Copyright (C) Andrew Bartlett 2002-2003
Copyright (C) Stefan (metze) Metzmacher 2002-2003
Copyright (C) Simo Sorce 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+
*/
/* TODO:
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_key2string( attrib_map_v22, key );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_key2string( attrib_map_v30, key );
-
+
default:
DEBUG(0,("get_userattr_key2string: unknown schema version specified\n"));
break;
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v30 );
default:
DEBUG(0,("get_userattr_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v30 );
DEBUG(0,("get_userattr_delete_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
{
fstring objclass_filter;
char *result;
-
+
switch( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );
objclass_filter[0] = '\0';
break;
}
-
+
result = talloc_strdup(talloc_tos(), objclass_filter);
SMB_ASSERT(result != NULL);
return result;
}
/* Ok, delete only the SAM attributes */
-
+
for (name = ldap_first_attribute(priv2ld(priv), entry, &ptr);
name != NULL;
name = ldap_next_attribute(priv2ld(priv), entry, ptr)) {
goto fn_exit;
}
- if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state),
entry,
"uid",
ctx))) {
int count;
const char ** attr_list;
int rc;
-
+
attr_list = get_userattr_list( user, ldap_state->schema_ver );
append_attr(user, &attr_list,
get_userattr_key2string(ldap_state->schema_ver,
if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
-
+
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count));
ldap_msgfree(result);
return rc;
break;
}
-
+
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
-
+
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list );
return NT_STATUS_NO_SUCH_USER;
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
"count=%d\n", sid_string_dbg(sid), count));
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
-
+
if (!newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (!mods) {
DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
/* may be password change below however */
ldap_op));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (rc!=LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
}
-
+
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
TALLOC_FREE(utf8_password);
return NT_STATUS_UNSUCCESSFUL;
}
-
+
TALLOC_FREE(utf8_dn);
TALLOC_FREE(utf8_password);
ber_free(ber, 1);
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
rc = ldapsam_delete_entry(
priv, mem_ctx, entry,
priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ?
}
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_talloc_dn(NULL, ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
return NT_STATUS_UNSUCCESSFUL;
}
TALLOC_FREE(dn);
return NT_STATUS_OK;
}
-
+
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
if (mods != NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
+
filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
if (filter == NULL) {
SAFE_FREE(escape_memberuid);
}
ret = NT_STATUS_OK;
-
+
done:
if (values)
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%d)))",
- LDAP_OBJ_POSIXGROUP, escape_name, primary_gid);
+ "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
+ LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
filter = talloc_asprintf(mem_ctx,
"(&(objectClass=%s)(gidNumber=%u))",
- LDAP_OBJ_POSIXGROUP, map->gid);
+ LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
if (pdb_gid_to_sid(map->gid, &sid)) {
- DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to "
- "add\n", map->gid, sid_string_dbg(&sid)));
+ DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
+ "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description",
map->comment);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber",
- talloc_asprintf(mem_ctx, "%u", map->gid));
+ talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid));
talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
sid_string_talloc(mem_ctx, &map->sid),
- map->gid, map->sid_name_use);
+ (unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
rc = ldapsam_delete_entry(priv, mem_ctx, entry, LDAP_OBJ_GROUPMAP,
get_attr_list(mem_ctx,
groupmap_attr_list_to_delete));
-
+
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
}
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
while (!bret) {
if (!ldap_state->entry)
return ret;
-
+
ldap_state->index++;
bret = init_group_from_ldap(ldap_state, map,
ldap_state->entry);
-
+
ldap_state->entry =
ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_talloc_dn(NULL, ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
*value = (uint32)atol(vals[0]);
-
+
ntstatus = NT_STATUS_OK;
out:
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
-
+
- if there is a valid cache entry, return that
- if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
if (!account_policy_get_default(policy_index, value)) {
return ntstatus;
}
-
+
/* update_ldap: */
-
+
ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
-
+
update_cache:
-
+
if (!cache_account_policy_set(policy_index, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
goto done;
}
+ if (num_rids == 0) {
+ result = NT_STATUS_NONE_MAPPED;
+ goto done;
+ }
+
for (i=0; i<num_rids; i++)
attrs[i] = SID_NAME_UNKNOWN;
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
return False;
}
break;
-
+
default:
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
uid_t uid = -1;
NTSTATUS ret;
int rc;
-
+
if (((acb_info & ACB_NORMAL) && name[strlen(name)-1] == '$') ||
acb_info & ACB_WSTRUST ||
acb_info & ACB_SVRTRUST ||
DEBUG (0, ("ldapsam_create_user: More than one user with name [%s] ?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix account.
if (num_result == 0) {
add_posix = True;
}
-
+
/* Create the basic samu structure and generate the mods for the ldap commit */
if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n"));
homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
}
- uidstr = talloc_asprintf(tmp_ctx, "%d", uid);
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
int rc;
DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct)));
-
+
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
DOM_SID group_sid;
gid_t gid = -1;
int rc;
-
+
groupname = escape_ldap_string_alloc(name);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
groupname, LDAP_OBJ_POSIXGROUP);
DEBUG (0, ("ldapsam_create_group: There exists more than one group with name [%s]: bailing out!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix group.
DEBUG (1, ("ldapsam_create_group: Couldn't retrieve the gidNumber for [%s]?!?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
gid = strtoul(tmp, NULL, 10);
dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry);
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
is_new_entry = True;
-
+
/* lets allocate a new groupid for this group */
if (!winbind_allocate_gid(&gid)) {
DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
default:
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* get member sid */
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
/* check if we are trying to remove the member from his primary group */
char *gidstr;
gid_t user_gid, group_gid;
-
+
gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx);
if (!gidstr) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n"));
}
user_gid = strtoul(gidstr, NULL, 10);
-
+
if (!sid_to_gid(&group_sid, &group_gid)) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_UNSUCCESSFUL;
}
-
+
return NT_STATUS_OK;
}
DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(mem_ctx, "%d", gid);
+ gidstr = talloc_asprintf(mem_ctx, "%u", (unsigned int)gid);
if (!gidstr) {
DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;