This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
temp))
return (time_t) 0;
- strptime(temp, "%Y%m%d%H%M%SZ", &tm);
+ if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
+ DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
+ (char*)temp));
+ return (time_t) 0;
+ }
tzset();
return timegm(&tm);
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
+ slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time_noncalc(sampass));
if (need_update(sampass, PDB_CANCHANGETIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
}
if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) {
+ SAFE_FREE(utf8_password);
return NT_STATUS_NO_MEMORY;
}
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
SAFE_FREE(utf8_password);
+ SAFE_FREE(utf8_dn);
return NT_STATUS_UNSUCCESSFUL;
}
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "N}");
+ ber_printf (ber, "n}");
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n",
rename_script, rc));
+ if (rc == 0) {
+ smb_nscd_flush_user_cache();
+ }
+
if (rc)
return NT_STATUS_UNSUCCESSFUL;
TALLOC_FREE( attr_list );
if (num_result == 0) {
+ char *escape_username;
/* Check if we need to add an entry */
DEBUG(3,("ldapsam_add_sam_account: Adding new user\n"));
ldap_op = LDAP_MOD_ADD;
+
+ escape_username = escape_rdn_val_string_alloc(username);
+ if (!escape_username) {
+ DEBUG(0, ("Out of memory!\n"));
+ ldap_msgfree(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (username[strlen(username)-1] == '$') {
- slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_machine_suffix ());
+ slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_machine_suffix ());
} else {
- slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_user_suffix ());
+ slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_user_suffix ());
}
+
+ SAFE_FREE(escape_username);
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE)));
return False;
}
- map->sid_name_use = (enum SID_NAME_USE)atol(temp);
+ map->sid_name_use = (enum lsa_SidType)atol(temp);
if ((map->sid_name_use < SID_NAME_USER) ||
(map->sid_name_use > SID_NAME_UNKNOWN)) {
if (values) {
- filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBAACCOUNT);
+ filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
}
for (memberuid = values; *memberuid != NULL; memberuid += 1) {
- filter = talloc_asprintf_append(filter, "(uid=%s)", *memberuid);
+ char *escape_memberuid;
+
+ escape_memberuid = escape_ldap_string_alloc(*memberuid);
+ if (escape_memberuid == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
if (filter == NULL) {
+ SAFE_FREE(escape_memberuid);
ret = NT_STATUS_NO_MEMORY;
goto done;
}
+
+ SAFE_FREE(escape_memberuid);
}
- filter = talloc_asprintf_append(filter, "))");
+ filter = talloc_asprintf_append_buffer(filter, "))");
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
sid_peek_rid(&sid, &rid);
- add_rid_to_array_unique(mem_ctx, rid, pp_member_rids,
- p_num_members);
+ if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids,
+ p_num_members)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
}
goto done;
}
- add_rid_to_array_unique(mem_ctx, rid, pp_member_rids,
- p_num_members);
+ if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids,
+ p_num_members)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
ret = NT_STATUS_OK;
primary_gid = strtoul(gidstr, NULL, 10);
break;
default:
- DEBUG(1, ("found more than one accoutn with the same user name ?!\n"));
+ DEBUG(1, ("found more than one account with the same user name ?!\n"));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
/* We need to add the primary group as the first gid/sid */
- add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids);
+ if (!add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
/* This sid will be replaced later */
- add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids);
+ if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
for (entry = ldap_first_entry(conn->ldap_struct, result);
entry != NULL;
if (gid == primary_gid) {
sid_copy(&(*pp_sids)[0], &sid);
} else {
- add_gid_to_array_unique(mem_ctx, gid, pp_gids,
- &num_gids);
- add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids);
+ if (!add_gid_to_array_unique(mem_ctx, gid, pp_gids,
+ &num_gids)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids)) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
}
*********************************************************************/
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *domsid, enum SID_NAME_USE sid_name_use,
+ const DOM_SID *domsid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
BOOL unix_only)
int count;
LDAPMod **mods = NULL;
int rc;
- enum SID_NAME_USE type = SID_NAME_USE_NONE;
+ enum lsa_SidType type = SID_NAME_USE_NONE;
pstring filter;
int i;
pstring filter;
size_t num_members = 0;
- enum SID_NAME_USE type = SID_NAME_USE_NONE;
+ enum lsa_SidType type = SID_NAME_USE_NONE;
*pp_members = NULL;
*p_num_members = 0;
if (!string_to_sid(&member, values[i]))
continue;
- add_sid_to_array(NULL, &member, pp_members, &num_members);
+ if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ ldap_value_free(values);
+ ldap_msgfree(result);
+ return NT_STATUS_NO_MEMORY;
+ }
}
*p_num_members = num_members;
int i;
int rc;
char *filter;
- enum SID_NAME_USE type = SID_NAME_USE_NONE;
+ enum lsa_SidType type = SID_NAME_USE_NONE;
if (sid_check_is_builtin(domain_sid)) {
type = SID_NAME_ALIAS;
if (!sid_peek_check_rid(domain_sid, &sid, &rid))
continue;
- add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids,
- p_num_alias_rids);
+ if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids,
+ p_num_alias_rids)) {
+ ldap_msgfree(result);
+ return NT_STATUS_NO_MEMORY;
+ }
}
ldap_msgfree(result);
static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
int policy_index, uint32 value)
{
- if (!account_policy_migrated(False)) {
- return (account_policy_set(policy_index, value)) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
- }
-
return ldapsam_set_account_policy_in_ldap(methods, policy_index,
value);
}
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
- if (!account_policy_migrated(False)) {
- return (account_policy_get(policy_index, value))
- ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
- }
-
if (cache_account_policy_get(policy_index, value)) {
DEBUG(11,("ldapsam_get_account_policy: got valid value from "
"cache\n"));
int num_rids,
uint32 *rids,
const char **names,
- enum SID_NAME_USE *attrs)
+ enum lsa_SidType *attrs)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
for (i=0; i<num_rids; i++) {
DOM_SID sid;
sid_compose(&sid, domain_sid, rids[i]);
- allsids = talloc_asprintf_append(allsids, "(sambaSid=%s)",
+ allsids = talloc_asprintf_append_buffer(allsids, "(sambaSid=%s)",
sid_string_static(&sid));
if (allsids == NULL) {
goto done;
uint32 rid;
int rid_index;
const char *attr;
- enum SID_NAME_USE type;
+ enum lsa_SidType type;
const char *dn = smbldap_talloc_dn(mem_ctx, ld, entry);
attr = smbldap_talloc_single_attribute(ld, entry, "sambaGroupType",
continue;
}
- type = (enum SID_NAME_USE)atol(attr);
+ type = (enum lsa_SidType)atol(attr);
/* Consistency checks */
if ((is_builtin && (type != SID_NAME_ALIAS)) ||
static BOOL ldapsam_search_grouptype(struct pdb_methods *methods,
struct pdb_search *search,
const DOM_SID *sid,
- enum SID_NAME_USE type)
+ enum lsa_SidType type)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
static BOOL ldapsam_sid_to_id(struct pdb_methods *methods,
const DOM_SID *sid,
- union unid_t *id, enum SID_NAME_USE *type)
+ union unid_t *id, enum lsa_SidType *type)
{
struct ldapsam_privates *priv =
(struct ldapsam_privates *)methods->private_data;
}
id->gid = strtoul(gid_str, NULL, 10);
- *type = (enum SID_NAME_USE)strtoul(value, NULL, 10);
+ *type = (enum lsa_SidType)strtoul(value, NULL, 10);
ret = True;
goto done;
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
if (add_posix) {
+ char *escape_name;
+
DEBUG(3,("ldapsam_create_user: Creating new posix user\n"));
/* retrieve the Domain Users group gid */
}
uidstr = talloc_asprintf(tmp_ctx, "%d", uid);
gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
+
+ escape_name = escape_rdn_val_string_alloc(name);
+ if (!escape_name) {
+ DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (is_machine) {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_machine_suffix ());
+ dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ());
} else {
- dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", name, lp_ldap_user_suffix ());
+ dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ());
}
+ SAFE_FREE(escape_name);
+
if (!homedir || !shell || !uidstr || !gidstr || !dn) {
DEBUG (0, ("ldapsam_create_user: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (num_result == 0) {
+ char *escape_name;
+
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
is_new_entry = True;
}
gidstr = talloc_asprintf(tmp_ctx, "%d", gid);
- dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", name, lp_ldap_group_suffix());
+
+ escape_name = escape_rdn_val_string_alloc(name);
+ if (!escape_name) {
+ DEBUG (0, ("ldapsam_create_group: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix());
+
+ SAFE_FREE(escape_name);
if (!gidstr || !dn) {
DEBUG (0, ("ldapsam_create_group: Out of memory!\n"));
uint32 num_result;
LDAPMod **mods = NULL;
char *filter;
+ char *escape_username;
char *gidstr;
const char *dn = NULL;
gid_t gid;
DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n"));
return NT_STATUS_NO_MEMORY;
}
-
+
+ escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+ if (escape_username== NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
filter = talloc_asprintf(mem_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
- pdb_get_username(sampass),
+ escape_username,
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
+
+ SAFE_FREE(escape_username);
+
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
+
+/**********************************************************************
+ trusted domains functions
+ *********************************************************************/
+
+static char *trusteddom_dn(struct ldapsam_privates *ldap_state,
+ const char *domain)
+{
+ return talloc_asprintf(talloc_tos(), "sambaDomainName=%s,%s", domain,
+ ldap_state->domain_dn);
+}
+
+static BOOL get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+ const char *domain, LDAPMessage **entry)
+{
+ int rc;
+ char *filter;
+ int scope = LDAP_SCOPE_SUBTREE;
+ const char **attrs = NULL; /* NULL: get all attrs */
+ int attrsonly = 0; /* 0: return values too */
+ LDAPMessage *result = NULL;
+ char *trusted_dn;
+ uint32 num_result;
+
+ filter = talloc_asprintf(talloc_tos(),
+ "(&(objectClass=%s)(sambaDomainName=%s))",
+ LDAP_OBJ_TRUSTDOM_PASSWORD, domain);
+
+ trusted_dn = trusteddom_dn(ldap_state, domain);
+ if (trusted_dn == NULL) {
+ return False;
+ }
+ rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
+ filter, attrs, attrsonly, &result);
+
+ if (rc == LDAP_NO_SUCH_OBJECT) {
+ *entry = NULL;
+ return True;
+ }
+
+ if (rc != LDAP_SUCCESS) {
+ return False;
+ }
+
+ num_result = ldap_count_entries(priv2ld(ldap_state), result);
+
+ if (num_result > 1) {
+ DEBUG(1, ("ldapsam_get_trusteddom_pw: more than one "
+ "sambaTrustedDomainPassword object for domain '%s'"
+ "?!\n", domain));
+ return False;
+ }
+
+ if (num_result == 0) {
+ DEBUG(1, ("ldapsam_get_trusteddom_pw: no "
+ "sambaTrustedDomainPassword object for domain %s.\n",
+ domain));
+ *entry = NULL;
+ } else {
+ *entry = ldap_first_entry(priv2ld(ldap_state), result);
+ }
+
+ return True;
+}
+
+static BOOL ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
+ const char *domain,
+ char** pwd,
+ DOM_SID *sid,
+ time_t *pass_last_set_time)
+{
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
+ LDAPMessage *entry = NULL;
+
+ DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
+
+ if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+ (entry == NULL))
+ {
+ return False;
+ }
+
+ /* password */
+ if (pwd != NULL) {
+ char *pwd_str;
+ pwd_str = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry, "sambaClearTextPassword", talloc_tos());
+ if (pwd_str == NULL) {
+ return False;
+ }
+ /* trusteddom_pw routines do not use talloc yet... */
+ *pwd = SMB_STRDUP(pwd_str);
+ if (*pwd == NULL) {
+ return False;
+ }
+ }
+
+ /* last change time */
+ if (pass_last_set_time != NULL) {
+ char *time_str;
+ time_str = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry, "sambaPwdLastSet", talloc_tos());
+ if (time_str == NULL) {
+ return False;
+ }
+ *pass_last_set_time = (time_t)atol(time_str);
+ }
+
+ /* domain sid */
+ if (sid != NULL) {
+ char *sid_str;
+ DOM_SID *dom_sid;
+ sid_str = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry, "sambaSID",
+ talloc_tos());
+ if (sid_str == NULL) {
+ return False;
+ }
+ dom_sid = string_sid_talloc(talloc_tos(), sid_str);
+ if (dom_sid == NULL) {
+ return False;
+ }
+ sid_copy(sid, dom_sid);
+ }
+
+ return True;
+}
+
+static BOOL ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
+ const char* domain,
+ const char* pwd,
+ const DOM_SID *sid)
+{
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
+ LDAPMessage *entry = NULL;
+ LDAPMod **mods = NULL;
+ char *prev_pwd = NULL;
+ char *trusted_dn = NULL;
+ int rc;
+
+ DEBUG(10, ("ldapsam_set_trusteddom_pw called for domain %s\n", domain));
+
+ /*
+ * get the current entry (if there is one) in order to put the
+ * current password into the previous password attribute
+ */
+ if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ return False;
+ }
+
+ mods = NULL;
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "objectClass",
+ "sambaTrustedDomainPassword");
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaDomainName",
+ domain);
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaSID",
+ sid_string_tos(sid));
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaPwdLastSet",
+ talloc_asprintf(talloc_tos(), "%li", time(NULL)));
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
+ "sambaClearTextPassword", pwd);
+ if (entry != NULL) {
+ prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry, "sambaClearTextPassword", talloc_tos());
+ if (prev_pwd != NULL) {
+ smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
+ "sambaPreviousClearTextPassword",
+ prev_pwd);
+ }
+ }
+
+ trusted_dn = trusteddom_dn(ldap_state, domain);
+ if (trusted_dn == NULL) {
+ return False;
+ }
+ if (entry == NULL) {
+ rc = smbldap_add(ldap_state->smbldap_state, trusted_dn, mods);
+ } else {
+ rc = smbldap_modify(ldap_state->smbldap_state, trusted_dn, mods);
+ }
+
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(1, ("error writing trusted domain password!\n"));
+ return False;
+ }
+
+ return True;
+}
+
+static BOOL ldapsam_del_trusteddom_pw(struct pdb_methods *methods,
+ const char *domain)
+{
+ int rc;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
+ LDAPMessage *entry = NULL;
+ const char *trusted_dn;
+
+ if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+ return False;
+ }
+
+ if (entry == NULL) {
+ DEBUG(5, ("ldapsam_del_trusteddom_pw: no such trusted domain: "
+ "%s\n", domain));
+ return True;
+ }
+
+ trusted_dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state),
+ entry);
+ if (trusted_dn == NULL) {
+ DEBUG(0,("ldapsam_del_trusteddom_pw: Out of memory!\n"));
+ return False;
+ }
+
+ rc = smbldap_delete(ldap_state->smbldap_state, trusted_dn);
+ if (rc != LDAP_SUCCESS) {
+ return False;
+ }
+
+ return True;
+}
+
+static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_domains,
+ struct trustdom_info ***domains)
+{
+ int rc;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
+ char *filter;
+ int scope = LDAP_SCOPE_SUBTREE;
+ const char *attrs[] = { "sambaDomainName", "sambaSID", NULL };
+ int attrsonly = 0; /* 0: return values too */
+ LDAPMessage *result = NULL;
+ LDAPMessage *entry = NULL;
+
+ filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)",
+ LDAP_OBJ_TRUSTDOM_PASSWORD);
+
+ rc = smbldap_search(ldap_state->smbldap_state,
+ ldap_state->domain_dn,
+ scope,
+ filter,
+ attrs,
+ attrsonly,
+ &result);
+
+ if (rc != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ *num_domains = 0;
+ if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (entry = ldap_first_entry(priv2ld(ldap_state), result);
+ entry != NULL;
+ entry = ldap_next_entry(priv2ld(ldap_state), entry))
+ {
+ char *dom_name, *dom_sid_str;
+ struct trustdom_info *dom_info;
+
+ dom_info = TALLOC_P(*domains, struct trustdom_info);
+ if (dom_info == NULL) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dom_name = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry,
+ "sambaDomainName",
+ talloc_tos());
+ if (dom_name == NULL) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ dom_info->name = dom_name;
+
+ dom_sid_str = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state), entry, "sambaSID",
+ talloc_tos());
+ if (dom_sid_str == NULL) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (!string_to_sid(&dom_info->sid, dom_sid_str)) {
+ DEBUG(1, ("Error calling string_to_sid on SID %s\n",
+ dom_sid_str));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info,
+ domains, num_domains);
+
+ if (*domains == NULL) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ DEBUG(5, ("ldapsam_enum_trusteddoms: got %d domains\n", *num_domains));
+ return NT_STATUS_OK;
+}
+
+
/**********************************************************************
Housekeeping
*********************************************************************/
(*pdb_method)->rid_algorithm = ldapsam_rid_algorithm;
(*pdb_method)->new_rid = ldapsam_new_rid;
+ (*pdb_method)->get_trusteddom_pw = ldapsam_get_trusteddom_pw;
+ (*pdb_method)->set_trusteddom_pw = ldapsam_set_trusteddom_pw;
+ (*pdb_method)->del_trusteddom_pw = ldapsam_del_trusteddom_pw;
+ (*pdb_method)->enum_trusteddoms = ldapsam_enum_trusteddoms;
+
/* TODO: Setup private data and free */
if ( !(ldap_state = TALLOC_ZERO_P(*pdb_method, struct ldapsam_privates)) ) {
return NT_STATUS_NO_MEMORY;
}
- nt_status = smbldap_init(*pdb_method, location, &ldap_state->smbldap_state);
+ nt_status = smbldap_init(*pdb_method, pdb_get_event_context(),
+ location, &ldap_state->smbldap_state);
if ( !NT_STATUS_IS_OK(nt_status) ) {
return nt_status;
dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
if (!dn) {
+ ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) {
DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be "
"read as a valid SID\n", domain_sid_string));
+ ldap_msgfree(result);
return NT_STATUS_INVALID_PARAMETER;
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,