}
}
if (hex_failed) {
- DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ DEBUG(2,("init_sam_from_ldap: Failed to get password history for user %s\n",
username));
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
entry, "sambaSID",
mem_ctx);
if (!sidstr) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
+ "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
entry,
get_global_sam_sid(),
&rid)) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the samba SID" "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=posixGroup)(gidNumber=%u))",
- map->gid);
+ "(&(objectClass=%s)(gidNumber=%u))",
+ LDAP_OBJ_POSIXGROUP, map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
- "sambaGroupMapping");
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
mods = NULL;
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaSidEntry");
+ LDAP_OBJ_SID_ENTRY);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaGroupMapping");
-
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
char *escaped = NULL;
char *result = NULL;
- asprintf(&filter, "(&%s(objectclass=sambaSamAccount))",
- "(uid=%u)");
+ asprintf(&filter, "(&%s(objectclass=%s))",
+ "(uid=%u)", LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) goto done;
escaped = escape_ldap_string_alloc(username);
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
}
-
+
+ result->acct_flags = 0;
+
return True;
}
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
state->filter = talloc_asprintf(search->mem_ctx,
- "(&(objectclass=sambaGroupMapping)"
- "(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_to_fstring(tmp, sid));
+ "(&(objectclass=%s)"
+ "(sambaGroupType=%d)(sambaSID=%s*))",
+ LDAP_OBJ_GROUPMAP,
+ type, sid_to_fstring(tmp, sid));
state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_ACCESS_DENIED;
}
talloc_autofree_ldapmsg(tmp_ctx, result);
DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
- DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+ DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
gidstr = talloc_asprintf(mem_ctx, "%d", gid);
}
static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ TALLOC_CTX *mem_ctx,
const char *domain, LDAPMessage **entry)
{
int rc;
rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
filter, attrs, attrsonly, &result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc == LDAP_NO_SUCH_OBJECT) {
*entry = NULL;
return True;
if (num_result > 1) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
- "sambaTrustedDomainPassword object for domain '%s'"
- "?!\n", domain));
+ "%s object for domain '%s'?!\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
return False;
}
if (num_result == 0) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
- "sambaTrustedDomainPassword object for domain %s.\n",
- domain));
+ "%s object for domain %s.\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
*entry = NULL;
} else {
*entry = ldap_first_entry(priv2ld(ldap_state), result);
DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
(entry == NULL))
{
return False;
* get the current entry (if there is one) in order to put the
* current password into the previous password attribute
*/
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
mods = NULL;
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- "sambaTrustedDomainPassword");
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
talloc_asprintf(talloc_tos(), "%li", time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
+
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
LDAPMessage *entry = NULL;
const char *trusted_dn;
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
attrsonly,
&result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}