-/*
+/*
Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
- Copyright (C) Jean François Micouleau 1998
+ Copyright (C) Jean François Micouleau 1998
Copyright (C) Gerald Carter 2001-2003
Copyright (C) Shahms King 2001
Copyright (C) Andrew Bartlett 2002-2003
/* TODO:
* persistent connections: if using NSS LDAP, many connections are made
* however, using only one within Samba would be nice
-*
+*
* Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK
*
* Other LDAP based login attributes: accountExpires, etc.
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
#include "lib/winbind_util.h"
+#include "librpc/gen_ndr/idmap.h"
+#include "lib/param/loadparm.h"
+#include "lib/util_sid_passdb.h"
+#include "lib/util/smb_strtox.h"
+#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
#include "smbldap.h"
#include "passdb/pdb_ldap.h"
#include "passdb/pdb_nds.h"
-#include "passdb/pdb_ipa.h"
#include "passdb/pdb_ldap_util.h"
#include "passdb/pdb_ldap_schema.h"
LDAP *priv2ld(struct ldapsam_privates *priv)
{
- return priv->smbldap_state->ldap_struct;
+ return smbldap_get_ldap(priv->smbldap_state);
}
/**********************************************************************
Get the attribute name given a user schame version.
**********************************************************************/
-
+
static const char* get_userattr_key2string( int schema_ver, int key )
{
switch ( schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- return get_attr_key2string( attrib_map_v22, key );
-
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_key2string( attrib_map_v30, key );
const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver )
{
switch ( schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- return get_attr_list( mem_ctx, attrib_map_v22 );
-
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v30 );
default:
int schema_ver )
{
switch ( schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- return get_attr_list( mem_ctx,
- attrib_map_to_delete_v22 );
-
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v30 );
/*******************************************************************
- Generate the LDAP search filter for the objectclass based on the
+ Generate the LDAP search filter for the objectclass based on the
version of the schema we are using.
******************************************************************/
char *result;
switch( schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );
- break;
case SCHEMAVER_SAMBASAMACCOUNT:
fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBASAMACCOUNT );
break;
return ntstatus;
}
- if (!smbldap_has_naming_context(ldap_state->smbldap_state->ldap_struct, lp_ldap_suffix())) {
+ if (!smbldap_has_naming_context(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ lp_ldap_suffix())) {
DEBUG(3,("ldapsam_get_seq_num: DIT not configured to hold %s "
"as top-level namingContext\n", lp_ldap_suffix()));
return ntstatus;
goto done;
}
- num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg);
+ num_result = ldap_count_entries(
+ smbldap_get_ldap(ldap_state->smbldap_state), msg);
if (num_result != 1) {
DEBUG(3,("ldapsam_get_seq_num: Expected one entry, got %d\n", num_result));
goto done;
}
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg);
+ entry = ldap_first_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state), msg);
if (entry == NULL) {
DEBUG(3,("ldapsam_get_seq_num: Could not retrieve entry\n"));
goto done;
}
- values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, attrs[0]);
+ values = ldap_get_values(
+ smbldap_get_ldap(ldap_state->smbldap_state), entry, attrs[0]);
if (values == NULL) {
DEBUG(3,("ldapsam_get_seq_num: no values\n"));
goto done;
/* very basic sanity check */
if (*seq_num <= 0) {
- DEBUG(3,("ldapsam_get_seq_num: invalid sequence number: %d\n",
+ DEBUG(3,("ldapsam_get_seq_num: invalid sequence number: %d\n",
(int)*seq_num));
goto done;
}
return ret;
}
-/*******************************************************************
- Run the search by rid.
-******************************************************************/
-
-static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32_t rid, LDAPMessage ** result,
- const char **attr)
-{
- char *filter = NULL;
- int rc;
-
- filter = talloc_asprintf(talloc_tos(), "(&(rid=%i)%s)", rid,
- get_objclass_filter(ldap_state->schema_ver));
- if (!filter) {
- return LDAP_NO_MEMORY;
- }
-
- rc = smbldap_search_suffix(ldap_state->smbldap_state,
- filter, attr, result);
- TALLOC_FREE(filter);
- return rc;
-}
-
/*******************************************************************
Run the search by SID.
******************************************************************/
{
char *filter = NULL;
int rc;
- fstring sid_string;
+ struct dom_sid_buf sid_string;
filter = talloc_asprintf(talloc_tos(), "(&(%s=%s)%s)",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- sid_to_fstring(sid_string, sid),
+ dom_sid_str_buf(sid, &sid_string),
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
return LDAP_NO_MEMORY;
}
smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
- talloc_autofree_ldapmod(mem_ctx, mods);
+ smbldap_talloc_autofree_ldapmod(mem_ctx, mods);
return smbldap_modify(priv->smbldap_state, dn, mods);
}
char *temp;
struct tm tm;
- temp = smbldap_talloc_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP),
+ temp = smbldap_talloc_single_attribute(
+ smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_MOD_TIMESTAMP),
talloc_tos());
if (!temp) {
return (time_t) 0;
*workstations = NULL,
*munged_dial = NULL;
uint32_t user_rid;
- uint8 smblmpwd[LM_HASH_LEN],
+ uint8_t smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
bool use_samba_attrs = True;
- uint32_t acct_ctrl = 0;
uint16_t logon_divs;
uint16_t bad_password_count = 0,
logon_count = 0;
uint32_t hours_len;
- uint8 hours[MAX_HOURS_LEN];
+ uint8_t hours[MAX_HOURS_LEN];
char *temp = NULL;
struct login_cache cache_entry;
uint32_t pwHistLen;
if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) {
if ((temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
}
} else {
if ((temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_RID),
}
if (IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
- DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
+ DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
get_userattr_key2string(ldap_state->schema_ver,
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PWD_LAST_SET),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGON_TIME),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGOFF_TIME),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_KICKOFF_TIME),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PWD_CAN_CHANGE),
*/
fullname = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_DISPLAY_NAME),
pdb_set_fullname(sampass, fullname, PDB_SET);
} else {
fullname = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_CN),
}
dir_drive = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_HOME_DRIVE),
}
homedir = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_HOME_PATH),
}
logon_script = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGON_SCRIPT),
}
profile_path = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PROFILE_PATH),
}
acct_desc = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_DESC),
}
workstations = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_WKS),
}
munged_dial = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_MUNGED_DIAL),
/* Make call to Novell eDirectory ldap extension to get clear text password.
NOTE: This will only work if we have an SSL connection to eDirectory. */
- user_dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
+ user_dn = smbldap_talloc_dn(
+ ctx, smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (user_dn != NULL) {
DEBUG(3, ("init_sam_from_ldap: smbldap_talloc_dn(ctx, %s) returned '%s'\n", username, user_dn));
if (use_samba_attrs) {
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LMPW),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_NTPW),
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen > 0){
- uint8 *pwhist = NULL;
+ uint8_t *pwhist = NULL;
int i;
char *history_string = talloc_array(ctx, char,
MAX_PW_HISTORY_LEN*64);
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- pwhist = talloc_array(ctx, uint8,
- pwHistLen * PW_HISTORY_ENTRY_LEN);
+ pwhist = talloc_zero_array(ctx, uint8_t,
+ pwHistLen * PW_HISTORY_ENTRY_LEN);
if (pwhist == NULL) {
DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
goto fn_exit;
}
- memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
if (smbldap_get_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PWD_HISTORY),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_ACB_INFO),
ctx);
if (temp) {
+ uint32_t acct_ctrl = 0;
acct_ctrl = pdb_decode_acct_ctrl(temp);
if (acct_ctrl == 0) {
}
pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
- } else {
- acct_ctrl |= ACB_NORMAL;
}
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_BAD_PASSWORD_COUNT),
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_BAD_PASSWORD_TIME),
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGON_COUNT),
/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGON_HOURS),
bool have_gid = false;
struct dom_sid mapped_gsid;
const struct dom_sid *primary_gsid;
+ struct unixid id;
+ int error = 0;
ZERO_STRUCT(unix_pw);
ctx);
if (temp) {
/* We've got a uid, feed the cache */
- unix_pw.pw_uid = strtoul(temp, NULL, 10);
+ unix_pw.pw_uid = smb_strtoul(temp,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_ERR("Failed to convert UID\n");
+ goto fn_exit;
+ }
have_uid = true;
}
temp = smbldap_talloc_single_attribute(
ctx);
if (temp) {
/* We've got a uid, feed the cache */
- unix_pw.pw_gid = strtoul(temp, NULL, 10);
+ unix_pw.pw_gid = smb_strtoul(temp,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_ERR("Failed to convert GID\n");
+ goto fn_exit;
+ }
have_gid = true;
}
unix_pw.pw_gecos = smbldap_talloc_single_attribute(
entry,
"gecos",
ctx);
- if (unix_pw.pw_gecos) {
+ if (unix_pw.pw_gecos == NULL) {
unix_pw.pw_gecos = fullname;
}
unix_pw.pw_dir = smbldap_talloc_single_attribute(
entry,
"homeDirectory",
ctx);
- if (unix_pw.pw_dir) {
+ if (unix_pw.pw_dir == NULL) {
unix_pw.pw_dir = discard_const_p(char, "");
}
unix_pw.pw_shell = smbldap_talloc_single_attribute(
entry,
"loginShell",
ctx);
- if (unix_pw.pw_shell) {
+ if (unix_pw.pw_shell == NULL) {
unix_pw.pw_shell = discard_const_p(char, "");
}
goto fn_exit;
}
- idmap_cache_set_sid2uid(pdb_get_user_sid(sampass),
- sampass->unix_pw->pw_uid);
+ id.id = sampass->unix_pw->pw_uid;
+ id.type = ID_TYPE_UID;
+
+ idmap_cache_set_sid2unixid(pdb_get_user_sid(sampass), &id);
gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid);
primary_gsid = pdb_get_group_sid(sampass);
if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) {
- idmap_cache_set_sid2gid(primary_gsid,
- sampass->unix_pw->pw_gid);
+ id.id = sampass->unix_pw->pw_gid;
+ id.type = ID_TYPE_GID;
+
+ idmap_cache_set_sid2unixid(primary_gsid, &id);
}
}
enum pdb_elements))
{
char *temp = NULL;
- uint32_t rid;
if (mods == NULL || sampass == NULL) {
DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n"));
* do this on a per-mod basis
*/
if (need_update(sampass, PDB_USERNAME)) {
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- "uid", pdb_get_username(sampass));
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ "uid", pdb_get_username(sampass));
if (ldap_state->is_nds_ldap) {
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- "cn", pdb_get_username(sampass));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- "sn", pdb_get_username(sampass));
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ "cn", pdb_get_username(sampass));
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ "sn", pdb_get_username(sampass));
}
}
/* only update the RID if we actually need to */
if (need_update(sampass, PDB_USERSID)) {
- fstring sid_string;
+ struct dom_sid_buf sid_str;
const struct dom_sid *user_sid = pdb_get_user_sid(sampass);
switch ( ldap_state->schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) {
- DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_dbg(user_sid),
- sid_string_dbg(
- &ldap_state->domain_sid)));
- return False;
- }
- if (asprintf(&temp, "%i", rid) < 0) {
- return false;
- }
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),
- temp);
- SAFE_FREE(temp);
- break;
-
case SCHEMAVER_SAMBASAMACCOUNT:
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_fstring(sid_string, user_sid));
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
+ dom_sid_str_buf(user_sid, &sid_str));
break;
default:
'free' to hang off the unix primary group makes life easier */
if (need_update(sampass, PDB_GROUPSID)) {
- fstring sid_string;
+ struct dom_sid_buf sid_str;
const struct dom_sid *group_sid = pdb_get_group_sid(sampass);
switch ( ldap_state->schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) {
- DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_dbg(group_sid),
- sid_string_dbg(
- &ldap_state->domain_sid)));
- return False;
- }
-
- if (asprintf(&temp, "%i", rid) < 0) {
- return false;
- }
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_PRIMARY_GROUP_RID), temp);
- SAFE_FREE(temp);
- break;
-
case SCHEMAVER_SAMBASAMACCOUNT:
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_fstring(sid_string, group_sid));
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PRIMARY_GROUP_SID),
+ dom_sid_str_buf(group_sid, &sid_str));
break;
default:
*/
if (need_update(sampass, PDB_FULLNAME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME),
pdb_get_fullname(sampass));
if (need_update(sampass, PDB_ACCTDESC))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC),
pdb_get_acct_desc(sampass));
if (need_update(sampass, PDB_WORKSTATIONS))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
pdb_get_workstations(sampass));
if (need_update(sampass, PDB_MUNGEDDIAL))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL),
pdb_get_munged_dial(sampass));
if (need_update(sampass, PDB_SMBHOME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
pdb_get_homedir(sampass));
if (need_update(sampass, PDB_DRIVE))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
pdb_get_dir_drive(sampass));
if (need_update(sampass, PDB_LOGONSCRIPT))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT),
pdb_get_logon_script(sampass));
if (need_update(sampass, PDB_PROFILE))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
if (asprintf(&temp, "%li", (long int)pdb_get_logon_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGONTIME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
SAFE_FREE(temp);
return false;
}
if (need_update(sampass, PDB_LOGOFFTIME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
SAFE_FREE(temp);
return false;
}
if (need_update(sampass, PDB_KICKOFFTIME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
SAFE_FREE(temp);
return false;
}
if (need_update(sampass, PDB_CANCHANGETIME))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
SAFE_FREE(temp);
char pwstr[34];
pdb_sethexpwd(pwstr, lm_pw,
pdb_get_acct_ctrl(sampass));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
pwstr);
} else {
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
NULL);
}
}
char pwstr[34];
pdb_sethexpwd(pwstr, nt_pw,
pdb_get_acct_ctrl(sampass));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
pwstr);
} else {
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
+ smbldap_make_mod(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
NULL);
}
}
} else {
int i;
uint32_t currHistLen = 0;
- const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);
+ const uint8_t *pwhist = pdb_get_pw_history(sampass, &currHistLen);
if (pwhist != NULL) {
/* We can only store (1024-1/64 password history entries. */
pwHistLen = MIN(pwHistLen, ((1024-1)/64));
}
}
}
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
pwstr);
SAFE_FREE(pwstr);
}
(long int)pdb_get_pass_last_set_time(sampass)) < 0) {
return false;
}
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
temp);
SAFE_FREE(temp);
}
}
if (need_update(sampass, PDB_HOURS)) {
- const uint8 *hours = pdb_get_hours(sampass);
+ const uint8_t *hours = pdb_get_hours(sampass);
if (hours) {
char hourstr[44];
pdb_sethexhours(hourstr, hours);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct,
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
existing,
mods,
get_userattr_key2string(ldap_state->schema_ver,
}
if (need_update(sampass, PDB_ACCTCTRL))
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
+ smbldap_make_mod(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ existing, mods,
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN));
/* password lockout cache:
return false;
}
smbldap_make_mod(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
get_userattr_key2string(
ldap_state->schema_ver,
return false;
}
smbldap_make_mod(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
get_userattr_key2string(
ldap_state->schema_ver,
attr_list);
TALLOC_FREE( attr_list );
- if ( rc != LDAP_SUCCESS )
+ if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
+ count = ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count));
return NT_STATUS_NO_SUCH_USER;
}
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
if (entry) {
if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
}
pdb_set_backend_private_data(user, result, NULL,
my_methods, PDB_CHANGED);
- talloc_autofree_ldapmsg(user, result);
+ smbldap_talloc_autofree_ldapmsg(user, result);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
return ret;
}
-static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
+static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
const struct dom_sid *sid, LDAPMessage **result)
{
int rc = -1;
const char ** attr_list;
- uint32_t rid;
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBASAMACCOUNT: {
result, attr_list);
TALLOC_FREE(tmp_ctx);
- if ( rc != LDAP_SUCCESS )
+ if ( rc != LDAP_SUCCESS )
return rc;
break;
}
- case SCHEMAVER_SAMBAACCOUNT:
- if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
- return rc;
- }
-
- attr_list = get_userattr_list(NULL,
- ldap_state->schema_ver);
- rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list );
- TALLOC_FREE( attr_list );
-
- if ( rc != LDAP_SUCCESS )
- return rc;
+ default:
+ DEBUG(0,("Invalid schema version specified\n"));
break;
}
return rc;
int count;
int rc;
- rc = ldapsam_get_ldap_user_by_sid(ldap_state,
- sid, &result);
+ rc = ldapsam_get_ldap_user_by_sid(ldap_state,
+ sid, &result);
if (rc != LDAP_SUCCESS)
return NT_STATUS_NO_SUCH_USER;
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
+ count = ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
if (count < 1) {
+ struct dom_sid_buf buf;
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
- "count=%d\n", sid_string_dbg(sid), count));
+ "count=%d\n",
+ dom_sid_str_buf(sid, &buf),
+ count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
} else if (count > 1) {
+ struct dom_sid_buf buf;
DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID "
- "[%s]. Failing. count=%d\n", sid_string_dbg(sid),
+ "[%s]. Failing. count=%d\n",
+ dom_sid_str_buf(sid, &buf),
count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
}
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
if (!entry) {
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
pdb_set_backend_private_data(user, result, NULL,
my_methods, PDB_CHANGED);
- talloc_autofree_ldapmsg(user, result);
+ smbldap_talloc_autofree_ldapmsg(user, result);
return NT_STATUS_OK;
-}
+}
/********************************************************************
- Do the actual modification - also change a plaintext passord if
+ Do the actual modification - also change a plaintext passord if
it it set.
**********************************************************************/
-static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
+static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
struct samu *newpwd, char *dn,
- LDAPMod **mods, int ldap_op,
+ LDAPMod **mods, int ldap_op,
bool (*need_update)(const struct samu *, enum pdb_elements))
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
if (!ldap_state->is_nds_ldap) {
- if (!smbldap_has_extension(ldap_state->smbldap_state->ldap_struct,
- LDAP_EXOP_MODIFY_PASSWD)) {
+ if (!smbldap_has_extension(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ LDAP_EXOP_MODIFY_PASSWD)) {
DEBUG(2, ("ldap password change requested, but LDAP "
"server does not support it -- ignoring\n"));
return NT_STATUS_OK;
ber_free(ber, 1);
if (!ldap_state->is_nds_ldap) {
- rc = smbldap_extended_operation(ldap_state->smbldap_state,
+ rc = smbldap_extended_operation(ldap_state->smbldap_state,
LDAP_EXOP_MODIFY_PASSWD,
- bv, NULL, NULL, &retoid,
+ bv, NULL, NULL, &retoid,
&retdata);
} else {
rc = pdb_nds_set_password(ldap_state->smbldap_state, dn,
return NT_STATUS_OK;
}
- ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,("ldapsam_modify_entry: LDAP Password could not be changed for user %s: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
#ifdef DEBUG_PASSWORD
DEBUG(100,("ldapsam_modify_entry: LDAP Password changed to %s\n",pdb_get_plaintext_passwd(newpwd)));
-#endif
+#endif
if (retdata)
ber_bvfree(retdata);
if (retoid)
rc = ldapsam_delete_entry(
priv, mem_ctx, entry,
priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ?
- LDAP_OBJ_SAMBASAMACCOUNT : LDAP_OBJ_SAMBAACCOUNT,
+ LDAP_OBJ_SAMBASAMACCOUNT : 0,
attr_list);
result = (rc == LDAP_SUCCESS) ?
static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struct samu * newpwd)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS ret;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc = 0;
char *dn;
}
pdb_set_backend_private_data(newpwd, result, NULL,
my_methods, PDB_CHANGED);
- talloc_autofree_ldapmsg(newpwd, result);
+ smbldap_talloc_autofree_ldapmsg(newpwd, result);
}
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
+ if (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ result) == 0) {
DEBUG(0, ("ldapsam_update_sam_account: No user to modify!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
+ dn = smbldap_talloc_dn(talloc_tos(),
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (!dn) {
return NT_STATUS_UNSUCCESSFUL;
}
struct samu *old_acct,
const char *newname)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
const char *oldname;
int rc;
char *rename_script = NULL;
oldname = pdb_get_username(old_acct);
/* rename the posix user */
- rename_script = talloc_strdup(talloc_tos(), lp_renameuser_script());
+ rename_script = lp_rename_user_script(talloc_tos(), lp_sub);
if (rename_script == NULL) {
return NT_STATUS_NO_MEMORY;
}
posix name but preserve the case in passdb */
fstrcpy( oldname_lower, oldname );
- strlower_m( oldname_lower );
+ if (!strlower_m( oldname_lower )) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
fstrcpy( newname_lower, newname );
- strlower_m( newname_lower );
+ if (!strlower_m( newname_lower )) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
rename_script = realloc_string_sub2(rename_script,
"%unew",
newname_lower,
oldname_lower,
true,
true);
- rc = smbrun(rename_script, NULL);
+ rc = smbrun(rename_script, NULL, NULL);
DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n",
rename_script, rc));
static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct samu * newpwd)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
LDAPMessage *result = NULL;
goto fn_exit;
}
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
- DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n",
+ if (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ result) != 0) {
+ DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n",
username));
goto fn_exit;
}
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
if (rc == LDAP_SUCCESS) {
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
+ if (ldap_count_entries(
+ smbldap_get_ldap(
+ ldap_state->smbldap_state),
+ result) != 0) {
+ struct dom_sid_buf buf;
DEBUG(0,("ldapsam_add_sam_account: SID '%s' "
"already in the base, with samba "
- "attributes\n", sid_string_dbg(sid)));
+ "attributes\n",
+ dom_sid_str_buf(sid, &buf)));
goto fn_exit;
}
ldap_msgfree(result);
goto fn_exit;
}
- num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
+ num_result = ldap_count_entries(
+ smbldap_get_ldap(ldap_state->smbldap_state), result);
if (num_result > 1) {
DEBUG (0, ("ldapsam_add_sam_account: More than one user with that uid exists: bailing out!\n"));
if (num_result == 1) {
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state), result);
+ dn = smbldap_talloc_dn(
+ ctx, smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
} else if (ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT) {
+ struct dom_sid_buf buf;
+
/* There might be a SID for this account already - say an idmap entry */
filter = talloc_asprintf(ctx,
"(&(%s=%s)(|(objectClass=%s)(objectClass=%s)))",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- sid_string_talloc(ctx, sid),
+ dom_sid_str_buf(sid, &buf),
LDAP_OBJ_IDMAP_ENTRY,
LDAP_OBJ_SID_ENTRY);
if (!filter) {
goto fn_exit;
}
- num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
+ num_result = ldap_count_entries(
+ smbldap_get_ldap(ldap_state->smbldap_state), result);
if (num_result > 1) {
DEBUG (0, ("ldapsam_add_sam_account: More than one user with specified Sid exists: bailing out!\n"));
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_talloc_dn (ctx, ldap_state->smbldap_state->ldap_struct, entry);
+ entry = ldap_first_entry (
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ result);
+ dn = smbldap_talloc_dn (
+ ctx,
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
dn = talloc_asprintf(ctx,
"uid=%s,%s",
escape_username,
- lp_ldap_machine_suffix());
+ lp_ldap_machine_suffix(talloc_tos()));
} else {
dn = talloc_asprintf(ctx,
"uid=%s,%s",
escape_username,
- lp_ldap_user_suffix());
+ lp_ldap_user_suffix(talloc_tos()));
}
SAFE_FREE(escape_username);
goto fn_exit;
}
switch ( ldap_state->schema_ver ) {
- case SCHEMAVER_SAMBAACCOUNT:
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);
- break;
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT);
break;
break;
}
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, pdb_element_is_set_or_changed);
- if (!NT_STATUS_IS_OK(ret)) {
+ status = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, pdb_element_is_set_or_changed);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
ldap_mods_free(mods, true);
attr_list = get_attr_list(NULL, groupmap_attr_list);
rc = smbldap_search(ldap_state->smbldap_state,
- lp_ldap_suffix (), scope,
+ lp_ldap_suffix(), scope,
filter, attr_list, 0, result);
TALLOC_FREE(attr_list);
TALLOC_CTX *ctx = talloc_init("init_group_from_ldap");
if (ldap_state == NULL || map == NULL || entry == NULL ||
- ldap_state->smbldap_state->ldap_struct == NULL) {
+ smbldap_get_ldap(ldap_state->smbldap_state) == NULL) {
DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n"));
TALLOC_FREE(ctx);
return false;
}
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_GIDNUMBER),
ctx);
if (!temp) {
- DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
+ DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER)));
TALLOC_FREE(ctx);
return false;
TALLOC_FREE(temp);
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_GROUP_SID),
TALLOC_FREE(temp);
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_GROUP_TYPE),
TALLOC_FREE(temp);
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_DISPLAY_NAME),
ctx);
if (!temp) {
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_CN),
TALLOC_FREE(temp);
temp = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_DESC),
}
if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
- idmap_cache_set_sid2gid(&map->sid, map->gid);
+ struct unixid id;
+ id.id = map->gid;
+ id.type = ID_TYPE_GID;
+
+ idmap_cache_set_sid2unixid(&map->sid, &id);
}
TALLOC_FREE(ctx);
{
char *filter = NULL;
NTSTATUS status;
- fstring tmp;
+ struct dom_sid_buf tmp;
if (asprintf(&filter, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID),
- sid_to_fstring(tmp, &sid)) < 0) {
+ dom_sid_str_buf(&sid, &tmp)) < 0) {
return NT_STATUS_NO_MEMORY;
}
}
if (dom_sid_compare_domain(&sid, domain_sid) != 0) {
+ struct dom_sid_buf buf;
DEBUG(10, ("SID %s is not in expected domain %s\n",
- str, sid_string_dbg(domain_sid)));
+ str,
+ dom_sid_str_buf(domain_sid, &buf)));
return False;
}
char **memberuid;
char *gidstr;
int rc, count;
+ struct dom_sid_buf buf;
*pp_member_rids = NULL;
*p_num_members = 0;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)"
- "(objectClass=%s)"
+ "(&(objectClass="LDAP_OBJ_POSIXGROUP")"
+ "(objectClass="LDAP_OBJ_GROUPMAP")"
"(sambaSID=%s))",
- LDAP_OBJ_POSIXGROUP,
- LDAP_OBJ_GROUPMAP,
- sid_string_talloc(mem_ctx, group));
+ dom_sid_str_buf(group, &buf));
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
if (rc != LDAP_SUCCESS)
goto done;
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- count = ldap_count_entries(conn->ldap_struct, result);
+ count = ldap_count_entries(smbldap_get_ldap(conn), result);
if (count > 1) {
DEBUG(1, ("Found more than one groupmap entry for %s\n",
- sid_string_dbg(group)));
+ dom_sid_str_buf(group, &buf)));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
goto done;
}
- entry = ldap_first_entry(conn->ldap_struct, result);
+ entry = ldap_first_entry(smbldap_get_ldap(conn), result);
if (entry == NULL)
goto done;
goto done;
}
- values = ldap_get_values(conn->ldap_struct, entry, "memberUid");
+ values = ldap_get_values(smbldap_get_ldap(conn), entry, "memberUid");
if ((values != NULL) && (values[0] != NULL)) {
- filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT);
- if (filter == NULL) {
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ filter = talloc_strdup(mem_ctx, "(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|");
for (memberuid = values; *memberuid != NULL; memberuid += 1) {
char *escape_memberuid;
if (rc != LDAP_SUCCESS)
goto done;
- count = ldap_count_entries(conn->ldap_struct, result);
+ count = ldap_count_entries(smbldap_get_ldap(conn), result);
DEBUG(10,("ldapsam_enum_group_members: found %d accounts\n", count));
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- for (entry = ldap_first_entry(conn->ldap_struct, result);
+ for (entry = ldap_first_entry(smbldap_get_ldap(conn), result);
entry != NULL;
- entry = ldap_next_entry(conn->ldap_struct, entry))
+ entry = ldap_next_entry(smbldap_get_ldap(conn), entry))
{
char *sidstr;
struct dom_sid sid;
uint32_t rid;
- sidstr = smbldap_talloc_single_attribute(conn->ldap_struct,
- entry, "sambaSID",
- mem_ctx);
+ sidstr = smbldap_talloc_single_attribute(
+ smbldap_get_ldap(conn), entry, "sambaSID",
+ mem_ctx);
if (!sidstr) {
DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
"attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
if (!string_to_sid(&sid, sidstr))
goto done;
- if (!sid_check_is_in_our_domain(&sid)) {
+ if (!sid_check_is_in_our_sam(&sid)) {
DEBUG(0, ("Inconsistent SAM -- group member uid not "
"in our domain\n"));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
if (rc != LDAP_SUCCESS)
goto done;
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
- for (entry = ldap_first_entry(conn->ldap_struct, result);
+ for (entry = ldap_first_entry(smbldap_get_ldap(conn), result);
entry != NULL;
- entry = ldap_next_entry(conn->ldap_struct, entry))
+ entry = ldap_next_entry(smbldap_get_ldap(conn), entry))
{
uint32_t rid;
- if (!ldapsam_extract_rid_from_entry(conn->ldap_struct,
+ if (!ldapsam_extract_rid_from_entry(smbldap_get_ldap(conn),
entry,
get_global_sam_sid(),
&rid)) {
uint32_t num_gids;
char *gidstr;
gid_t primary_gid = -1;
+ int error = 0;
*pp_sids = NULL;
num_sids = 0;
} else {
/* retrieve the users primary gid */
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(uid=%s))",
- LDAP_OBJ_SAMBASAMACCOUNT,
+ "(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(uid=%s))",
escape_name);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
if (rc != LDAP_SUCCESS)
goto done;
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
count = ldap_count_entries(priv2ld(ldap_state), result);
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
- primary_gid = strtoul(gidstr, NULL, 10);
+ primary_gid = smb_strtoul(gidstr,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_ERR("Failed to convert GID\n");
+ goto done;
+ }
break;
default:
DEBUG(1, ("found more than one account with the same user name ?!\n"));
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
- LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
+ "(&(objectClass="LDAP_OBJ_POSIXGROUP")(|(memberUid=%s)(gidNumber=%u)))",
+ escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
if (rc != LDAP_SUCCESS)
goto done;
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
num_gids = 0;
*pp_gids = NULL;
goto done;
}
- for (entry = ldap_first_entry(conn->ldap_struct, result);
+ for (entry = ldap_first_entry(smbldap_get_ldap(conn), result);
entry != NULL;
- entry = ldap_next_entry(conn->ldap_struct, entry))
+ entry = ldap_next_entry(smbldap_get_ldap(conn), entry))
{
fstring str;
struct dom_sid sid;
gid_t gid;
- char *end;
- if (!smbldap_get_single_attribute(conn->ldap_struct,
+ if (!smbldap_get_single_attribute(smbldap_get_ldap(conn),
entry, "sambaSID",
str, sizeof(str)-1))
continue;
if (!string_to_sid(&sid, str))
goto done;
- if (!smbldap_get_single_attribute(conn->ldap_struct,
+ if (!smbldap_get_single_attribute(smbldap_get_ldap(conn),
entry, "gidNumber",
str, sizeof(str)-1))
continue;
- gid = strtoul(str, &end, 10);
+ gid = smb_strtoul(str, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
- if (PTR_DIFF(end, str) != strlen(str))
+ if (error != 0) {
goto done;
+ }
if (gid == primary_gid) {
sid_copy(&(*pp_sids)[0], &sid);
const char *filter, *dn;
LDAPMessage *msg, *entry;
LDAPMod **mods;
+ struct dom_sid_buf buf;
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(gidNumber=%u))",
- LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
+ "(&(objectClass="LDAP_OBJ_POSIXGROUP")(gidNumber=%u))",
+ (unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
get_attr_list(mem_ctx, groupmap_attr_list),
&msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
if ((rc != LDAP_SUCCESS) ||
- (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) != 1) ||
- ((entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg)) == NULL)) {
+ (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ msg) != 1) ||
+ ((entry = ldap_first_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ msg)) == NULL)) {
return NT_STATUS_NO_SUCH_GROUP;
}
- dn = smbldap_talloc_dn(mem_ctx, ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(mem_ctx,
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (dn == NULL) {
return NT_STATUS_NO_MEMORY;
}
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
LDAP_OBJ_GROUPMAP);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
- sid_string_talloc(mem_ctx, &map->sid));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "sambaSid",
+ dom_sid_str_buf(&map->sid, &buf));
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "sambaGroupType",
talloc_asprintf(mem_ctx, "%d", map->sid_name_use));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "displayName",
map->nt_name);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "description",
map->comment);
- talloc_autofree_ldapmod(mem_ctx, mods);
+ smbldap_talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
if (rc != LDAP_SUCCESS) {
NTSTATUS result;
struct dom_sid sid;
+ struct dom_sid_buf buf;
+ struct unixid id;
int rc;
}
filter = talloc_asprintf(mem_ctx, "(sambaSid=%s)",
- sid_string_talloc(mem_ctx, &map->sid));
+ dom_sid_str_buf(&map->sid, &buf));
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, True, &msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
if ((rc == LDAP_SUCCESS) &&
- (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) > 0)) {
+ (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ msg) > 0)) {
DEBUG(3, ("SID %s already present in LDAP, refusing to add "
- "group mapping entry\n", sid_string_dbg(&map->sid)));
+ "group mapping entry\n",
+ dom_sid_str_buf(&map->sid, &buf)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
break;
case SID_NAME_ALIAS:
- if (!sid_check_is_in_our_domain(&map->sid)
- && !sid_check_is_in_builtin(&map->sid) )
+ if (!sid_check_is_in_our_sam(&map->sid)
+ && !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
- sid_string_dbg(&map->sid)));
+ dom_sid_str_buf(&map->sid, &buf)));
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
goto done;
}
- if (pdb_gid_to_sid(map->gid, &sid)) {
+ id.id = map->gid;
+ id.type = ID_TYPE_GID;
+
+ if (pdb_id_to_sid(&id, &sid)) {
DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
- "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
+ "add\n",
+ (unsigned int)map->gid,
+ dom_sid_str_buf(&sid, &buf)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
* the best we can get out of LDAP. */
dn = talloc_asprintf(mem_ctx, "sambaSid=%s,%s",
- sid_string_talloc(mem_ctx, &map->sid),
- lp_ldap_group_suffix());
+ dom_sid_str_buf(&map->sid, &buf),
+ lp_ldap_group_suffix(talloc_tos()));
if (dn == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
mods = NULL;
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- LDAP_OBJ_SID_ENTRY);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- LDAP_OBJ_GROUPMAP);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
- sid_string_talloc(mem_ctx, &map->sid));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "objectClass", LDAP_OBJ_SID_ENTRY);
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "objectClass", LDAP_OBJ_GROUPMAP);
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "sambaSid",
+ dom_sid_str_buf(&map->sid, &buf));
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "sambaGroupType",
talloc_asprintf(mem_ctx, "%d", map->sid_name_use));
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "displayName",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "displayName",
map->nt_name);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description",
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "description",
map->comment);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber",
- talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid));
- talloc_autofree_ldapmod(mem_ctx, mods);
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), NULL,
+ &mods, "gidNumber",
+ talloc_asprintf(mem_ctx, "%u",
+ (unsigned int)map->gid));
+ smbldap_talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
LDAPMod **mods = NULL;
TALLOC_CTX *mem_ctx;
NTSTATUS result;
+ struct dom_sid_buf buf;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
/* Make 100% sure that sid, gid and type are not changed by looking up
* exactly the values we're given in LDAP. */
- filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)"
+ filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")"
"(sambaSid=%s)(gidNumber=%u)"
"(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP,
- sid_string_talloc(mem_ctx, &map->sid),
+ dom_sid_str_buf(&map->sid, &buf),
(unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
get_attr_list(mem_ctx, groupmap_attr_list),
&msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
if ((rc != LDAP_SUCCESS) ||
- (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) != 1) ||
- ((entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg)) == NULL)) {
+ (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
+ msg) != 1) ||
+ ((entry = ldap_first_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ msg)) == NULL)) {
result = NT_STATUS_NO_SUCH_GROUP;
goto done;
}
- dn = smbldap_talloc_dn(mem_ctx, ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(
+ mem_ctx, smbldap_get_ldap(ldap_state->smbldap_state), entry);
if (dn == NULL) {
result = NT_STATUS_NO_MEMORY;
}
mods = NULL;
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName",
- map->nt_name);
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description",
- map->comment);
- talloc_autofree_ldapmod(mem_ctx, mods);
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "displayName", map->nt_name);
+ smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state), entry,
+ &mods, "description", map->comment);
+ smbldap_talloc_autofree_ldapmod(mem_ctx, mods);
if (mods == NULL) {
DEBUG(4, ("ldapsam_update_group_mapping_entry: mods is empty: "
NTSTATUS result;
TALLOC_CTX *mem_ctx;
char *filter;
+ struct dom_sid_buf buf;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
- filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_GROUPMAP, LDAP_ATTRIBUTE_SID,
- sid_string_talloc(mem_ctx, &sid));
+ filter = talloc_asprintf(mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")("LDAP_ATTRIBUTE_SID"=%s))",
+ dom_sid_str_buf(&sid, &buf));
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
rc = smbldap_search_suffix(priv->smbldap_state, filter,
get_attr_list(mem_ctx, groupmap_attr_list),
&msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
if ((rc != LDAP_SUCCESS) ||
(ldap_count_entries(priv2ld(priv), msg) != 1) ||
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)my_methods->private_data;
- char *filter = NULL;
+ const char *filter = NULL;
int rc;
const char **attr_list;
- filter = talloc_asprintf(NULL, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
- if (!filter) {
- return NT_STATUS_NO_MEMORY;
- }
+ filter = "(objectclass="LDAP_OBJ_GROUPMAP")";
attr_list = get_attr_list( NULL, groupmap_attr_list );
rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter,
lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
- TALLOC_FREE(filter);
return NT_STATUS_UNSUCCESSFUL;
}
- TALLOC_FREE(filter);
-
DEBUG(2, ("ldapsam_setsamgrent: %d entries in the base!\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result)));
+ ldap_count_entries(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ ldap_state->result)));
ldap_state->entry =
- ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
+ ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
ldap_state->result);
ldap_state->index = 0;
bret = init_group_from_ldap(ldap_state, map,
ldap_state->entry);
- ldap_state->entry =
- ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->entry);
+ ldap_state->entry = ldap_next_entry(
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ ldap_state->entry);
}
return NT_STATUS_OK;
LDAPMod **mods = NULL;
int rc;
enum lsa_SidType type = SID_NAME_USE_NONE;
- fstring tmp;
+ struct dom_sid_buf tmp;
char *filter = NULL;
type = SID_NAME_ALIAS;
}
- if (sid_check_is_in_our_domain(alias)) {
+ if (sid_check_is_in_our_sam(alias)) {
type = SID_NAME_ALIAS;
}
if (type == SID_NAME_USE_NONE) {
+ struct dom_sid_buf buf;
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_dbg(alias)));
+ dom_sid_str_buf(alias, &buf)));
return NT_STATUS_NO_SUCH_ALIAS;
}
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
+ LDAP_OBJ_GROUPMAP,
+ dom_sid_str_buf(alias, &tmp),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_SUCH_ALIAS;
}
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
+ count = ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
result);
if (count < 1) {
SAFE_FREE(filter);
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
result);
if (!entry) {
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(),
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
smbldap_set_mod(&mods, modop,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_SID_LIST),
- sid_to_fstring(tmp, member));
+ dom_sid_str_buf(member, &tmp));
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
char *filter = NULL;
uint32_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
- fstring tmp;
+ struct dom_sid_buf tmp;
*pp_members = NULL;
*p_num_members = 0;
type = SID_NAME_ALIAS;
}
- if (sid_check_is_in_our_domain(alias)) {
+ if (sid_check_is_in_our_sam(alias)) {
type = SID_NAME_ALIAS;
}
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_dbg(alias)));
+ dom_sid_str_buf(alias, &tmp)));
return NT_STATUS_NO_SUCH_ALIAS;
}
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
+ LDAP_OBJ_GROUPMAP,
+ dom_sid_str_buf(alias, &tmp),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_SUCH_ALIAS;
}
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
+ count = ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
result);
if (count < 1) {
SAFE_FREE(filter);
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
result);
if (!entry) {
return NT_STATUS_UNSUCCESSFUL;
}
- values = ldap_get_values(ldap_state->smbldap_state->ldap_struct,
+ values = ldap_get_values(smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_SID_LIST));
type = SID_NAME_ALIAS;
}
- if (sid_check_is_domain(domain_sid)) {
+ if (sid_check_is_our_sam(domain_sid)) {
type = SID_NAME_ALIAS;
}
if (type == SID_NAME_USE_NONE) {
+ struct dom_sid_buf buf;
DEBUG(5, ("SID %s is neither builtin nor domain!\n",
- sid_string_dbg(domain_sid)));
+ dom_sid_str_buf(domain_sid, &buf)));
return NT_STATUS_UNSUCCESSFUL;
}
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectclass=%s)(sambaGroupType=%d)(|",
- LDAP_OBJ_GROUPMAP, type);
+ "(&(objectclass="LDAP_OBJ_GROUPMAP")(sambaGroupType=%d)(|",
+ type);
- for (i=0; i<num_members; i++)
+ for (i=0; i<num_members; i++) {
+ struct dom_sid_buf buf;
filter = talloc_asprintf(mem_ctx, "%s(sambaSIDList=%s)",
filter,
- sid_string_talloc(mem_ctx,
- &members[i]));
+ dom_sid_str_buf(&members[i], &buf));
+ }
filter = talloc_asprintf(mem_ctx, "%s))", filter);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(filter, result);
+ smbldap_talloc_autofree_ldapmsg(filter, result);
}
- ldap_struct = ldap_state->smbldap_state->ldap_struct;
+ ldap_struct = smbldap_get_ldap(ldap_state->smbldap_state);
for (entry = ldap_first_entry(ldap_struct, result);
entry != NULL;
TALLOC_FREE(ldap_state->search_cache.filter);
/*
* Note: result is a talloc child of filter because of the
- * talloc_autofree_ldapmsg() usage
+ * smbldap_talloc_autofree_ldapmsg() usage
*/
ldap_state->search_cache.filter = talloc_move(ldap_state, &filter);
ldap_state->search_cache.result = result;
int count;
int rc;
char **vals = NULL;
- char *filter;
+ const char *filter;
const char *policy_attr = NULL;
struct ldapsam_privates *ldap_state =
attrs[0] = policy_attr;
attrs[1] = NULL;
- filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", LDAP_OBJ_DOMINFO);
- if (filter == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ filter = "(objectClass="LDAP_OBJ_DOMINFO")";
rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
LDAP_SCOPE_BASE, filter, attrs, 0,
&result);
- TALLOC_FREE(filter);
if (rc != LDAP_SUCCESS) {
return ntstatus;
}
return ntstatus;
}
-/* wrapper around ldapsam_get_account_policy_from_ldap(), handles tdb as cache
+/* wrapper around ldapsam_get_account_policy_from_ldap(), handles tdb as cache
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
- if there is a valid cache entry, return that
- - if there is an LDAP entry, update cache and return
+ - if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
Guenther
enum pdb_policy_type type,
uint32_t *value)
{
- NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS ntstatus;
if (cache_account_policy_get(type, value)) {
DEBUG(11,("ldapsam_get_account_policy: got valid value from "
LDAPMessage *msg = NULL;
LDAPMessage *entry;
char *allsids = NULL;
- int i, rc, num_mapped;
+ size_t i, num_mapped;
+ int rc;
NTSTATUS result = NT_STATUS_NO_MEMORY;
TALLOC_CTX *mem_ctx;
LDAP *ld;
}
if (!sid_check_is_builtin(domain_sid) &&
- !sid_check_is_domain(domain_sid)) {
+ !sid_check_is_our_sam(domain_sid)) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
for (i=0; i<num_rids; i++) {
struct dom_sid sid;
+ struct dom_sid_buf buf;
sid_compose(&sid, domain_sid, rids[i]);
allsids = talloc_asprintf_append_buffer(
- allsids, "(sambaSid=%s)",
- sid_string_talloc(mem_ctx, &sid));
+ allsids,
+ "(sambaSid=%s)",
+ dom_sid_str_buf(&sid, &buf));
if (allsids == NULL) {
goto done;
}
const char *ldap_attrs[] = { "uid", "sambaSid", NULL };
filter = talloc_asprintf(
- mem_ctx, ("(&(objectClass=%s)(|%s))"),
- LDAP_OBJ_SAMBASAMACCOUNT, allsids);
+ mem_ctx, ("(&(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")(|%s))"),
+ allsids);
if (filter == NULL) {
goto done;
}
rc = smbldap_search(ldap_state->smbldap_state,
- lp_ldap_user_suffix(),
+ lp_ldap_user_suffix(talloc_tos()),
LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0,
&msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
}
if (rc != LDAP_SUCCESS)
goto done;
- ld = ldap_state->smbldap_state->ldap_struct;
+ ld = smbldap_get_ldap(ldap_state->smbldap_state);
num_mapped = 0;
for (entry = ldap_first_entry(ld, msg);
"sambaGroupType", NULL };
filter = talloc_asprintf(
- mem_ctx, "(&(objectClass=%s)(|%s))",
- LDAP_OBJ_GROUPMAP, allsids);
+ mem_ctx, "(&(objectClass="LDAP_OBJ_GROUPMAP")(|%s))",
+ allsids);
if (filter == NULL) {
goto done;
}
lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0,
&msg);
- talloc_autofree_ldapmsg(mem_ctx, msg);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, msg);
}
if (rc != LDAP_SUCCESS)
/* ldap_struct might have changed due to a reconnect */
- ld = ldap_state->smbldap_state->ldap_struct;
+ ld = smbldap_get_ldap(ldap_state->smbldap_state);
/* For consistency checks, we already checked we're only domain or builtin */
state->entries = NULL;
- if (state->connection->paged_results) {
+ if (smbldap_get_paged_results(state->connection)) {
rc = smbldap_search_paged(state->connection, state->base,
state->scope, state->filter,
state->attrs, state->attrsonly,
/* Ok, the server was lying. It told us it could do paged
* searches when it could not. */
- state->connection->paged_results = False;
+ smbldap_set_paged_results(state->connection, false);
}
- ld = state->connection->ldap_struct;
+ ld = smbldap_get_ldap(state->connection);
if ( ld == NULL) {
DEBUG(5, ("Don't have an LDAP connection right after a "
"search\n"));
(struct ldap_search_state *)search->private_data;
int rc;
- if (!state->connection->paged_results) {
+ if (!smbldap_get_paged_results(state->connection)) {
/* There is no next page when there are no paged results */
return False;
}
if ((rc != LDAP_SUCCESS) || (state->entries == NULL))
return False;
- state->current_entry = ldap_first_entry(state->connection->ldap_struct, state->entries);
+ state->current_entry = ldap_first_entry(
+ smbldap_get_ldap(state->connection), state->entries);
if (state->current_entry == NULL) {
ldap_msgfree(state->entries);
}
result = state->ldap2displayentry(state, search,
- state->connection->ldap_struct,
+ smbldap_get_ldap(state->connection),
state->current_entry, entry);
if (!result) {
char *dn;
- dn = ldap_get_dn(state->connection->ldap_struct, state->current_entry);
+ dn = ldap_get_dn(smbldap_get_ldap(state->connection),
+ state->current_entry);
DEBUG(5, ("Skipping entry %s\n", dn != NULL ? dn : "<NULL>"));
if (dn != NULL) ldap_memfree(dn);
}
- state->current_entry = ldap_next_entry(state->connection->ldap_struct, state->current_entry);
+ state->current_entry = ldap_next_entry(
+ smbldap_get_ldap(state->connection), state->current_entry);
if (state->current_entry == NULL) {
ldap_msgfree(state->entries);
state->entries = NULL;
state->current_entry = NULL;
- if (!state->connection->paged_results)
+ if (!smbldap_get_paged_results(state->connection)) {
return;
+ }
/* Tell the LDAP server we're not interested in the rest anymore. */
vals = ldap_get_values(ld, entry, "sambaAcctFlags");
if ((vals == NULL) || (vals[0] == NULL)) {
- DEBUG(5, ("\"sambaAcctFlags\" not found\n"));
- return False;
+ acct_flags = ACB_NORMAL;
+ } else {
+ acct_flags = pdb_decode_acct_ctrl(vals[0]);
+ ldap_value_free(vals);
}
- acct_flags = pdb_decode_acct_ctrl(vals[0]);
- ldap_value_free(vals);
if ((state->acct_flags != 0) &&
((state->acct_flags & acct_flags) == 0))
- return False;
+ return False;
result->acct_flags = acct_flags;
result->account_name = "";
ldap_value_free(vals);
if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)) {
+ struct dom_sid_buf buf;
DEBUG(0, ("sid %s does not belong to our domain\n",
- sid_string_dbg(&sid)));
+ dom_sid_str_buf(&sid, &buf)));
return False;
}
state->connection = ldap_state->smbldap_state;
if ((acct_flags != 0) && ((acct_flags & ACB_NORMAL) != 0))
- state->base = lp_ldap_user_suffix();
+ state->base = lp_ldap_user_suffix(talloc_tos());
else if ((acct_flags != 0) &&
((acct_flags & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) != 0))
- state->base = lp_ldap_machine_suffix();
+ state->base = lp_ldap_machine_suffix(talloc_tos());
else
state->base = lp_ldap_suffix();
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
- if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)
- && !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
+ if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)
+ && !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
{
+ struct dom_sid_buf buf;
DEBUG(0, ("%s is not in our domain\n",
- sid_string_dbg(&sid)));
+ dom_sid_str_buf(&sid, &buf)));
return False;
}
break;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
- fstring tmp;
+ struct dom_sid_buf tmp;
state = talloc(search, struct ldap_search_state);
if (state == NULL) {
state->connection = ldap_state->smbldap_state;
- state->base = talloc_strdup(search, lp_ldap_suffix());
+ state->base = lp_ldap_suffix();
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = talloc_asprintf(search, "(&(objectclass=%s)"
+ state->filter = talloc_asprintf(search, "(&(objectclass="LDAP_OBJ_GROUPMAP")"
"(sambaGroupType=%d)(sambaSID=%s*))",
- LDAP_OBJ_GROUPMAP,
- type, sid_to_fstring(tmp, sid));
+ type,
+ dom_sid_str_buf(sid, &tmp));
state->attrs = talloc_attrs(search, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
int rc;
uint32_t nextRid = 0;
const char *dn;
+ uint32_t tmp;
+ int error = 0;
TALLOC_CTX *mem_ctx;
goto done;
}
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
entry = ldap_first_entry(priv2ld(priv), result);
if (entry == NULL) {
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextRid", mem_ctx);
if (value != NULL) {
- uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
+ tmp = (uint32_t)smb_strtoul(value,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ goto done;
+ }
+
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextUserRid", mem_ctx);
if (value != NULL) {
- uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
+ tmp = (uint32_t)smb_strtoul(value,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ goto done;
+ }
+
nextRid = MAX(nextRid, tmp);
}
value = smbldap_talloc_single_attribute(priv2ld(priv), entry,
"sambaNextGroupRid", mem_ctx);
if (value != NULL) {
- uint32_t tmp = (uint32_t)strtoul(value, NULL, 10);
+ tmp = (uint32_t)smb_strtoul(value,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ goto done;
+ }
+
nextRid = MAX(nextRid, tmp);
}
smbldap_make_mod(priv2ld(priv), entry, &mods, "sambaNextRid",
talloc_asprintf(mem_ctx, "%d", nextRid));
- talloc_autofree_ldapmod(mem_ctx, mods);
+ smbldap_talloc_autofree_ldapmod(mem_ctx, mods);
if ((dn = smbldap_talloc_dn(mem_ctx, priv2ld(priv), entry)) == NULL) {
status = NT_STATUS_NO_MEMORY;
static bool ldapsam_sid_to_id(struct pdb_methods *methods,
const struct dom_sid *sid,
- uid_t *uid, gid_t *gid,
- enum lsa_SidType *type)
+ struct unixid *id)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
char *filter;
+ int error = 0;
+ struct dom_sid_buf buf;
const char *attrs[] = { "sambaGroupType", "gidNumber", "uidNumber",
NULL };
LDAPMessage *result = NULL;
TALLOC_CTX *mem_ctx;
+ ret = pdb_sid_to_id_unix_users_and_groups(sid, id);
+ if (ret == true) {
+ return true;
+ }
+
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
filter = talloc_asprintf(mem_ctx,
"(&(sambaSid=%s)"
- "(|(objectClass=%s)(objectClass=%s)))",
- sid_string_talloc(mem_ctx, sid),
- LDAP_OBJ_GROUPMAP, LDAP_OBJ_SAMBASAMACCOUNT);
+ "(|(objectClass="LDAP_OBJ_GROUPMAP")(objectClass="LDAP_OBJ_SAMBASAMACCOUNT")))",
+ dom_sid_str_buf(sid, &buf));
if (filter == NULL) {
DEBUG(5, ("talloc_asprintf failed\n"));
goto done;
if (rc != LDAP_SUCCESS) {
goto done;
}
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
if (ldap_count_entries(priv2ld(priv), result) != 1) {
DEBUG(10, ("Got %d entries, expected one\n",
goto done;
}
- *gid = strtoul(gid_str, NULL, 10);
- *type = (enum lsa_SidType)strtoul(value, NULL, 10);
- idmap_cache_set_sid2gid(sid, *gid);
+ id->id = smb_strtoul(gid_str,
+ NULL,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ goto done;
+ }
+
+ id->type = ID_TYPE_GID;
ret = True;
goto done;
}
goto done;
}
- *uid = strtoul(value, NULL, 10);
- *type = SID_NAME_USER;
- idmap_cache_set_sid2uid(sid, *uid);
+ id->id = smb_strtoul(value, NULL, 10, &error, SMB_STR_STANDARD);
+ if (error != 0) {
+ goto done;
+ }
+ id->type = ID_TYPE_UID;
ret = True;
done:
TALLOC_FREE(mem_ctx);
filter = talloc_asprintf(tmp_ctx,
"(&(uidNumber=%u)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- (unsigned int)uid,
- LDAP_OBJ_POSIXACCOUNT,
- LDAP_OBJ_SAMBASAMACCOUNT);
+ "(objectClass="LDAP_OBJ_POSIXACCOUNT")"
+ "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
+ (unsigned int)uid);
if (filter == NULL) {
DEBUG(3, ("talloc_asprintf failed\n"));
goto done;
if (rc != LDAP_SUCCESS) {
goto done;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
if (ldap_count_entries(priv2ld(priv), result) != 1) {
DEBUG(3, ("ERROR: Got %d entries for uid %u, expected one\n",
}
if (!string_to_sid(&user_sid, user_sid_string)) {
- DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n",
+ DEBUG(3, ("Error calling string_to_sid for sid '%s'\n",
user_sid_string));
goto done;
}
sid_copy(sid, &user_sid);
- idmap_cache_set_sid2uid(sid, uid);
-
ret = true;
done:
filter = talloc_asprintf(tmp_ctx,
"(&(gidNumber=%u)"
- "(objectClass=%s))",
- (unsigned int)gid,
- LDAP_OBJ_GROUPMAP);
+ "(objectClass="LDAP_OBJ_GROUPMAP"))",
+ (unsigned int)gid);
if (filter == NULL) {
DEBUG(3, ("talloc_asprintf failed\n"));
goto done;
if (rc != LDAP_SUCCESS) {
goto done;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
if (ldap_count_entries(priv2ld(priv), result) != 1) {
DEBUG(3, ("ERROR: Got %d entries for gid %u, expected one\n",
}
if (!string_to_sid(&group_sid, group_sid_string)) {
- DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n",
+ DEBUG(3, ("Error calling string_to_sid for sid '%s'\n",
group_sid_string));
goto done;
}
sid_copy(sid, &group_sid);
- idmap_cache_set_sid2gid(sid, gid);
-
ret = true;
done:
return ret;
}
+static bool ldapsam_id_to_sid(struct pdb_methods *methods, struct unixid *id,
+ struct dom_sid *sid)
+{
+ switch (id->type) {
+ case ID_TYPE_UID:
+ return ldapsam_uid_to_sid(methods, id->id, sid);
+
+ case ID_TYPE_GID:
+ return ldapsam_gid_to_sid(methods, id->id, sid);
+
+ default:
+ return false;
+ }
+}
+
/*
* The following functions are called only if
uint32_t num_result;
bool is_machine = False;
bool add_posix = False;
+ bool init_okay = False;
LDAPMod **mods = NULL;
struct samu *user;
char *filter;
}
username = escape_ldap_string(talloc_tos(), name);
- filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
- username, LDAP_OBJ_POSIXACCOUNT);
+ filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass="LDAP_OBJ_POSIXACCOUNT"))",
+ username);
TALLOC_FREE(username);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
return NT_STATUS_ACCESS_DENIED;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
return NT_STATUS_UNSUCCESSFUL;
}
- if (!init_ldap_from_sam(ldap_state, entry, &mods, user, pdb_element_is_set_or_changed)) {
+ init_okay = init_ldap_from_sam(ldap_state, entry, &mods, user, pdb_element_is_set_or_changed);
+
+ if (!init_okay) {
DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n"));
+ ldap_mods_free(mods, true);
return NT_STATUS_UNSUCCESSFUL;
}
if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) ||
!sid_to_gid(&group_sid, &gid)) {
DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n"));
+ ldap_mods_free(mods, true);
return NT_STATUS_INVALID_PRIMARY_GROUP;
}
/* lets allocate a new userid for this user */
if (!winbind_allocate_uid(&uid)) {
DEBUG (0, ("ldapsam_create_user: Unable to allocate a new user id: bailing out!\n"));
+ ldap_mods_free(mods, true);
return NT_STATUS_UNSUCCESSFUL;
}
if (is_machine) {
/* TODO: choose a more appropriate default for machines */
- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid);
+ homedir = talloc_sub_specified(tmp_ctx,
+ lp_template_homedir(),
+ "SMB_workstations_home",
+ NULL,
+ ldap_state->domain_name,
+ uid,
+ gid);
shell = talloc_strdup(tmp_ctx, "/bin/false");
} else {
- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
- shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
+ homedir = talloc_sub_specified(tmp_ctx,
+ lp_template_homedir(),
+ name,
+ NULL,
+ ldap_state->domain_name,
+ uid,
+ gid);
+ shell = talloc_sub_specified(tmp_ctx,
+ lp_template_shell(),
+ name,
+ NULL,
+ ldap_state->domain_name,
+ uid,
+ gid);
}
uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
+ ldap_mods_free(mods, true);
return NT_STATUS_NO_MEMORY;
}
if (is_machine) {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ());
+ dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix (talloc_tos()));
} else {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ());
+ dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix (talloc_tos()));
}
SAFE_FREE(escape_name);
if (!homedir || !shell || !uidstr || !gidstr || !dn) {
DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
+ ldap_mods_free(mods, true);
return NT_STATUS_NO_MEMORY;
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell);
}
- talloc_autofree_ldapmod(tmp_ctx, mods);
-
- if (add_posix) {
+ if (add_posix) {
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
} else {
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- }
+ }
+
+ ldap_mods_free(mods, true);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: failed to create a new user [%s] (dn = %s)\n", name ,dn));
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- pdb_get_username(sam_acct),
- LDAP_OBJ_POSIXACCOUNT,
- LDAP_OBJ_SAMBASAMACCOUNT);
+ "(objectClass="LDAP_OBJ_POSIXACCOUNT")"
+ "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
+ pdb_get_username(sam_acct));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(0,("ldapsam_delete_user: user search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
bool is_new_entry = False;
LDAPMod **mods = NULL;
char *filter;
- char *groupsidstr;
char *groupname;
- char *grouptype;
+ const char *grouptype;
char *gidstr;
const char *dn = NULL;
struct dom_sid group_sid;
+ struct dom_sid_buf buf;
gid_t gid = -1;
int rc;
+ int error = 0;
groupname = escape_ldap_string(talloc_tos(), name);
- filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
- groupname, LDAP_OBJ_POSIXGROUP);
+ filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass="LDAP_OBJ_POSIXGROUP"))",
+ groupname);
TALLOC_FREE(groupname);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
DEBUG(0,("ldapsam_create_group: ldap search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- gid = strtoul(tmp, NULL, 10);
+ gid = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_ERR("Failed to convert gidNumber\n");
+ return NT_STATUS_UNSUCCESSFUL;
+ }
dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry);
if (!dn) {
sid_compose(&group_sid, get_global_sam_sid(), *rid);
- groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
- &group_sid));
grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
- if (!groupsidstr || !grouptype) {
+ if (!grouptype) {
DEBUG(0,("ldapsam_create_group: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);
+ smbldap_set_mod(&mods,
+ LDAP_MOD_ADD,
+ "sambaSid",
+ dom_sid_str_buf(&group_sid, &buf));
smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);
return NT_STATUS_NO_MEMORY;
}
- dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix());
+ dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix(talloc_tos()));
SAFE_FREE(escape_name);
smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
}
- talloc_autofree_ldapmod(tmp_ctx, mods);
+ smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
- if (is_new_entry) {
+ if (is_new_entry) {
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
#if 0
if (rc == LDAP_OBJECT_CLASS_VIOLATION) {
#endif
} else {
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- }
+ }
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_group: failed to create a new group [%s] (dn = %s)\n", name ,dn));
char *gidstr;
char *filter;
struct dom_sid group_sid;
+ struct dom_sid_buf buf;
int rc;
/* get the group sid */
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- sid_string_talloc(tmp_ctx, &group_sid),
- LDAP_OBJ_POSIXGROUP,
- LDAP_OBJ_GROUPMAP);
+ "(objectClass="LDAP_OBJ_POSIXGROUP")"
+ "(objectClass="LDAP_OBJ_GROUPMAP"))",
+ dom_sid_str_buf(&group_sid, &buf));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(1,("ldapsam_delete_dom_group: group search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
/* check no user have this group marked as primary group */
filter = talloc_asprintf(tmp_ctx,
"(&(gidNumber=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- gidstr,
- LDAP_OBJ_POSIXACCOUNT,
- LDAP_OBJ_SAMBASAMACCOUNT);
+ "(objectClass="LDAP_OBJ_POSIXACCOUNT")"
+ "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
+ gidstr);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(1,("ldapsam_delete_dom_group: accounts search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
const char *dn = NULL;
struct dom_sid group_sid;
struct dom_sid member_sid;
+ struct dom_sid_buf buf;
int rc;
+ int error = 0;
switch (modop) {
case LDAP_MOD_ADD:
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- sid_string_talloc(tmp_ctx, &member_sid),
- LDAP_OBJ_POSIXACCOUNT,
- LDAP_OBJ_SAMBASAMACCOUNT);
+ "(objectClass="LDAP_OBJ_POSIXACCOUNT")"
+ "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
+ dom_sid_str_buf(&member_sid, &buf));
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(1,("ldapsam_change_groupmem: member search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- user_gid = strtoul(gidstr, NULL, 10);
+ user_gid = smb_strtoul(gidstr, NULL, 10, &error, SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_ERR("Failed to convert user gid\n");
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if (!sid_to_gid(&group_sid, &group_gid)) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
filter = talloc_asprintf(tmp_ctx,
"(&(sambaSID=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- sid_string_talloc(tmp_ctx, &group_sid),
- LDAP_OBJ_POSIXGROUP,
- LDAP_OBJ_GROUPMAP);
+ "(objectClass="LDAP_OBJ_POSIXGROUP")"
+ "(objectClass="LDAP_OBJ_GROUPMAP"))",
+ dom_sid_str_buf(&group_sid, &buf));
/* get the group */
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
DEBUG(1,("ldapsam_change_groupmem: group search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(tmp_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(tmp_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
smbldap_set_mod(&mods, modop, "memberUid", uidstr);
- talloc_autofree_ldapmod(tmp_ctx, mods);
+ smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
if (rc != LDAP_SUCCESS) {
char *filter;
char *escape_username;
char *gidstr;
- const char *dn = NULL;
+ char *dn = NULL;
gid_t gid;
int rc;
filter = talloc_asprintf(mem_ctx,
"(&(uid=%s)"
- "(objectClass=%s)"
- "(objectClass=%s))",
- escape_username,
- LDAP_OBJ_POSIXACCOUNT,
- LDAP_OBJ_SAMBASAMACCOUNT);
+ "(objectClass="LDAP_OBJ_POSIXACCOUNT")"
+ "(objectClass="LDAP_OBJ_SAMBASAMACCOUNT"))",
+ escape_username);
TALLOC_FREE(escape_username);
DEBUG(0,("ldapsam_set_primary_group: user search failed!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
num_result = ldap_count_entries(priv2ld(ldap_state), result);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "gidNumber", gidstr);
if (mods == NULL) {
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
-
+ TALLOC_FREE(dn);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group to [%s]\n",
pdb_get_username(sampass), gidstr));
uint32_t num_result;
filter = talloc_asprintf(talloc_tos(),
- "(&(objectClass=%s)(sambaDomainName=%s))",
- LDAP_OBJ_TRUSTDOM_PASSWORD, domain);
+ "(&(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")(sambaDomainName=%s))",
+ domain);
trusted_dn = trusteddom_dn(ldap_state, domain);
if (trusted_dn == NULL) {
filter, attrs, attrsonly, &result);
if (result != NULL) {
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
}
if (rc == LDAP_NO_SUCH_OBJECT) {
LDAPMod **mods = NULL;
char *prev_pwd = NULL;
char *trusted_dn = NULL;
+ struct dom_sid_buf buf;
int rc;
DEBUG(10, ("ldapsam_set_trusteddom_pw called for domain %s\n", domain));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
- sid_string_tos(sid));
+ dom_sid_str_buf(sid, &buf));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaPwdLastSet",
talloc_asprintf(talloc_tos(), "%li", (long int)time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
}
}
- talloc_autofree_ldapmod(talloc_tos(), mods);
+ smbldap_talloc_autofree_ldapmod(talloc_tos(), mods);
trusted_dn = trusteddom_dn(ldap_state, domain);
if (trusted_dn == NULL) {
int rc;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
- char *filter;
+ const char *filter;
int scope = LDAP_SCOPE_SUBTREE;
const char *attrs[] = { "sambaDomainName", "sambaSID", NULL };
int attrsonly = 0; /* 0: return values too */
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
- LDAP_OBJ_TRUSTDOM_PASSWORD);
+ filter = "(objectClass="LDAP_OBJ_TRUSTDOM_PASSWORD")";
rc = smbldap_search(ldap_state->smbldap_state,
ldap_state->domain_dn,
&result);
if (result != NULL) {
- talloc_autofree_ldapmsg(mem_ctx, result);
+ smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
}
if (rc != LDAP_SUCCESS) {
Housekeeping
*********************************************************************/
-static void free_private_data(void **vp)
+static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
}
/*********************************************************************
- Intitalise the parts of the pdb_methods structure that are common to
+ Intitalise the parts of the pdb_methods structure that are common to
all pdb_ldap modes
*********************************************************************/
nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
location, false, bind_dn, bind_secret,
&ldap_state->smbldap_state);
- memset(bind_secret, '\0', strlen(bind_secret));
- SAFE_FREE(bind_secret);
+ BURN_FREE_STR(bind_secret);
SAFE_FREE(bind_dn);
if ( !NT_STATUS_IS_OK(nt_status) ) {
return nt_status;
return NT_STATUS_OK;
}
-/**********************************************************************
- Initialise the 'compat' mode for pdb_ldap
- *********************************************************************/
-
-NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *location)
+static bool ldapsam_is_responsible_for_wellknown(struct pdb_methods *m)
{
- NTSTATUS nt_status;
- struct ldapsam_privates *ldap_state;
- char *uri = talloc_strdup( NULL, location );
-
- trim_char( uri, '\"', '\"' );
- nt_status = pdb_init_ldapsam_common( pdb_method, uri );
- if ( uri )
- TALLOC_FREE( uri );
-
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- return nt_status;
- }
-
- (*pdb_method)->name = "ldapsam_compat";
-
- ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
- ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT;
-
- sid_copy(&ldap_state->domain_sid, get_global_sam_sid());
-
- return NT_STATUS_OK;
+ return true;
}
/**********************************************************************
Initialise the normal mode for pdb_ldap
*********************************************************************/
-NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
+NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method,
+ const char *location)
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state = NULL;
(*pdb_method)->search_users = ldapsam_search_users;
(*pdb_method)->search_groups = ldapsam_search_groups;
(*pdb_method)->search_aliases = ldapsam_search_aliases;
+ (*pdb_method)->is_responsible_for_wellknown =
+ ldapsam_is_responsible_for_wellknown;
if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
(*pdb_method)->enum_group_members = ldapsam_enum_group_members;
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
- (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
- (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid;
+ (*pdb_method)->id_to_sid = ldapsam_id_to_sid;
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
/* Given that the above might fail, everything below this must be
* optional */
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
+ entry = ldap_first_entry(smbldap_get_ldap(ldap_state->smbldap_state),
result);
if (!entry) {
DEBUG(0, ("pdb_init_ldapsam: Could not get domain info "
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(),
+ smbldap_get_ldap(ldap_state->smbldap_state),
+ entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
TALLOC_FREE(dn);
domain_sid_string = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
TALLOC_FREE(domain_sid_string);
return NT_STATUS_INVALID_PARAMETER;
}
- found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
+ found_sid = PDB_secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
if (!found_sid || !dom_sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
+ struct dom_sid_buf buf1, buf2;
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
ldap_state->domain_name,
- sid_string_dbg(&secrets_domain_sid),
- sid_string_dbg(&ldap_domain_sid)));
+ dom_sid_str_buf(&secrets_domain_sid, &buf1),
+ dom_sid_str_buf(&ldap_domain_sid, &buf2)));
/* reset secrets.tdb sid */
- secrets_store_domain_sid(ldap_state->domain_name,
+ PDB_secrets_store_domain_sid(ldap_state->domain_name,
&ldap_domain_sid);
DEBUG(1, ("New global sam SID: %s\n",
- sid_string_dbg(get_global_sam_sid())));
+ dom_sid_str_buf(get_global_sam_sid(),
+ &buf1)));
}
sid_copy(&ldap_state->domain_sid, &ldap_domain_sid);
TALLOC_FREE(domain_sid_string);
}
alg_rid_base_string = smbldap_talloc_single_attribute(
- ldap_state->smbldap_state->ldap_struct,
+ smbldap_get_ldap(ldap_state->smbldap_state),
entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
return NT_STATUS_OK;
}
-NTSTATUS pdb_ldap_init(void)
+NTSTATUS pdb_ldapsam_init(TALLOC_CTX *ctx)
{
NTSTATUS nt_status;
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam)))
- return nt_status;
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat)))
+ nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION,
+ "ldapsam",
+ pdb_ldapsam_init_common);
+ if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
+ }
/* Let pdb_nds register backends */
- pdb_nds_init();
-
- pdb_ipa_init();
+ pdb_nds_init(ctx);
return NT_STATUS_OK;
}