msg = ldb_msg_new(frame);
if (!msg) {
+ talloc_free(frame);
return false;
}
pw, strlen(pw),
(void *)&pw_utf16.data,
&pw_utf16.length)) {
+ talloc_free(frame);
return LDB_ERR_OPERATIONS_ERROR;
}
ret |= ldb_msg_add_value(msg, "clearTextPassword", &pw_utf16, NULL);
status = idmap_xids_to_sids(state->idmap_ctx, tmp_ctx, id_maps);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
return status;
}
status = pdb_samba_dsdb_getgrsid(m, map, *id_map.sid);
if (ldb_transaction_start(state->ldb) != LDB_SUCCESS) {
DEBUG(0, ("Failed to start transaction in dsdb_add_domain_alias(): %s\n", ldb_errstring(state->ldb)));
+ talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
DEBUG(10, ("ldb_delete failed %s\n",
ldb_errstring(state->ldb)));
ldb_transaction_cancel(state->ldb);
+ talloc_free(tmp_ctx);
return NT_STATUS_LDAP(rc);
}
if (ldb_transaction_commit(state->ldb) != LDB_SUCCESS) {
DEBUG(0, ("Failed to commit transaction in pdb_samba_dsdb_delete_alias(): %s\n",
ldb_errstring(state->ldb)));
+ talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
+ talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
status = idmap_xids_to_sids(state->idmap_ctx, tmp_ctx, id_maps);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
return false;
}
*sid = *id_map.sid;
static NTSTATUS pdb_samba_dsdb_init_secrets(struct pdb_methods *m)
{
struct pdb_domain_info *dom_info;
+ struct dom_sid stored_sid;
+ struct GUID stored_guid;
+ bool sid_exists_and_matches = false;
+ bool guid_exists_and_matches = false;
bool ret;
dom_info = pdb_samba_dsdb_get_domain_info(m, m);
return NT_STATUS_UNSUCCESSFUL;
}
- secrets_clear_domain_protection(dom_info->name);
- ret = secrets_store_domain_sid(dom_info->name,
- &dom_info->sid);
- if (!ret) {
- goto done;
+ ret = secrets_fetch_domain_sid(dom_info->name, &stored_sid);
+ if (ret) {
+ if (dom_sid_equal(&stored_sid, &dom_info->sid)) {
+ sid_exists_and_matches = true;
+ }
}
- ret = secrets_store_domain_guid(dom_info->name,
- &dom_info->guid);
- if (!ret) {
- goto done;
+
+ if (sid_exists_and_matches == false) {
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_sid(dom_info->name,
+ &dom_info->sid);
+ ret &= secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
}
- ret = secrets_mark_domain_protected(dom_info->name);
- if (!ret) {
- goto done;
+
+ ret = secrets_fetch_domain_guid(dom_info->name, &stored_guid);
+ if (ret) {
+ if (GUID_equal(&stored_guid, &dom_info->guid)) {
+ guid_exists_and_matches = true;
+ }
+ }
+
+ if (guid_exists_and_matches == false) {
+ secrets_clear_domain_protection(dom_info->name);
+ ret = secrets_store_domain_guid(dom_info->name,
+ &dom_info->guid);
+ ret &= secrets_mark_domain_protected(dom_info->name);
+ if (!ret) {
+ goto done;
+ }
}
done: