Fix bug 4901

[samba.git] / source / passdb / pdb_ldap.c

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 205b178a93f8bae746e5f8a93e6ce25ed8b7f7cd..d941abb00e68763279dda1dfb0a32e49c07f8581 100644 (file)
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -349,6 +349,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
        filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
                get_objclass_filter(ldap_state->schema_ver));
        if (!filter) {
+               SAFE_FREE(escape_user);
                return LDAP_NO_MEMORY;
        }
        /*
@@ -358,10 +359,10 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 
        filter = talloc_all_string_sub(talloc_tos(),
                                filter, "%u", escape_user);
+       SAFE_FREE(escape_user);
        if (!filter) {
                return LDAP_NO_MEMORY;
        }
-       SAFE_FREE(escape_user);
 
        ret = smbldap_search_suffix(ldap_state->smbldap_state,
                        filter, attr, result);
@@ -1912,8 +1913,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
                        ldap_mods_free(mods,True);
                return NT_STATUS_UNSUCCESSFUL;
        }
-       
-       if (mods == NULL) {
+
+       if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+           && (mods == NULL)) {
                DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
                         pdb_get_username(newpwd)));
                SAFE_FREE(dn);
@@ -1921,7 +1923,11 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
        }
        
        ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
-       ldap_mods_free(mods,True);
+
+       if (mods != NULL) {
+               ldap_mods_free(mods,True);
+       }
+
        SAFE_FREE(dn);
 
        /*
@@ -1973,7 +1979,7 @@ static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
 
        /* rename the posix user */
        rename_script = SMB_STRDUP(lp_renameuser_script());
-       if (rename_script) {
+       if (rename_script == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -2683,7 +2689,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
                        goto done;
                }
 
-               rc = smbldap_search(conn, lp_ldap_user_suffix(),
+               rc = smbldap_search(conn, lp_ldap_suffix(),
                                    LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
                                    &result);
 
@@ -2739,7 +2745,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
                                 LDAP_OBJ_SAMBASAMACCOUNT,
                                 gidstr);
 
-       rc = smbldap_search(conn, lp_ldap_user_suffix(),
+       rc = smbldap_search(conn, lp_ldap_suffix(),
                            LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
                            &result);
 
@@ -2823,7 +2829,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
                goto done;
        }
 
-       rc = smbldap_search(conn, lp_ldap_user_suffix(),
+       rc = smbldap_search(conn, lp_ldap_suffix(),
                            LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
 
        if (rc != LDAP_SUCCESS)
@@ -2886,8 +2892,9 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
        /* This sid will be replaced later */
 
-       if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
-               ret = NT_STATUS_NO_MEMORY;
+       ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+                                     &num_sids);
+       if (!NT_STATUS_IS_OK(ret)) {
                goto done;
        }
 
@@ -2926,9 +2933,9 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
                                ret = NT_STATUS_NO_MEMORY;
                                goto done;
                        }
-                       if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
-                                               &num_sids)) {
-                               ret = NT_STATUS_NO_MEMORY;
+                       ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+                                                     &num_sids);
+                       if (!NT_STATUS_IS_OK(ret)) {
                                goto done;
                        }
                }
@@ -3646,14 +3653,17 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
 
        for (i=0; i<count; i++) {
                DOM_SID member;
+               NTSTATUS status;
 
                if (!string_to_sid(&member, values[i]))
                        continue;
 
-               if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+               status = add_sid_to_array(NULL, &member, pp_members,
+                                         &num_members);
+               if (!NT_STATUS_IS_OK(status)) {
                        ldap_value_free(values);
                        ldap_msgfree(result);
-                       return NT_STATUS_NO_MEMORY;
+                       return status;
                }
        }
 
@@ -6260,7 +6270,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
                    entry,
                    get_userattr_key2string(ldap_state->schema_ver,
                                            LDAP_ATTR_USER_SID),
-                   NULL);
+                   talloc_tos());
 
        if (domain_sid_string) {
                bool found_sid;
@@ -6296,7 +6306,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
                    entry,
                    get_attr_key2string( dominfo_attr_list,
                                         LDAP_ATTR_ALGORITHMIC_RID_BASE ),
-                   NULL);
+                   talloc_tos());
        if (alg_rid_base_string) {
                alg_rid_base = (uint32)atol(alg_rid_base_string);
                if (alg_rid_base != algorithmic_rid_base()) {