t *rid)
{
struct smbldap_state *smbldap_state = priv->smbldap_state;
NTSTATUS status;
char *value;
int rc;
- uint32 nextRid = 0;
+ uint32_t nextRid = 0;
const char *dn;
TALLOC_CTX *mem_ctx;
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextUserRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextGroupRid", mem_ctx);
if (value != NULL) {
- uint32 tmp = (uint32)strtoul(value, NULL, 10);
+ uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
nextRid = MAX(nextRid, tmp);
}
return status;
}
-static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *rid)
+static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32_t *rid)
{
int i;
return NT_STATUS_ACCESS_DENIED;
}
-static bool ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)
+static bool ldapsam_new_rid(struct pdb_methods *methods, uint32_t *rid)
{
NTSTATUS result = ldapsam_new_rid_internal(methods, rid);
return NT_STATUS_IS_OK(result) ? True : False;
}
static bool ldapsam_sid_to_id(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
union unid_t *id, enum lsa_SidType *type)
{
struct ldapsam_privates *priv =
* This is shortcut is only used if ldapsam:trusted is set to true.
*/
static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
* This is shortcut is only used if ldapsam:trusted is set to true.
*/
static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
LDAPMessage *entry = NULL;
bool ret = false;
char *group_sid_string;
- DOM_SID group_sid;
+ struct dom_sid group_sid;
int rc;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx, const char *name,
- uint32 acb_info, uint32 *rid)
+ uint32_t acb_info, uint32_t *rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
bool is_machine = False;
bool add_posix = False;
LDAPMod **mods = NULL;
char *uidstr;
char *shell;
const char *dn = NULL;
- DOM_SID group_sid;
- DOM_SID user_sid;
+ struct dom_sid group_sid;
+ struct dom_sid user_sid;
gid_t gid = -1;
uid_t uid = -1;
NTSTATUS ret;
return NT_STATUS_UNSUCCESSFUL;
}
- if (!init_ldap_from_sam(ldap_state, NULL, &mods, user, element_is_set_or_changed)) {
+ if (!init_ldap_from_sam(ldap_state, entry, &mods, user, pdb_element_is_set_or_changed)) {
DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n"));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(3,("ldapsam_create_user: Creating new posix user\n"));
/* retrieve the Domain Users group gid */
- if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) ||
+ if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) ||
!sid_to_gid(&group_sid, &gid)) {
DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n"));
return NT_STATUS_INVALID_PRIMARY_GROUP;
NTSTATUS status;
struct dom_sid *sids = NULL;
gid_t *gids = NULL;
- size_t num_groups = 0;
+ uint32_t num_groups = 0;
int i;
uint32_t user_rid = pdb_get_user_rid(sam_acct);
static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
const char *name,
- uint32 *rid)
+ uint32_t *rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
NTSTATUS ret;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
bool is_new_entry = False;
LDAPMod **mods = NULL;
char *filter;
char *grouptype;
char *gidstr;
const char *dn = NULL;
- DOM_SID group_sid;
+ struct dom_sid group_sid;
gid_t gid = -1;
int rc;
}
if (num_result == 0) {
+ is_new_entry = true;
+ }
+
+ if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
+ DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n"));
+ return ret;
+ }
+
+ sid_compose(&group_sid, get_global_sam_sid(), *rid);
+
+ groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
+ &group_sid));
+ grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
+
+ if (!groupsidstr || !grouptype) {
+ DEBUG(0,("ldapsam_create_group: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
+
+ if (is_new_entry) {
char *escape_name;
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
- is_new_entry = True;
-
/* lets allocate a new groupid for this group */
if (!winbind_allocate_gid(&gid)) {
DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n"));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
}
- if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
- DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n"));
- return ret;
- }
-
- sid_compose(&group_sid, get_global_sam_sid(), *rid);
-
- groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
- &group_sid));
- grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
-
- if (!groupsidstr || !grouptype) {
- DEBUG(0,("ldapsam_create_group: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
talloc_autofree_ldapmod(tmp_ctx, mods);
if (is_new_entry) {
return NT_STATUS_OK;
}
-static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 rid)
+static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32_t rid)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result = NULL;
const char *dn;
char *gidstr;
char *filter;
- DOM_SID group_sid;
+ struct dom_sid group_sid;
int rc;
/* get the group sid */
static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid,
+ uint32_t group_rid,
+ uint32_t member_rid,
int modop)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
LDAPMod **mods = NULL;
char *filter;
char *uidstr;
const char *dn = NULL;
- DOM_SID group_sid;
- DOM_SID member_sid;
+ struct dom_sid group_sid;
+ struct dom_sid member_sid;
int rc;
switch (modop) {
static NTSTATUS ldapsam_add_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid)
+ uint32_t group_rid,
+ uint32_t member_rid)
{
return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_ADD);
}
static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
TALLOC_CTX *tmp_ctx,
- uint32 group_rid,
- uint32 member_rid)
+ uint32_t group_rid,
+ uint32_t member_rid)
{
return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_DELETE);
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
- uint32 num_result;
+ uint32_t num_result;
LDAPMod **mods = NULL;
char *filter;
char *escape_username;
int attrsonly = 0; /* 0: return values too */
LDAPMessage *result = NULL;
char *trusted_dn;
- uint32 num_result;
+ uint32_t num_result;
filter = talloc_asprintf(talloc_tos(),
"(&(objectClass=%s)(sambaDomainName=%s))",
static bool ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
const char *domain,
char** pwd,
- DOM_SID *sid,
+ struct dom_sid *sid,
time_t *pass_last_set_time)
{
struct ldapsam_privates *ldap_state =
static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
const char* domain,
const char* pwd,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
+ uint32_t *num_domains,
struct trustdom_info ***domains)
{
int rc;
}
*num_domains = 0;
- if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
+ if (!(*domains = talloc_array(mem_ctx, struct trustdom_info *, 1))) {
DEBUG(1, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
char *dom_name, *dom_sid_str;
struct trustdom_info *dom_info;
- dom_info = TALLOC_P(*domains, struct trustdom_info);
+ dom_info = talloc(*domains, struct trustdom_info);
if (dom_info == NULL) {
DEBUG(1, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
/* TODO: Setup private data and free */
- if ( !(ldap_state = TALLOC_ZERO_P(*pdb_method, struct ldapsam_privates)) ) {
+ if ( !(ldap_state = talloc_zero(*pdb_method, struct ldapsam_privates)) ) {
DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state = NULL;
- uint32 alg_rid_base;
+ uint32_t alg_rid_base;
char *alg_rid_base_string = NULL;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- DOM_SID ldap_domain_sid;
- DOM_SID secrets_domain_sid;
+ struct dom_sid ldap_domain_sid;
+ struct dom_sid secrets_domain_sid;
char *domain_sid_string = NULL;
char *dn = NULL;
char *uri = talloc_strdup( NULL, location );
"info, nor add one to the domain\n"));
DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, "
"will be unable to allocate new users/groups, "
- "and will risk BDCs having inconsistant SIDs\n"));
+ "and will risk BDCs having inconsistent SIDs\n"));
sid_copy(&ldap_state->domain_sid, get_global_sam_sid());
return NT_STATUS_OK;
}
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
- if (!found_sid || !sid_equal(&secrets_domain_sid,
+ if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
talloc_tos());
if (alg_rid_base_string) {
- alg_rid_base = (uint32)atol(alg_rid_base_string);
+ alg_rid_base = (uint32_t)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {
DEBUG(0, ("The value of 'algorithmic RID base' has "
"changed since the LDAP\n"
/* Let pdb_nds register backends */
pdb_nds_init();
+ pdb_ipa_init();
+
return NT_STATUS_OK;
}
git.samba.org / idra / samba.git / blobdiff