*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
+ SAFE_FREE(escape_user);
return LDAP_NO_MEMORY;
}
/*
filter = talloc_all_string_sub(talloc_tos(),
filter, "%u", escape_user);
+ SAFE_FREE(escape_user);
if (!filter) {
return LDAP_NO_MEMORY;
}
- SAFE_FREE(escape_user);
ret = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr, result);
filter = talloc_asprintf(talloc_tos(), "(&(%s=%s)%s)",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, sid),
+ sid_to_fstring(sid_string, sid),
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
return LDAP_NO_MEMORY;
goto fn_exit;
}
- if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state),
entry,
"uid",
ctx))) {
/* Make call to Novell eDirectory ldap extension to get clear text password.
NOTE: This will only work if we have an SSL connection to eDirectory. */
- user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ user_dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (user_dn != NULL) {
- DEBUG(3, ("init_sam_from_ldap: smbldap_get_dn(%s) returned '%s'\n", username, user_dn));
+ DEBUG(3, ("init_sam_from_ldap: smbldap_talloc_dn(ctx, %s) returned '%s'\n", username, user_dn));
pwd_len = sizeof(clear_text_pw);
if (pdb_nds_get_password(ldap_state->smbldap_state, user_dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
nt_lm_owf_gen(clear_text_pw, smbntpwd, smblmpwd);
if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smblmpwd);
if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smbntpwd);
use_samba_attrs = False;
}
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
} else {
DEBUG(0, ("init_sam_from_ldap: failed to get user_dn for '%s'\n", username));
}
}
if (hex_failed) {
- DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ DEBUG(2,("init_sam_from_ldap: Failed to get password history for user %s\n",
username));
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_static(user_sid),
- sid_string_static(&ldap_state->domain_sid)));
+ sid_string_dbg(user_sid),
+ sid_string_dbg(
+ &ldap_state->domain_sid)));
return False;
}
if (asprintf(&temp, "%i", rid) < 0) {
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, user_sid));
+ sid_to_fstring(sid_string, user_sid));
break;
default:
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_static(group_sid),
- sid_string_static(&ldap_state->domain_sid)));
+ sid_string_dbg(group_sid),
+ sid_string_dbg(
+ &ldap_state->domain_sid)));
return False;
}
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid));
+ LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_fstring(sid_string, group_sid));
break;
default:
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
- if (asprintf(&temp, "%li", pdb_get_logon_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logon_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGONTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_logoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGOFFTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_kickoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_kickoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_KICKOFFTIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_CANCHANGETIME))
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_must_change_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_must_change_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_MUSTCHANGETIME))
if (need_update(sampass, PDB_PASSLASTSET)) {
if (asprintf(&temp, "%li",
- pdb_get_pass_last_set_time(sampass)) < 0) {
+ (long int)pdb_get_pass_last_set_time(sampass)) < 0) {
return false;
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", badtime) < 0) {
+ if (asprintf(&temp, "%li", (long int)badtime) < 0) {
return false;
}
smbldap_make_mod(
return True;
}
-/**********************************************************************
- Connect to LDAP server for password enumeration.
-*********************************************************************/
-
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, bool update, uint32 acb_mask)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- int rc;
- char *filter = NULL;
- const char *suffix;
- const char **attr_list;
- bool machine_mask = False, user_mask = False;
- NTSTATUS status = NT_STATUS_OK;
- TALLOC_CTX *ctx = talloc_init("ldapsam_setsampwent");
-
- if (!ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- filter = talloc_asprintf(ctx, "(&%s%s)", "(uid=%u)",
- get_objclass_filter(ldap_state->schema_ver));
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- filter = talloc_all_string_sub(ctx, filter, "%u", "*");
- if (!filter) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
- user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
-
- if (machine_mask) {
- suffix = lp_ldap_machine_suffix();
- } else if (user_mask) {
- suffix = lp_ldap_user_suffix();
- } else {
- suffix = lp_ldap_suffix();
- }
-
- DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
- acb_mask, suffix));
-
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
- rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- TALLOC_FREE( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- status = NT_STATUS_UNSUCCESSFUL;
- goto out;
- }
-
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result), suffix));
-
- ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result);
- ldap_state->index = 0;
-
- out:
-
- TALLOC_FREE(ctx);
- return status;
-}
-
/**********************************************************************
End enumeration of the LDAP password list.
*********************************************************************/
}
}
-/**********************************************************************
-Get the next entry in the LDAP password database.
-*********************************************************************/
-
-static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods,
- struct samu *user)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)my_methods->private_data;
- bool bret = False;
-
- while (!bret) {
- if (!ldap_state->entry)
- return ret;
-
- ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
-
- ldap_state->entry = ldap_next_entry(priv2ld(ldap_state),
- ldap_state->entry);
- }
-
- return NT_STATUS_OK;
-}
-
static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
const char *new_attr)
{
LDAPMessage *entry = NULL;
int count;
int rc;
- fstring sid_string;
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (count < 1) {
- DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] count=%d\n", sid_to_string(sid_string, sid),
- count));
+ DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
+ "count=%d\n", sid_string_dbg(sid), count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
} else if (count > 1) {
- DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID [%s]. Failing. count=%d\n", sid_to_string(sid_string, sid),
- count));
+ DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID "
+ "[%s]. Failing. count=%d\n", sid_string_dbg(sid),
+ count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
}
struct berval *retdata = NULL;
char *utf8_password;
char *utf8_dn;
+ size_t converted_size;
if (!ldap_state->is_nds_ldap) {
}
}
- if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_password,
+ pdb_get_plaintext_passwd(newpwd),
+ &converted_size))
+ {
return NT_STATUS_NO_MEMORY;
}
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
- SAFE_FREE(utf8_password);
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ TALLOC_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- SAFE_FREE(utf8_password);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
return NT_STATUS_UNSUCCESSFUL;
}
- ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "n}");
+ if ((ber_printf (ber, "{") < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
+ (ber_printf (ber, "n}") < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
+ ber_free(ber,1);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
return NT_STATUS_UNSUCCESSFUL;
}
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
ber_free(ber, 1);
if (!ldap_state->is_nds_ldap) {
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
}
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
return NT_STATUS_UNSUCCESSFUL;
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (mods != NULL)
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
}
-
- if (mods == NULL) {
+
+ if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+ && (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
- ldap_mods_free(mods,True);
- SAFE_FREE(dn);
+
+ if (mods != NULL) {
+ ldap_mods_free(mods,True);
+ }
+
+ TALLOC_FREE(dn);
/*
* We need to set the backend private data to NULL here. For example
/* rename the posix user */
rename_script = SMB_STRDUP(lp_renameuser_script());
- if (rename_script) {
+ if (rename_script == NULL) {
return NT_STATUS_NO_MEMORY;
}
newname_lower,
true,
true);
- if (rename_script) {
+ if (!rename_script) {
return NT_STATUS_NO_MEMORY;
}
rename_script = realloc_string_sub2(rename_script,
const DOM_SID *sid = pdb_get_user_sid(newpwd);
char *filter = NULL;
char *dn = NULL;
- fstring sid_string;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
TALLOC_CTX *ctx = talloc_init("ldapsam_add_sam_account");
sid, &result);
if (rc == LDAP_SUCCESS) {
if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
- DEBUG(0,("ldapsam_add_sam_account: SID '%s' already in the base, with samba attributes\n",
- sid_to_string(sid_string, sid)));
+ DEBUG(0,("ldapsam_add_sam_account: SID '%s' "
+ "already in the base, with samba "
+ "attributes\n", sid_string_dbg(sid)));
goto fn_exit;
}
ldap_msgfree(result);
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
-
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn (ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
{
char *filter = NULL;
NTSTATUS status;
+ fstring tmp;
if (asprintf(&filter, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID),
- sid_string_static(&sid)) < 0) {
+ sid_to_fstring(tmp, &sid)) < 0) {
return NT_STATUS_NO_MEMORY;
}
if (sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
- str, sid_string_static(domain_sid)));
+ str, sid_string_dbg(domain_sid)));
return False;
}
if (count > 1) {
DEBUG(1, ("Found more than one groupmap entry for %s\n",
- sid_string_static(group)));
+ sid_string_dbg(group)));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
entry, "sambaSID",
mem_ctx);
if (!sidstr) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
+ "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
entry,
get_global_sam_sid(),
&rid)) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the samba SID" "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%d)))",
- LDAP_OBJ_POSIXGROUP, escape_name, primary_gid);
+ "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
+ LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
/* This sid will be replaced later */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
}
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=posixGroup)(gidNumber=%u))",
- map->gid);
+ "(&(objectClass=%s)(gidNumber=%u))",
+ LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
- "sambaGroupMapping");
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
- sid_string_static(&map->sid));
+ sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
talloc_asprintf(mem_ctx, "%d", map->sid_name_use));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName",
(ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) > 0)) {
DEBUG(3, ("SID %s already present in LDAP, refusing to add "
- "group mapping entry\n",
- sid_string_static(&map->sid)));
+ "group mapping entry\n", sid_string_dbg(&map->sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
&& !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
- sid_string_static(&map->sid)));
+ sid_string_dbg(&map->sid)));
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
}
if (pdb_gid_to_sid(map->gid, &sid)) {
- DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to "
- "add\n", map->gid, sid_string_static(&sid)));
+ DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
+ "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
mods = NULL;
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaSidEntry");
+ LDAP_OBJ_SID_ENTRY);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaGroupMapping");
-
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description",
map->comment);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber",
- talloc_asprintf(mem_ctx, "%u", map->gid));
+ talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid));
talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
sid_string_talloc(mem_ctx, &map->sid),
- map->gid, map->sid_name_use);
+ (unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
groupmap_attr_list_to_delete));
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
}
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
LDAPMod **mods = NULL;
int rc;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
char *filter = NULL;
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_static(alias)));
+ sid_string_dbg(alias)));
return NT_STATUS_NO_SUCH_ALIAS;
}
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
smbldap_set_mod(&mods, modop,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_SID_LIST),
- sid_string_static(member));
+ sid_to_fstring(tmp, member));
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
ldap_msgfree(result);
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_ALIAS;
char *filter = NULL;
size_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
*pp_members = NULL;
*p_num_members = 0;
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_static(alias)));
+ sid_string_dbg(alias)));
return NT_STATUS_NO_SUCH_ALIAS;
}
if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
type) < 0) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<count; i++) {
DOM_SID member;
+ NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ status = add_sid_to_array(NULL, &member, pp_members,
+ &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither builtin nor domain!\n",
- sid_string_static(domain_sid)));
+ sid_string_dbg(domain_sid)));
return NT_STATUS_UNSUCCESSFUL;
}
for (i=0; i<num_rids; i++) {
DOM_SID sid;
sid_compose(&sid, domain_sid, rids[i]);
- allsids = talloc_asprintf_append_buffer(allsids, "(sambaSid=%s)",
- sid_string_static(&sid));
+ allsids = talloc_asprintf_append_buffer(
+ allsids, "(sambaSid=%s)",
+ sid_string_talloc(mem_ctx, &sid));
if (allsids == NULL) {
goto done;
}
char *escaped = NULL;
char *result = NULL;
- asprintf(&filter, "(&%s(objectclass=sambaSamAccount))",
- "(uid=%u)");
- if (filter == NULL) goto done;
+ if (asprintf(&filter, "(&%s(objectclass=%s))",
+ "(uid=%u)", LDAP_OBJ_SAMBASAMACCOUNT) < 0) {
+ goto done;
+ }
escaped = escape_ldap_string_alloc(username);
if (escaped == NULL) goto done;
result[i] = talloc_strdup(result, va_arg(ap, const char*));
if (result[i] == NULL) {
talloc_free(result);
+ va_end(ap);
return NULL;
}
}
!ldapsam_search_nextpage(search))
return False;
- result = state->ldap2displayentry(state, search->mem_ctx, state->connection->ldap_struct,
+ result = state->ldap2displayentry(state, search,
+ state->connection->ldap_struct,
state->current_entry, entry);
if (!result) {
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint32 acct_flags;
DEBUG(5, ("\"uid\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "displayName");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->fullname),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
if ((result->account_name == NULL) ||
if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)) {
DEBUG(0, ("sid %s does not belong to our domain\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return False;
}
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
state->base = lp_ldap_suffix();
state->acct_flags = acct_flags;
- state->base = talloc_strdup(search->mem_ctx, state->base);
+ state->base = talloc_strdup(search, state->base);
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = get_ldap_filter(search->mem_ctx, "*");
- state->attrs = talloc_attrs(search->mem_ctx, "uid", "sambaSid",
+ state->filter = get_ldap_filter(search, "*");
+ state->attrs = talloc_attrs(search, "uid", "sambaSid",
"displayName", "description",
"sambaAcctFlags", NULL);
state->attrsonly = 0;
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint16 group_type;
DEBUG(5, ("\"cn\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc "
+ "failed: %s", strerror(errno)));
+ }
}
- else {
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
}
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
ldap_value_free(vals);
if ((result->account_name == NULL) ||
&& !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
{
DEBUG(0, ("%s is not in our domain\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return False;
}
break;
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
}
-
+
+ result->acct_flags = 0;
+
return True;
}
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
+ fstring tmp;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
state->connection = ldap_state->smbldap_state;
- state->base = talloc_strdup(search->mem_ctx, lp_ldap_group_suffix());
+ state->base = talloc_strdup(search, lp_ldap_group_suffix());
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = talloc_asprintf(search->mem_ctx,
- "(&(objectclass=sambaGroupMapping)"
- "(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_string_static(sid));
- state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
+ state->filter = talloc_asprintf(search, "(&(objectclass=%s)"
+ "(sambaGroupType=%d)(sambaSID=%s*))",
+ LDAP_OBJ_GROUPMAP,
+ type, sid_to_fstring(tmp, sid));
+ state->attrs = talloc_attrs(search, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
state->attrsonly = 0;
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_ACCESS_DENIED;
}
talloc_autofree_ldapmsg(tmp_ctx, result);
DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
- DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+ DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
gidstr = talloc_asprintf(mem_ctx, "%d", gid);
}
static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ TALLOC_CTX *mem_ctx,
const char *domain, LDAPMessage **entry)
{
int rc;
rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
filter, attrs, attrsonly, &result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc == LDAP_NO_SUCH_OBJECT) {
*entry = NULL;
return True;
if (num_result > 1) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
- "sambaTrustedDomainPassword object for domain '%s'"
- "?!\n", domain));
+ "%s object for domain '%s'?!\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
return False;
}
if (num_result == 0) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
- "sambaTrustedDomainPassword object for domain %s.\n",
- domain));
+ "%s object for domain %s.\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
*entry = NULL;
} else {
*entry = ldap_first_entry(priv2ld(ldap_state), result);
DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
(entry == NULL))
{
return False;
* get the current entry (if there is one) in order to put the
* current password into the previous password attribute
*/
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
mods = NULL;
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- "sambaTrustedDomainPassword");
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
sid_string_tos(sid));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaPwdLastSet",
- talloc_asprintf(talloc_tos(), "%li", time(NULL)));
+ talloc_asprintf(talloc_tos(), "%li", (long int)time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
+
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
LDAPMessage *entry = NULL;
const char *trusted_dn;
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
attrsonly,
&result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
(*pdb_method)->name = "ldapsam";
- (*pdb_method)->setsampwent = ldapsam_setsampwent;
- (*pdb_method)->endsampwent = ldapsam_endsampwent;
- (*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
(*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
ldap_state->domain_dn = smb_xstrdup(dn);
- ldap_memfree(dn);
+ TALLOC_FREE(dn);
domain_sid_string = smbldap_talloc_single_attribute(
ldap_state->smbldap_state->ldap_struct,
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- NULL);
+ talloc_tos());
if (domain_sid_string) {
bool found_sid;
&secrets_domain_sid);
if (!found_sid || !sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
- fstring new_sid_str, old_sid_str;
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
ldap_state->domain_name,
- sid_to_string(old_sid_str,
- &secrets_domain_sid),
- sid_to_string(new_sid_str,
- &ldap_domain_sid)));
+ sid_string_dbg(&secrets_domain_sid),
+ sid_string_dbg(&ldap_domain_sid)));
/* reset secrets.tdb sid */
secrets_store_domain_sid(ldap_state->domain_name,
&ldap_domain_sid);
DEBUG(1, ("New global sam SID: %s\n",
- sid_to_string(new_sid_str,
- get_global_sam_sid())));
+ sid_string_dbg(get_global_sam_sid())));
}
sid_copy(&ldap_state->domain_sid, &ldap_domain_sid);
TALLOC_FREE(domain_sid_string);
entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
- NULL);
+ talloc_tos());
if (alg_rid_base_string) {
alg_rid_base = (uint32)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {