X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=blobdiff_plain;f=source3%2Fpassdb%2Fpdb_ldap.c;h=c2230eb98291cd1dfe0a8be706ffa1b25d4b87ed;hp=da2f9f30da54b103ef34bd41a9c26d4e77ce4dba;hb=711544d4943a40649b6c590f8ee003093081889a;hpb=cd50bc575e59517b53a1c8d0f273775b1ce85bac
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index da2f9f30da5..c2230eb9829 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -7,20 +7,20 @@
Copyright (C) Andrew Bartlett 2002-2003
Copyright (C) Stefan (metze) Metzmacher 2002-2003
Copyright (C) Simo Sorce 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see .
-
+
*/
/* TODO:
@@ -44,6 +44,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
@@ -97,10 +98,10 @@ static const char* get_userattr_key2string( int schema_ver, int key )
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_key2string( attrib_map_v22, key );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_key2string( attrib_map_v30, key );
-
+
default:
DEBUG(0,("get_userattr_key2string: unknown schema version specified\n"));
break;
@@ -117,14 +118,14 @@ const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver )
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v30 );
default:
DEBUG(0,("get_userattr_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
@@ -139,7 +140,7 @@ static const char** get_userattr_delete_list( TALLOC_CTX *mem_ctx,
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v30 );
@@ -147,7 +148,7 @@ static const char** get_userattr_delete_list( TALLOC_CTX *mem_ctx,
DEBUG(0,("get_userattr_delete_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
@@ -161,7 +162,7 @@ static const char* get_objclass_filter( int schema_ver )
{
fstring objclass_filter;
char *result;
-
+
switch( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );
@@ -174,7 +175,7 @@ static const char* get_objclass_filter( int schema_ver )
objclass_filter[0] = '\0';
break;
}
-
+
result = talloc_strdup(talloc_tos(), objclass_filter);
SMB_ASSERT(result != NULL);
return result;
@@ -349,6 +350,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
+ SAFE_FREE(escape_user);
return LDAP_NO_MEMORY;
}
/*
@@ -358,10 +360,10 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
filter = talloc_all_string_sub(talloc_tos(),
filter, "%u", escape_user);
+ SAFE_FREE(escape_user);
if (!filter) {
return LDAP_NO_MEMORY;
}
- SAFE_FREE(escape_user);
ret = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr, result);
@@ -446,7 +448,7 @@ static int ldapsam_delete_entry(struct ldapsam_privates *priv,
}
/* Ok, delete only the SAM attributes */
-
+
for (name = ldap_first_attribute(priv2ld(priv), entry, &ptr);
name != NULL;
name = ldap_next_attribute(priv2ld(priv), entry, ptr)) {
@@ -558,7 +560,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
goto fn_exit;
}
- if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state),
entry,
"uid",
ctx))) {
@@ -839,27 +841,27 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
/* Make call to Novell eDirectory ldap extension to get clear text password.
NOTE: This will only work if we have an SSL connection to eDirectory. */
- user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ user_dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (user_dn != NULL) {
- DEBUG(3, ("init_sam_from_ldap: smbldap_get_dn(%s) returned '%s'\n", username, user_dn));
+ DEBUG(3, ("init_sam_from_ldap: smbldap_talloc_dn(ctx, %s) returned '%s'\n", username, user_dn));
pwd_len = sizeof(clear_text_pw);
if (pdb_nds_get_password(ldap_state->smbldap_state, user_dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) {
nt_lm_owf_gen(clear_text_pw, smbntpwd, smblmpwd);
if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smblmpwd);
if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) {
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
return False;
}
ZERO_STRUCT(smbntpwd);
use_samba_attrs = False;
}
- SAFE_FREE(user_dn);
+ TALLOC_FREE(user_dn);
} else {
DEBUG(0, ("init_sam_from_ldap: failed to get user_dn for '%s'\n", username));
@@ -945,7 +947,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
}
}
if (hex_failed) {
- DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ DEBUG(2,("init_sam_from_ldap: Failed to get password history for user %s\n",
username));
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
@@ -1248,7 +1250,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
- if (asprintf(&temp, "%li", pdb_get_logon_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logon_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGONTIME))
@@ -1256,7 +1258,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_logoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_logoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_LOGOFFTIME))
@@ -1264,7 +1266,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_kickoff_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_kickoff_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_KICKOFFTIME))
@@ -1272,7 +1274,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_CANCHANGETIME))
@@ -1280,7 +1282,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", pdb_get_pass_must_change_time(sampass)) < 0) {
+ if (asprintf(&temp, "%li", (long int)pdb_get_pass_must_change_time(sampass)) < 0) {
return false;
}
if (need_update(sampass, PDB_MUSTCHANGETIME))
@@ -1360,7 +1362,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (need_update(sampass, PDB_PASSLASTSET)) {
if (asprintf(&temp, "%li",
- pdb_get_pass_last_set_time(sampass)) < 0) {
+ (long int)pdb_get_pass_last_set_time(sampass)) < 0) {
return false;
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
@@ -1422,7 +1424,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
temp);
SAFE_FREE(temp);
- if (asprintf(&temp, "%li", badtime) < 0) {
+ if (asprintf(&temp, "%li", (long int)badtime) < 0) {
return false;
}
smbldap_make_mod(
@@ -1499,7 +1501,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, struct samu
int count;
const char ** attr_list;
int rc;
-
+
attr_list = get_userattr_list( user, ldap_state->schema_ver );
append_attr(user, &attr_list,
get_userattr_key2string(ldap_state->schema_ver,
@@ -1511,9 +1513,9 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, struct samu
if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
-
+
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count));
ldap_msgfree(result);
@@ -1570,12 +1572,12 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
return rc;
break;
}
-
+
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
-
+
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list );
@@ -1606,7 +1608,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu
return NT_STATUS_NO_SUCH_USER;
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
"count=%d\n", sid_string_dbg(sid), count));
@@ -1650,11 +1652,11 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
-
+
if (!newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (!mods) {
DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
/* may be password change below however */
@@ -1682,12 +1684,12 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
ldap_op));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (rc!=LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
}
-
+
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
@@ -1698,6 +1700,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
struct berval *retdata = NULL;
char *utf8_password;
char *utf8_dn;
+ size_t converted_size;
if (!ldap_state->is_nds_ldap) {
@@ -1709,37 +1712,46 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
}
}
- if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {
+ if (!push_utf8_talloc(talloc_tos(), &utf8_password,
+ pdb_get_plaintext_passwd(newpwd),
+ &converted_size))
+ {
return NT_STATUS_NO_MEMORY;
}
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
- SAFE_FREE(utf8_password);
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ TALLOC_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- SAFE_FREE(utf8_password);
- SAFE_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
return NT_STATUS_UNSUCCESSFUL;
}
- ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "n}");
+ if ((ber_printf (ber, "{") < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
+ (ber_printf (ber, "n}") < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
+ ber_free(ber,1);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
return NT_STATUS_UNSUCCESSFUL;
}
-
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
+
+ TALLOC_FREE(utf8_dn);
+ TALLOC_FREE(utf8_password);
ber_free(ber, 1);
if (!ldap_state->is_nds_ldap) {
@@ -1834,7 +1846,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods,
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
rc = ldapsam_delete_entry(
priv, mem_ctx, entry,
priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ?
@@ -1897,7 +1909,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
}
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -1907,22 +1919,27 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (mods != NULL)
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
}
-
- if (mods == NULL) {
+
+ if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+ && (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
-
+
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
- ldap_mods_free(mods,True);
- SAFE_FREE(dn);
+
+ if (mods != NULL) {
+ ldap_mods_free(mods,True);
+ }
+
+ TALLOC_FREE(dn);
/*
* We need to set the backend private data to NULL here. For example
@@ -1998,7 +2015,7 @@ static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
newname_lower,
true,
true);
- if (rename_script) {
+ if (!rename_script) {
return NT_STATUS_NO_MEMORY;
}
rename_script = realloc_string_sub2(rename_script,
@@ -2131,17 +2148,10 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
-
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn(ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
@@ -2184,17 +2194,11 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
/* Check if we need to update an existing entry */
if (num_result == 1) {
- char *tmp;
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
- if (!tmp) {
- goto fn_exit;
- }
- dn = talloc_asprintf(ctx, "%s", tmp);
- SAFE_FREE(tmp);
+ dn = smbldap_talloc_dn (ctx, ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
status = NT_STATUS_NO_MEMORY;
goto fn_exit;
@@ -2666,7 +2670,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
+
filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
if (filter == NULL) {
SAFE_FREE(escape_memberuid);
@@ -2683,7 +2687,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
@@ -2707,8 +2711,8 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
entry, "sambaSID",
mem_ctx);
if (!sidstr) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
+ "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
@@ -2739,7 +2743,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
@@ -2758,8 +2762,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
entry,
get_global_sam_sid(),
&rid)) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the samba SID" "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
@@ -2772,7 +2775,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
}
ret = NT_STATUS_OK;
-
+
done:
if (values)
@@ -2856,8 +2859,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
}
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%d)))",
- LDAP_OBJ_POSIXGROUP, escape_name, primary_gid);
+ "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%u)))",
+ LDAP_OBJ_POSIXGROUP, escape_name, (unsigned int)primary_gid);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
@@ -2965,8 +2968,8 @@ static NTSTATUS ldapsam_map_posixgroup(TALLOC_CTX *mem_ctx,
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=posixGroup)(gidNumber=%u))",
- map->gid);
+ "(&(objectClass=%s)(gidNumber=%u))",
+ LDAP_OBJ_POSIXGROUP, (unsigned int)map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -2989,7 +2992,7 @@ static NTSTATUS ldapsam_map_posixgroup(TALLOC_CTX *mem_ctx,
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
- "sambaGroupMapping");
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
@@ -3089,8 +3092,8 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
}
if (pdb_gid_to_sid(map->gid, &sid)) {
- DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to "
- "add\n", map->gid, sid_string_dbg(&sid)));
+ DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to "
+ "add\n", (unsigned int)map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
@@ -3109,10 +3112,9 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
mods = NULL;
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaSidEntry");
+ LDAP_OBJ_SID_ENTRY);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaGroupMapping");
-
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
@@ -3122,7 +3124,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description",
map->comment);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber",
- talloc_asprintf(mem_ctx, "%u", map->gid));
+ talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid));
talloc_autofree_ldapmod(mem_ctx, mods);
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
@@ -3168,7 +3170,7 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
sid_string_talloc(mem_ctx, &map->sid),
- map->gid, map->sid_name_use);
+ (unsigned int)map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
@@ -3266,8 +3268,9 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
rc = ldapsam_delete_entry(priv, mem_ctx, entry, LDAP_OBJ_GROUPMAP,
get_attr_list(mem_ctx,
groupmap_attr_list_to_delete));
-
+
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
@@ -3282,6 +3285,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
}
if ((rc == LDAP_NAMING_VIOLATION) ||
+ (rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
const char *attrs[] = { "sambaGroupType", "description",
"displayName", "sambaSIDList",
@@ -3372,11 +3376,11 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
while (!bret) {
if (!ldap_state->entry)
return ret;
-
+
ldap_state->index++;
bret = init_group_from_ldap(ldap_state, map,
ldap_state->entry);
-
+
ldap_state->entry =
ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
@@ -3511,7 +3515,7 @@ static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
@@ -3526,7 +3530,7 @@ static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
ldap_mods_free(mods, True);
ldap_msgfree(result);
- SAFE_FREE(dn);
+ TALLOC_FREE(dn);
if (rc == LDAP_TYPE_OR_VALUE_EXISTS) {
return NT_STATUS_MEMBER_IN_ALIAS;
@@ -3560,6 +3564,7 @@ static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods,
static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
const DOM_SID *alias,
+ TALLOC_CTX *mem_ctx,
DOM_SID **pp_members,
size_t *p_num_members)
{
@@ -3652,7 +3657,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
if (!string_to_sid(&member, values[i]))
continue;
- status = add_sid_to_array(NULL, &member, pp_members,
+ status = add_sid_to_array(mem_ctx, &member, pp_members,
&num_members);
if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
@@ -3870,7 +3875,7 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
}
*value = (uint32)atol(vals[0]);
-
+
ntstatus = NT_STATUS_OK;
out:
@@ -3885,7 +3890,7 @@ out:
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
-
+
- if there is a valid cache entry, return that
- if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
@@ -3924,16 +3929,16 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
if (!account_policy_get_default(policy_index, value)) {
return ntstatus;
}
-
+
/* update_ldap: */
-
+
ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
-
+
update_cache:
-
+
if (!cache_account_policy_set(policy_index, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
@@ -3973,6 +3978,11 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
goto done;
}
+ if (num_rids == 0) {
+ result = NT_STATUS_NONE_MAPPED;
+ goto done;
+ }
+
for (i=0; ildap2displayentry(state, search->mem_ctx, state->connection->ldap_struct,
+ result = state->ldap2displayentry(state, search,
+ state->connection->ldap_struct,
state->current_entry, entry);
if (!result) {
@@ -4392,6 +4405,7 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint32 acct_flags;
@@ -4417,27 +4431,40 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
DEBUG(5, ("\"uid\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "displayName");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->fullname),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
if ((result->account_name == NULL) ||
@@ -4446,7 +4473,7 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
@@ -4478,7 +4505,7 @@ static bool ldapsam_search_users(struct pdb_methods *methods,
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
@@ -4495,10 +4522,10 @@ static bool ldapsam_search_users(struct pdb_methods *methods,
state->base = lp_ldap_suffix();
state->acct_flags = acct_flags;
- state->base = talloc_strdup(search->mem_ctx, state->base);
+ state->base = talloc_strdup(search, state->base);
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = get_ldap_filter(search->mem_ctx, "*");
- state->attrs = talloc_attrs(search->mem_ctx, "uid", "sambaSid",
+ state->filter = get_ldap_filter(search, "*");
+ state->attrs = talloc_attrs(search, "uid", "sambaSid",
"displayName", "description",
"sambaAcctFlags", NULL);
state->attrsonly = 0;
@@ -4524,6 +4551,7 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint16 group_type;
@@ -4563,14 +4591,22 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
DEBUG(5, ("\"cn\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc "
+ "failed: %s", strerror(errno)));
+ }
}
- else {
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
}
ldap_value_free(vals);
@@ -4578,10 +4614,13 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
ldap_value_free(vals);
if ((result->account_name == NULL) ||
@@ -4590,7 +4629,7 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
@@ -4619,12 +4658,14 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
return False;
}
break;
-
+
default:
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
}
-
+
+ result->acct_flags = 0;
+
return True;
}
@@ -4638,7 +4679,7 @@ static bool ldapsam_search_grouptype(struct pdb_methods *methods,
struct ldap_search_state *state;
fstring tmp;
- state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
+ state = talloc(search, struct ldap_search_state);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
@@ -4646,14 +4687,14 @@ static bool ldapsam_search_grouptype(struct pdb_methods *methods,
state->connection = ldap_state->smbldap_state;
- state->base = talloc_strdup(search->mem_ctx, lp_ldap_group_suffix());
+ state->base = talloc_strdup(search, lp_ldap_group_suffix());
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
- state->filter = talloc_asprintf(search->mem_ctx,
- "(&(objectclass=sambaGroupMapping)"
- "(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_to_fstring(tmp, sid));
- state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
+ state->filter = talloc_asprintf(search, "(&(objectclass=%s)"
+ "(sambaGroupType=%d)(sambaSID=%s*))",
+ LDAP_OBJ_GROUPMAP,
+ type, sid_to_fstring(tmp, sid));
+ state->attrs = talloc_attrs(search, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
state->attrsonly = 0;
@@ -4687,9 +4728,9 @@ static bool ldapsam_search_aliases(struct pdb_methods *methods,
return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
}
-static bool ldapsam_rid_algorithm(struct pdb_methods *methods)
+static uint32_t ldapsam_capabilities(struct pdb_methods *methods)
{
- return False;
+ return PDB_CAP_STORE_RIDS;
}
static NTSTATUS ldapsam_get_new_rid(struct ldapsam_privates *priv,
@@ -4945,7 +4986,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
uid_t uid = -1;
NTSTATUS ret;
int rc;
-
+
if (((acb_info & ACB_NORMAL) && name[strlen(name)-1] == '$') ||
acb_info & ACB_WSTRUST ||
acb_info & ACB_SVRTRUST ||
@@ -4961,7 +5002,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_ACCESS_DENIED;
}
talloc_autofree_ldapmsg(tmp_ctx, result);
@@ -4971,7 +5012,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
DEBUG (0, ("ldapsam_create_user: More than one user with name [%s] ?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix account.
@@ -5000,7 +5041,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
if (num_result == 0) {
add_posix = True;
}
-
+
/* Create the basic samu structure and generate the mods for the ldap commit */
if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n"));
@@ -5084,8 +5125,8 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
}
- uidstr = talloc_asprintf(tmp_ctx, "%d", uid);
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
@@ -5146,7 +5187,7 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *
int rc;
DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct)));
-
+
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
@@ -5228,7 +5269,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DOM_SID group_sid;
gid_t gid = -1;
int rc;
-
+
groupname = escape_ldap_string_alloc(name);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
groupname, LDAP_OBJ_POSIXGROUP);
@@ -5247,7 +5288,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG (0, ("ldapsam_create_group: There exists more than one group with name [%s]: bailing out!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix group.
@@ -5271,7 +5312,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG (1, ("ldapsam_create_group: Couldn't retrieve the gidNumber for [%s]?!?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
gid = strtoul(tmp, NULL, 10);
dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry);
@@ -5287,14 +5328,14 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
is_new_entry = True;
-
+
/* lets allocate a new groupid for this group */
if (!winbind_allocate_gid(&gid)) {
DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
escape_name = escape_rdn_val_string_alloc(name);
if (!escape_name) {
@@ -5484,7 +5525,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
default:
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* get member sid */
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
@@ -5531,7 +5572,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
/* check if we are trying to remove the member from his primary group */
char *gidstr;
gid_t user_gid, group_gid;
-
+
gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx);
if (!gidstr) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n"));
@@ -5539,7 +5580,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
}
user_gid = strtoul(gidstr, NULL, 10);
-
+
if (!sid_to_gid(&group_sid, &group_gid)) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -5614,7 +5655,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
}
return NT_STATUS_UNSUCCESSFUL;
}
-
+
return NT_STATUS_OK;
}
@@ -5652,10 +5693,10 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
- DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+ DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- gidstr = talloc_asprintf(mem_ctx, "%d", gid);
+ gidstr = talloc_asprintf(mem_ctx, "%u", (unsigned int)gid);
if (!gidstr) {
DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;
@@ -5744,6 +5785,7 @@ static char *trusteddom_dn(struct ldapsam_privates *ldap_state,
}
static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ TALLOC_CTX *mem_ctx,
const char *domain, LDAPMessage **entry)
{
int rc;
@@ -5766,6 +5808,10 @@ static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
filter, attrs, attrsonly, &result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc == LDAP_NO_SUCH_OBJECT) {
*entry = NULL;
return True;
@@ -5779,15 +5825,15 @@ static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
if (num_result > 1) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
- "sambaTrustedDomainPassword object for domain '%s'"
- "?!\n", domain));
+ "%s object for domain '%s'?!\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
return False;
}
if (num_result == 0) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
- "sambaTrustedDomainPassword object for domain %s.\n",
- domain));
+ "%s object for domain %s.\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
*entry = NULL;
} else {
*entry = ldap_first_entry(priv2ld(ldap_state), result);
@@ -5808,7 +5854,7 @@ static bool ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
(entry == NULL))
{
return False;
@@ -5879,21 +5925,24 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
* get the current entry (if there is one) in order to put the
* current password into the previous password attribute
*/
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
mods = NULL;
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- "sambaTrustedDomainPassword");
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
sid_string_tos(sid));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaPwdLastSet",
- talloc_asprintf(talloc_tos(), "%li", time(NULL)));
+ talloc_asprintf(talloc_tos(), "%li", (long int)time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
+
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
@@ -5931,7 +5980,7 @@ static bool ldapsam_del_trusteddom_pw(struct pdb_methods *methods,
LDAPMessage *entry = NULL;
const char *trusted_dn;
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
@@ -5982,6 +6031,10 @@ static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
attrsonly,
&result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -6101,7 +6154,7 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
(*pdb_method)->get_seq_num = ldapsam_get_seq_num;
- (*pdb_method)->rid_algorithm = ldapsam_rid_algorithm;
+ (*pdb_method)->capabilities = ldapsam_capabilities;
(*pdb_method)->new_rid = ldapsam_new_rid;
(*pdb_method)->get_trusteddom_pw = ldapsam_get_trusteddom_pw;
@@ -6250,21 +6303,21 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
return NT_STATUS_UNSUCCESSFUL;
}
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
+ dn = smbldap_talloc_dn(talloc_tos(), ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
ldap_state->domain_dn = smb_xstrdup(dn);
- ldap_memfree(dn);
+ TALLOC_FREE(dn);
domain_sid_string = smbldap_talloc_single_attribute(
ldap_state->smbldap_state->ldap_struct,
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- NULL);
+ talloc_tos());
if (domain_sid_string) {
bool found_sid;
@@ -6300,7 +6353,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
- NULL);
+ talloc_tos());
if (alg_rid_base_string) {
alg_rid_base = (uint32)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {