/* make sure the end of the list is NULL */
mods[i] = NULL;
- ret = ldap_add_s(ads->ld, utf8_dn ? utf8_dn : new_dn, mods);
+ ret = ldap_add_s(ads->ld, utf8_dn, mods);
SAFE_FREE(utf8_dn);
return ADS_ERROR(ret);
}
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
- ret = ldap_delete(ads->ld, utf8_dn ? utf8_dn : del_dn);
+ ret = ldap_delete(ads->ld, utf8_dn);
return ADS_ERROR(ret);
}
ADS_MODLIST mods;
const char *objectClass[] = {"top", "person", "organizationalPerson",
"user", "computer", NULL};
- const char *servicePrincipalName[3] = {NULL, NULL, NULL};
- char *psp;
+ const char *servicePrincipalName[5] = {NULL, NULL, NULL, NULL, NULL};
+ char *psp, *psp2;
unsigned acct_control;
if (!(ctx = talloc_init("machine_account")))
ads->config.bind_path);
servicePrincipalName[0] = talloc_asprintf(ctx, "HOST/%s", hostname);
psp = talloc_asprintf(ctx, "HOST/%s.%s",
- hostname,
- ads->config.realm);
+ hostname,
+ ads->config.realm);
strlower(&psp[5]);
servicePrincipalName[1] = psp;
+ servicePrincipalName[2] = talloc_asprintf(ctx, "CIFS/%s", hostname);
+ psp2 = talloc_asprintf(ctx, "CIFS/%s.%s",
+ hostname,
+ ads->config.realm);
+ strlower(&psp2[5]);
+ servicePrincipalName[3] = psp2;
free(ou_str);
if (!new_dn)
size_t sd_size = 0;
struct berval bval = {0, NULL};
prs_struct ps_wire;
+ char *escaped_hostname = escape_ldap_string_alloc(hostname);
LDAPMessage *res = 0;
LDAPMessage *msg = 0;
ret = ADS_ERROR(LDAP_SUCCESS);
- if (asprintf(&exp, "(samAccountName=%s$)", hostname) == -1) {
+ if (!escaped_hostname) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ if (asprintf(&exp, "(samAccountName=%s$)", escaped_hostname) == -1) {
DEBUG(1, ("ads_set_machine_sd: asprintf failed!\n"));
+ SAFE_FREE(escaped_hostname);
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
+ SAFE_FREE(escaped_hostname);
+
ret = ads_search(ads, (void *) &res, exp, attrs);
if (!ADS_ERR_OK(ret)) return ret;
DEBUG(3,("LDAPS option set...!\n"));
#else
- DEBUG(0,("ldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
+ DEBUG(0,("ldapsam_open_connection: Secure connection not supported by LDAP client libraries!\n"));
return LDAP_OPERATIONS_ERROR;
#endif
}
return LDAP_OPERATIONS_ERROR;
}
#else
- DEBUG(0,("ldap_open_connection: StartTLS not supported by LDAP client libraries!\n"));
+ DEBUG(0,("ldapsam_open_connection: StartTLS not supported by LDAP client libraries!\n"));
return LDAP_OPERATIONS_ERROR;
#endif
}
- DEBUG(2, ("ldap_open_connection: connection opened\n"));
+ DEBUG(2, ("ldapsam_open_connection: connection opened\n"));
return rc;
}
memset(*credp, '\0', strlen(*credp));
SAFE_FREE(*credp);
} else {
- DEBUG(5,("ldap_connect_system: Rebinding as \"%s\"\n",
+ DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n",
ldap_state->bind_dn));
*whop = strdup(ldap_state->bind_dn);
{
struct ldapsam_privates *ldap_state = arg;
int rc;
- DEBUG(5,("ldap_connect_system: Rebinding as \"%s\"\n",
+ DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n",
ldap_state->bind_dn));
/** @TODO Should we be doing something to check what servers we rebind to?
/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
(OpenLDAP) doesnt' seem to support it */
- DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
- ldap_dn));
+ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
+ ldap_state->uri, ldap_dn));
#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
# if LDAP_SET_REBIND_PROC_ARGS == 2
rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret);
if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc)));
+ char *ld_error;
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ DEBUG(0,
+ ("failed to bind to server with dn= %s Error: %s\n\t%s\n",
+ ldap_dn, ldap_err2string(rc),
+ ld_error));
+ free(ld_error);
return rc;
}
LDAPMessage ** result)
{
pstring filter;
-
+ char *escape_user = escape_ldap_string_alloc(user);
+
+ if (!escape_user) {
+ return LDAP_NO_MEMORY;
+ }
+
/*
* in the filter expression, replace %u with the real name
* so in ldap filter, %u MUST exist :-)
* have to use this here because $ is filtered out
* in pstring_sub
*/
- all_string_sub(filter, "%u", user, sizeof(pstring));
+
+
+ all_string_sub(filter, "%u", escape_user, sizeof(pstring));
+ SAFE_FREE(escape_user);
return ldapsam_search_one_user(ldap_state, filter, result);
}
{
struct passwd *user;
pstring filter;
+ char *escape_user;
/* Get the username from the system and look that up in the LDAP */
pstrcpy(filter, lp_ldap_filter());
- all_string_sub(filter, "%u", user->pw_name, sizeof(pstring));
+ escape_user = escape_ldap_string_alloc(user->pw_name);
+ if (!escape_user) {
+ passwd_free(&user);
+ return LDAP_NO_MEMORY;
+ }
+
+ all_string_sub(filter, "%u", escape_user, sizeof(pstring));
passwd_free(&user);
+ SAFE_FREE(escape_user);
return ldapsam_search_one_user(ldap_state, filter, result);
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result;
LDAPMessage *entry;
-
+ int count;
+
if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
return NT_STATUS_NO_SUCH_USER;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+
+ count = ldap_count_entries(ldap_state->ldap_struct, result);
+
+ if (count < 1) {
DEBUG(4,
("We don't find this user [%s] count=%d\n", sname,
- ldap_count_entries(ldap_state->ldap_struct, result)));
+ count));
+ return NT_STATUS_NO_SUCH_USER;
+ } else if (count > 1) {
+ DEBUG(1,
+ ("Duplicate entries for this user [%s] Failing. count=%d\n", sname,
+ count));
return NT_STATUS_NO_SUCH_USER;
}
+
entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
if (!init_sam_from_ldap(ldap_state, user, entry)) {
(struct ldapsam_privates *)my_methods->private_data;
LDAPMessage *result;
LDAPMessage *entry;
+ int count;
if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
return NT_STATUS_NO_SUCH_USER;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ count = ldap_count_entries(ldap_state->ldap_struct, result);
+
+ if (count < 1) {
DEBUG(4,
("We don't find this rid [%i] count=%d\n", rid,
- ldap_count_entries(ldap_state->ldap_struct, result)));
+ count));
+ return NT_STATUS_NO_SUCH_USER;
+ } else if (count > 1) {
+ DEBUG(1,
+ ("More than one user with rid [%i]. Failing. count=%d\n", rid,
+ count));
return NT_STATUS_NO_SUCH_USER;
}
}
if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
- DEBUG(0,("User already in the base, with samba properties\n"));
+ DEBUG(0,("User '%s' already in the base, with samba properties\n",
+ username));
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}