*/
#include "includes.h"
+#include "tldap.h"
+#include "tldap_util.h"
+#include "../libds/common/flags.h"
+#include "secrets.h"
+#include "../librpc/gen_ndr/samr.h"
+#include "../libcli/ldap/ldap_ndr.h"
+#include "../libcli/security/security.h"
struct pdb_ads_state {
struct sockaddr_un socket_address;
struct tldap_message *ldapmsg;
};
-static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
- struct samu *sam_acct,
- const DOM_SID *sid);
static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
- DOM_SID *sid);
+ struct dom_sid *sid);
static bool pdb_ads_dnblob2sid(struct pdb_ads_state *state, DATA_BLOB *dnblob,
struct dom_sid *psid);
static NTSTATUS pdb_ads_sid2dn(struct pdb_ads_state *state,
result, struct pdb_ads_samu_private);
}
- sidstr = sid_binstring(talloc_tos(), pdb_get_user_sid(sam));
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), pdb_get_user_sid(sam));
if (sidstr == NULL) {
return NULL;
}
time_t tmp_time;
struct dom_sid sid;
uint64_t n;
+ uint32_t i;
DATA_BLOB blob;
str = tldap_talloc_single_attribute(entry, "samAccountName", sam);
pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
}
if (pdb_ads_pull_time(entry, "accountExpires", &tmp_time)) {
- pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
+ pdb_set_kickoff_time(sam, tmp_time, PDB_SET);
}
str = tldap_talloc_single_attribute(entry, "displayName",
pdb_set_profile_path(sam, str, PDB_SET);
}
+ str = tldap_talloc_single_attribute(entry, "comment",
+ talloc_tos());
+ if (str != NULL) {
+ pdb_set_comment(sam, str, PDB_SET);
+ }
+
+ str = tldap_talloc_single_attribute(entry, "description",
+ talloc_tos());
+ if (str != NULL) {
+ pdb_set_acct_desc(sam, str, PDB_SET);
+ }
+
+ str = tldap_talloc_single_attribute(entry, "userWorkstations",
+ talloc_tos());
+ if (str != NULL) {
+ pdb_set_workstations(sam, str, PDB_SET);
+ }
+
+ str = tldap_talloc_single_attribute(entry, "userParameters",
+ talloc_tos());
+ if (str != NULL) {
+ pdb_set_munged_dial(sam, str, PDB_SET);
+ }
+
if (!tldap_pull_binsid(entry, "objectSid", &sid)) {
DEBUG(10, ("Could not pull SID\n"));
goto fail;
DEBUG(10, ("Could not pull userAccountControl\n"));
goto fail;
}
- pdb_set_acct_ctrl(sam, ads_uf2acb(n), PDB_SET);
+ pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET);
if (tldap_get_single_valueblob(entry, "unicodePwd", &blob)) {
if (blob.length != NT_HASH_LEN) {
pdb_set_group_sid(sam, &sid, PDB_SET);
}
+
+ if (tldap_pull_uint32(entry, "countryCode", &i)) {
+ pdb_set_country_code(sam, i, PDB_SET);
+ }
+
status = NT_STATUS_OK;
fail:
TALLOC_FREE(frame);
static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
struct tldap_message *existing,
TALLOC_CTX *mem_ctx,
- int *pnum_mods, struct tldap_mod **pmods,
+ struct tldap_mod **pmods, int *pnum_mods,
struct samu *sam)
{
bool ret = true;
DATA_BLOB blob;
+ const char *pw;
/* TODO: All fields :-) */
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "displayName",
+ existing, mem_ctx, pmods, pnum_mods, "displayName",
"%s", pdb_get_fullname(sam));
- blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN);
- if (blob.data != NULL) {
- ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
- "unicodePwd", 1, &blob);
- }
+ pw = pdb_get_plaintext_passwd(sam);
+
+ /*
+ * If we have the plain text pw, this is probably about to be
+ * set. Is this true always?
+ */
+ if (pw != NULL) {
+ char *pw_quote;
+ uint8_t *pw_utf16;
+ size_t pw_utf16_len;
+
+ pw_quote = talloc_asprintf(talloc_tos(), "\"%s\"", pw);
+ if (pw_quote == NULL) {
+ ret = false;
+ goto fail;
+ }
+
+ ret &= convert_string_talloc(talloc_tos(),
+ CH_UNIX, CH_UTF16LE,
+ pw_quote, strlen(pw_quote),
+ &pw_utf16, &pw_utf16_len, false);
+ if (!ret) {
+ goto fail;
+ }
+ blob = data_blob_const(pw_utf16, pw_utf16_len);
- blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN);
- if (blob.data != NULL) {
- ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE,
- "dBCSPwd", 1, &blob);
+ ret &= tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods,
+ TLDAP_MOD_REPLACE,
+ "unicodePwd", &blob, 1);
+ TALLOC_FREE(pw_utf16);
+ TALLOC_FREE(pw_quote);
}
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "userAccountControl",
- "%d", ads_acb2uf(pdb_get_acct_ctrl(sam)));
+ existing, mem_ctx, pmods, pnum_mods, "userAccountControl",
+ "%d", ds_acb2uf(pdb_get_acct_ctrl(sam)));
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "homeDirectory",
+ existing, mem_ctx, pmods, pnum_mods, "homeDirectory",
"%s", pdb_get_homedir(sam));
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "homeDrive",
+ existing, mem_ctx, pmods, pnum_mods, "homeDrive",
"%s", pdb_get_dir_drive(sam));
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "scriptPath",
+ existing, mem_ctx, pmods, pnum_mods, "scriptPath",
"%s", pdb_get_logon_script(sam));
ret &= tldap_make_mod_fmt(
- existing, mem_ctx, pnum_mods, pmods, "profilePath",
+ existing, mem_ctx, pmods, pnum_mods, "profilePath",
"%s", pdb_get_profile_path(sam));
+ ret &= tldap_make_mod_fmt(
+ existing, mem_ctx, pmods, pnum_mods, "comment",
+ "%s", pdb_get_comment(sam));
+
+ ret &= tldap_make_mod_fmt(
+ existing, mem_ctx, pmods, pnum_mods, "description",
+ "%s", pdb_get_acct_desc(sam));
+
+ ret &= tldap_make_mod_fmt(
+ existing, mem_ctx, pmods, pnum_mods, "userWorkstations",
+ "%s", pdb_get_workstations(sam));
+
+ ret &= tldap_make_mod_fmt(
+ existing, mem_ctx, pmods, pnum_mods, "userParameters",
+ "%s", pdb_get_munged_dial(sam));
+
+ ret &= tldap_make_mod_fmt(
+ existing, mem_ctx, pmods, pnum_mods, "countryCode",
+ "%i", (int)pdb_get_country_code(sam));
+
+fail:
return ret;
}
&users, "%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(result);
return NT_STATUS_LDAP(rc);
}
static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,
struct samu *sam_acct,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
char *sidstr, *filter;
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
filter = talloc_asprintf(
ok = true;
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "objectClass", "user");
+ NULL, talloc_tos(), &mods, &num_mods, "objectClass", "user");
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
+ NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s",
name);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}
- rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
+ rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created user %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(dn);
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(dn);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete for %s failed: %s\n", dn,
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
return NT_STATUS_LDAP(rc);
}
return NT_STATUS_OK;
}
if (!pdb_ads_init_ads_from_sam(state, priv->ldapmsg, talloc_tos(),
- &num_mods, &mods, sam)) {
+ &mods, &num_mods, sam)) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
- rc = tldap_modify(ld, priv->dn, num_mods, mods, NULL, 0,
+ rc = tldap_modify(ld, priv->dn, mods, num_mods, NULL, 0,
NULL, 0);
TALLOC_FREE(mods);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify for %s failed: %s\n", priv->dn,
- tldap_errstr(debug_ctx(), ld, rc)));
+ tldap_errstr(talloc_tos(), ld, rc)));
return NT_STATUS_LDAP(rc);
}
&group, "%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
if (talloc_array_length(group) != 1) {
}
static NTSTATUS pdb_ads_getgrsid(struct pdb_methods *m, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
char *filter;
NTSTATUS status;
}
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
+ NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s",
name);
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "objectClass", "group");
+ NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group");
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "groupType",
+ NULL, talloc_tos(), &mods, &num_mods, "groupType",
"%d", (int)GTYPE_SECURITY_GLOBAL_GROUP);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}
- rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
+ rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
"(&(objectclass=group)(samaccountname=%s))", name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created alias %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
sid_compose(&sid, &state->domainsid, rid);
- sidstr = sid_binstring(talloc_tos(), &sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
TALLOC_FREE(msg);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
}
static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,
- DOM_SID sid)
+ struct dom_sid sid)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
static NTSTATUS pdb_ads_enum_group_members(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group,
+ const struct dom_sid *group,
uint32 **pmembers,
size_t *pnum_members)
{
DATA_BLOB *blobs;
uint32_t *members;
- sidstr = sid_binstring(talloc_tos(), group);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), group);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
break;
}
- if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) {
+ if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
static NTSTATUS pdb_ads_enum_group_memberships(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
struct samu *user,
- DOM_SID **pp_sids,
+ struct dom_sid **pp_sids,
gid_t **pp_gids,
size_t *p_num_groups)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
- struct pdb_ads_samu_private *priv = pdb_ads_get_samu_private(
- m, user);
+ struct pdb_ads_samu_private *priv;
const char *attrs[1] = { "objectSid" };
struct tldap_message **groups;
int i, rc, count;
struct dom_sid *group_sids;
gid_t *gids;
- rc = pdb_ads_search_fmt(
- state, state->domaindn, TLDAP_SCOPE_SUB,
- attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups,
- "(&(member=%s)(grouptype=%d)(objectclass=group))",
- priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
- if (rc != TLDAP_SUCCESS) {
- DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
- return NT_STATUS_LDAP(rc);
+ priv = pdb_ads_get_samu_private(m, user);
+ if (priv != NULL) {
+ rc = pdb_ads_search_fmt(
+ state, state->domaindn, TLDAP_SCOPE_SUB,
+ attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups,
+ "(&(member=%s)(grouptype=%d)(objectclass=group))",
+ priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
+ if (rc != TLDAP_SUCCESS) {
+ DEBUG(10, ("ldap_search failed %s\n",
+ tldap_errstr(talloc_tos(), state->ld, rc)));
+ return NT_STATUS_LDAP(rc);
+ }
+ count = talloc_array_length(groups);
+ } else {
+ /*
+ * This happens for artificial samu users
+ */
+ DEBUG(10, ("Could not get pdb_ads_samu_private\n"));
+ count = 0;
}
- count = talloc_array_length(groups);
-
- group_sids = talloc_array(mem_ctx, struct dom_sid, count);
+ group_sids = talloc_array(mem_ctx, struct dom_sid, count+1);
if (group_sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- gids = talloc_array(mem_ctx, gid_t, count);
+ gids = talloc_array(mem_ctx, gid_t, count+1);
if (gids == NULL) {
TALLOC_FREE(group_sids);
return NT_STATUS_NO_MEMORY;
}
- num_groups = 0;
+
+ sid_copy(&group_sids[0], pdb_get_group_sid(user));
+ if (!sid_to_gid(&group_sids[0], &gids[0])) {
+ TALLOC_FREE(gids);
+ TALLOC_FREE(group_sids);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ num_groups = 1;
for (i=0; i<count; i++) {
if (!tldap_pull_binsid(groups[i], "objectSid",
struct dom_sid groupsid, membersid;
char *groupdn, *memberdn;
struct tldap_mod *mods;
+ int num_mods;
int rc;
NTSTATUS status;
}
mods = NULL;
+ num_mods = 0;
- if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op,
+ if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op,
"member", memberdn)) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- rc = tldap_modify(ld, groupdn, 1, mods, NULL, 0, NULL, 0);
+ rc = tldap_modify(ld, groupdn, mods, num_mods, NULL, 0, NULL, 0);
TALLOC_FREE(frame);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_GROUP;
}
}
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "samAccountName", "%s",
+ NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s",
name);
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "objectClass", "group");
+ NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group");
ok &= tldap_make_mod_fmt(
- NULL, talloc_tos(), &num_mods, &mods, "groupType",
+ NULL, talloc_tos(), &mods, &num_mods, "groupType",
"%d", (int)GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}
- rc = tldap_add(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
+ rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_add failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
"(&(objectclass=group)(samaccountname=%s))", name);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not find just created alias %s: %s\n",
- name, tldap_errstr(debug_ctx(), state->ld, rc)));
+ name, tldap_errstr(talloc_tos(), state->ld, rc)));
TALLOC_FREE(frame);
return NT_STATUS_LDAP(rc);
}
}
static NTSTATUS pdb_ads_delete_alias(struct pdb_methods *m,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
struct tldap_context *ld;
struct tldap_message **alias;
- char *sidstr, *dn;
+ char *sidstr, *dn = NULL;
int rc;
ld = pdb_ads_ld(state);
return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
}
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
if (sidstr == NULL) {
return NT_STATUS_NO_MEMORY;
}
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
- TALLOC_FREE(dn);
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
if (talloc_array_length(alias) != 1) {
rc = tldap_delete(ld, dn, NULL, 0, NULL, 0);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_delete failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
- TALLOC_FREE(dn);
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
}
static NTSTATUS pdb_ads_set_aliasinfo(struct pdb_methods *m,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct acct_info *info)
{
struct pdb_ads_state *state = talloc_get_type_abort(
return NT_STATUS_LDAP(TLDAP_SERVER_DOWN);
}
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
ok = true;
ok &= tldap_make_mod_fmt(
- msg[0], msg, &num_mods, &mods, "description",
+ msg[0], msg, &mods, &num_mods, "description",
"%s", info->acct_desc);
ok &= tldap_make_mod_fmt(
- msg[0], msg, &num_mods, &mods, "samAccountName",
+ msg[0], msg, &mods, &num_mods, "samAccountName",
"%s", info->acct_name);
if (!ok) {
TALLOC_FREE(msg);
return NT_STATUS_OK;
}
- rc = tldap_modify(ld, dn, num_mods, mods, NULL, 0, NULL, 0);
+ rc = tldap_modify(ld, dn, mods, num_mods, NULL, 0, NULL, 0);
TALLOC_FREE(msg);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
return NT_STATUS_OK;
char *sidstr, *dn;
int rc;
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
}
static NTSTATUS pdb_ads_mod_aliasmem(struct pdb_methods *m,
- const DOM_SID *alias,
- const DOM_SID *member,
+ const struct dom_sid *alias,
+ const struct dom_sid *member,
int mod_op)
{
struct pdb_ads_state *state = talloc_get_type_abort(
struct tldap_context *ld;
TALLOC_CTX *frame = talloc_stackframe();
struct tldap_mod *mods;
+ int num_mods;
int rc;
char *aliasdn, *memberdn;
NTSTATUS status;
}
mods = NULL;
+ num_mods = 0;
- if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op,
+ if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op,
"member", memberdn)) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
- rc = tldap_modify(ld, aliasdn, 1, mods, NULL, 0, NULL, 0);
+ rc = tldap_modify(ld, aliasdn, mods, num_mods, NULL, 0, NULL, 0);
TALLOC_FREE(frame);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_modify failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_ALIAS;
}
}
static NTSTATUS pdb_ads_add_aliasmem(struct pdb_methods *m,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_ADD);
}
static NTSTATUS pdb_ads_del_aliasmem(struct pdb_methods *m,
- const DOM_SID *alias,
- const DOM_SID *member)
+ const struct dom_sid *alias,
+ const struct dom_sid *member)
{
return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_DELETE);
}
}
static NTSTATUS pdb_ads_enum_aliasmem(struct pdb_methods *m,
- const DOM_SID *alias,
+ const struct dom_sid *alias,
TALLOC_CTX *mem_ctx,
- DOM_SID **pmembers,
+ struct dom_sid **pmembers,
size_t *pnum_members)
{
struct pdb_ads_state *state = talloc_get_type_abort(
DATA_BLOB *blobs;
struct dom_sid *members;
- sidstr = sid_binstring(talloc_tos(), alias);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), alias);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn, TLDAP_SCOPE_SUB,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
switch talloc_array_length(msg) {
break;
}
- if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) {
+ if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- const DOM_SID *members,
+ const struct dom_sid *domain_sid,
+ const struct dom_sid *members,
size_t num_members,
uint32_t **palias_rids,
size_t *pnum_alias_rids)
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
const char *attrs[1] = { "objectSid" };
- struct tldap_message **msg;
+ struct tldap_message **msg = NULL;
uint32_t *alias_rids = NULL;
size_t num_alias_rids = 0;
int i, rc, count;
TALLOC_FREE(filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("tldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return NT_STATUS_LDAP(rc);
}
}
static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
int num_rids,
uint32 *rids,
const char **names,
sid_compose(&sid, domain_sid, rids[i]);
- sidstr = sid_binstring(talloc_tos(), &sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
rc = pdb_ads_search_fmt(state, state->domaindn,
TALLOC_FREE(sidstr);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
continue;
}
DEBUG(10, ("no samAccountType"));
continue;
}
- lsa_attrs[i] = ads_atype_map(attr);
+ lsa_attrs[i] = ds_atype_map(attr);
num_mapped += 1;
}
}
static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
int num_names,
const char **pp_names,
uint32 *rids,
}
static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
- int policy_index, uint32 *value)
+ enum pdb_policy_type type,
+ uint32_t *value)
{
- return account_policy_get(policy_index, value)
+ return account_policy_get(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
- int policy_index, uint32 value)
+ enum pdb_policy_type type,
+ uint32_t value)
{
- return account_policy_set(policy_index, value)
+ return account_policy_set(type, value)
? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
"%s", filter);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("ldap_search_ext_s failed: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
return false;
}
uint32 acct_flags)
{
struct pdb_ads_search_state *sstate;
+ char *filter;
bool ret;
- ret = pdb_ads_search_filter(m, search, "(objectclass=user)", &sstate);
+ if (acct_flags & ACB_NORMAL) {
+ filter = talloc_asprintf(
+ talloc_tos(),
+ "(&(objectclass=user)(sAMAccountType=%d))",
+ ATYPE_NORMAL_ACCOUNT);
+ } else if (acct_flags & ACB_WSTRUST) {
+ filter = talloc_asprintf(
+ talloc_tos(),
+ "(&(objectclass=user)(sAMAccountType=%d))",
+ ATYPE_WORKSTATION_TRUST);
+ } else {
+ filter = talloc_strdup(talloc_tos(), "(objectclass=user)");
+ }
+ if (filter == NULL) {
+ return false;
+ }
+
+ ret = pdb_ads_search_filter(m, search, filter, &sstate);
+ TALLOC_FREE(filter);
if (!ret) {
return false;
}
static bool pdb_ads_search_aliases(struct pdb_methods *m,
struct pdb_search *search,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
struct pdb_ads_search_state *sstate;
char *filter;
return true;
}
-static bool pdb_ads_uid_to_rid(struct pdb_methods *m, uid_t uid,
- uint32 *rid)
-{
- return false;
-}
-
static bool pdb_ads_uid_to_sid(struct pdb_methods *m, uid_t uid,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
}
static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
struct pdb_ads_state *state = talloc_get_type_abort(
m->private_data, struct pdb_ads_state);
return true;
}
-static bool pdb_ads_sid_to_id(struct pdb_methods *m, const DOM_SID *sid,
+static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid,
union unid_t *id, enum lsa_SidType *type)
{
struct pdb_ads_state *state = talloc_get_type_abort(
sid_peek_rid(sid, &rid);
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
if (sidstr == NULL) {
return false;
}
static bool pdb_ads_get_trusteddom_pw(struct pdb_methods *m,
const char *domain, char** pwd,
- DOM_SID *sid,
+ struct dom_sid *sid,
time_t *pass_last_set_time)
{
return false;
static bool pdb_ads_set_trusteddom_pw(struct pdb_methods *m,
const char* domain, const char* pwd,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
return false;
}
uint32 *num_domains,
struct trustdom_info ***domains)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ *num_domains = 0;
+ *domains = NULL;
+ return NT_STATUS_OK;
}
static void pdb_ads_init_methods(struct pdb_methods *m)
m->search_users = pdb_ads_search_users;
m->search_groups = pdb_ads_search_groups;
m->search_aliases = pdb_ads_search_aliases;
- m->uid_to_rid = pdb_ads_uid_to_rid;
m->uid_to_sid = pdb_ads_uid_to_sid;
m->gid_to_sid = pdb_ads_gid_to_sid;
m->sid_to_id = pdb_ads_sid_to_id;
ZERO_STRUCT(state->socket_address);
state->socket_address.sun_family = AF_UNIX;
- strncpy(state->socket_address.sun_path, location,
- sizeof(state->socket_address.sun_path) - 1);
+ strlcpy(state->socket_address.sun_path, location,
+ sizeof(state->socket_address.sun_path));
ld = pdb_ads_ld(state);
if (ld == NULL) {
rc = tldap_fetch_rootdse(ld);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve rootdse: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}
talloc_tos(), &domain, "(objectclass=*)");
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve domain: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}
talloc_tos(), &ncname, "(ncname=%s)", state->domaindn);
if (rc != TLDAP_SUCCESS) {
DEBUG(10, ("Could not retrieve ncname: %s\n",
- tldap_errstr(debug_ctx(), state->ld, rc)));
+ tldap_errstr(talloc_tos(), state->ld, rc)));
status = NT_STATUS_LDAP(rc);
goto done;
}
char *tmp = NULL;
NTSTATUS status;
- m = talloc(talloc_autofree_context(), struct pdb_methods);
+ m = talloc(NULL, struct pdb_methods);
if (m == NULL) {
return NT_STATUS_NO_MEMORY;
}
git.samba.org / kai / samba.git / blobdiff