filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
if (!filter) {
+ SAFE_FREE(escape_user);
return LDAP_NO_MEMORY;
}
/*
filter = talloc_all_string_sub(talloc_tos(),
filter, "%u", escape_user);
+ SAFE_FREE(escape_user);
if (!filter) {
return LDAP_NO_MEMORY;
}
- SAFE_FREE(escape_user);
ret = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr, result);
}
}
if (hex_failed) {
- DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n",
+ DEBUG(2,("init_sam_from_ldap: Failed to get password history for user %s\n",
username));
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
}
struct berval *retdata = NULL;
char *utf8_password;
char *utf8_dn;
+ size_t converted_size;
if (!ldap_state->is_nds_ldap) {
}
}
- if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) {
+ if (!push_utf8_allocate(&utf8_password,
+ pdb_get_plaintext_passwd(newpwd),
+ &converted_size))
+ {
return NT_STATUS_NO_MEMORY;
}
- if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) {
SAFE_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_UNSUCCESSFUL;
}
- ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "n}");
+ if ((ber_printf (ber, "{") < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
+ (ber_printf (ber, "n}") < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
}
-
- if (mods == NULL) {
+
+ if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+ && (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
SAFE_FREE(dn);
}
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
- ldap_mods_free(mods,True);
+
+ if (mods != NULL) {
+ ldap_mods_free(mods,True);
+ }
+
SAFE_FREE(dn);
/*
/* rename the posix user */
rename_script = SMB_STRDUP(lp_renameuser_script());
- if (rename_script) {
+ if (rename_script == NULL) {
return NT_STATUS_NO_MEMORY;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
entry, "sambaSID",
mem_ctx);
if (!sidstr) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the sambaSID"
+ "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
entry,
get_global_sam_sid(),
&rid)) {
- DEBUG(0, ("Severe DB error, sambaSamAccount can't miss "
- "the sambaSID attribute\n"));
+ DEBUG(0, ("Severe DB error, %s can't miss the samba SID" "attribute\n", LDAP_OBJ_SAMBASAMACCOUNT));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
/* This sid will be replaced later */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
}
int rc;
filter = talloc_asprintf(mem_ctx,
- "(&(objectClass=posixGroup)(gidNumber=%u))",
- map->gid);
+ "(&(objectClass=%s)(gidNumber=%u))",
+ LDAP_OBJ_POSIXGROUP, map->gid);
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
mods = NULL;
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
- "sambaGroupMapping");
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
mods = NULL;
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaSidEntry");
+ LDAP_OBJ_SID_ENTRY);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass",
- "sambaGroupMapping");
-
+ LDAP_OBJ_GROUPMAP);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
for (i=0; i<count; i++) {
DOM_SID member;
+ NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ status = add_sid_to_array(NULL, &member, pp_members,
+ &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
char *escaped = NULL;
char *result = NULL;
- asprintf(&filter, "(&%s(objectclass=sambaSamAccount))",
- "(uid=%u)");
+ asprintf(&filter, "(&%s(objectclass=%s))",
+ "(uid=%u)", LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) goto done;
escaped = escape_ldap_string_alloc(username);
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint32 acct_flags;
DEBUG(5, ("\"uid\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "displayName");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"displayName\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->fullname),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->fullname),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapuser2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
+
ldap_value_free(vals);
if ((result->account_name == NULL) ||
struct samr_displayentry *result)
{
char **vals;
+ size_t converted_size;
DOM_SID sid;
uint16 group_type;
DEBUG(5, ("\"cn\" not found\n"));
return False;
}
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc "
+ "failed: %s", strerror(errno)));
+ }
}
- else {
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->account_name),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **,
+ &result->account_name),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
}
ldap_value_free(vals);
vals = ldap_get_values(ld, entry, "description");
if ((vals == NULL) || (vals[0] == NULL))
DEBUG(8, ("\"description\" not found\n"));
- else
- pull_utf8_talloc(mem_ctx,
- CONST_DISCARD(char **, &result->description),
- vals[0]);
+ else if (!pull_utf8_talloc(mem_ctx,
+ CONST_DISCARD(char **, &result->description),
+ vals[0], &converted_size))
+ {
+ DEBUG(0,("ldapgroup2displayentry: pull_utf8_talloc failed: %s",
+ strerror(errno)));
+ }
ldap_value_free(vals);
if ((result->account_name == NULL) ||
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
}
-
+
+ result->acct_flags = 0;
+
return True;
}
state->connection = ldap_state->smbldap_state;
state->scope = LDAP_SCOPE_SUBTREE;
state->filter = talloc_asprintf(search->mem_ctx,
- "(&(objectclass=sambaGroupMapping)"
- "(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_to_fstring(tmp, sid));
+ "(&(objectclass=%s)"
+ "(sambaGroupType=%d)(sambaSID=%s*))",
+ LDAP_OBJ_GROUPMAP,
+ type, sid_to_fstring(tmp, sid));
state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_user: ldap search failed!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_ACCESS_DENIED;
}
talloc_autofree_ldapmsg(tmp_ctx, result);
DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass)));
if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) {
- DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n"));
+ DEBUG(0,("ldapsam_set_primary_group: failed to retrieve gid from user's group SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
gidstr = talloc_asprintf(mem_ctx, "%d", gid);
}
static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ TALLOC_CTX *mem_ctx,
const char *domain, LDAPMessage **entry)
{
int rc;
rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
filter, attrs, attrsonly, &result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc == LDAP_NO_SUCH_OBJECT) {
*entry = NULL;
return True;
if (num_result > 1) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
- "sambaTrustedDomainPassword object for domain '%s'"
- "?!\n", domain));
+ "%s object for domain '%s'?!\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
return False;
}
if (num_result == 0) {
DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
- "sambaTrustedDomainPassword object for domain %s.\n",
- domain));
+ "%s object for domain %s.\n",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain));
*entry = NULL;
} else {
*entry = ldap_first_entry(priv2ld(ldap_state), result);
DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
(entry == NULL))
{
return False;
* get the current entry (if there is one) in order to put the
* current password into the previous password attribute
*/
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
mods = NULL;
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
- "sambaTrustedDomainPassword");
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
domain);
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
talloc_asprintf(talloc_tos(), "%li", time(NULL)));
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
+
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
LDAPMessage *entry = NULL;
const char *trusted_dn;
- if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
return False;
}
attrsonly,
&result);
+ if (result != NULL) {
+ talloc_autofree_ldapmsg(mem_ctx, result);
+ }
+
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
entry,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
- NULL);
+ talloc_tos());
if (domain_sid_string) {
bool found_sid;
entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
- NULL);
+ talloc_tos());
if (alg_rid_base_string) {
alg_rid_base = (uint32)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {