static const char* get_objclass_filter( int schema_ver )
{
- static fstring objclass_filter;
+ fstring objclass_filter;
+ char *result;
switch( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
break;
default:
DEBUG(0,("get_objclass_filter: Invalid schema version specified!\n"));
+ objclass_filter[0] = '\0';
break;
}
- return objclass_filter;
+ result = talloc_strdup(talloc_tos(), objclass_filter);
+ SMB_ASSERT(result != NULL);
+ return result;
}
/*****************************************************************
TALLOC_CTX *mem_ctx;
char **values = NULL;
int rc, num_result, num_values, rid;
- pstring suffix;
- fstring tok;
+ char *suffix = NULL;
+ char *tok;
const char *p;
const char **attrs;
/* csn=20050126161620Z#0000001#00#00000 */
attrs[0] = talloc_strdup(mem_ctx, "syncreplCookie");
attrs[1] = NULL;
- pstr_sprintf( suffix, "cn=syncrepl%d,%s", rid, lp_ldap_suffix());
-
+ suffix = talloc_asprintf(mem_ctx,
+ "cn=syncrepl%d,%s", rid, lp_ldap_suffix());
+ if (!suffix) {
+ ntstatus = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
} else {
/* provider contextCSN */
/* 20050126161620Z#000009#00#000000 */
attrs[0] = talloc_strdup(mem_ctx, "contextCSN");
attrs[1] = NULL;
- pstr_sprintf( suffix, "cn=ldapsync,%s", lp_ldap_suffix());
+ suffix = talloc_asprintf(mem_ctx,
+ "cn=ldapsync,%s", lp_ldap_suffix());
+ if (!suffix) {
+ ntstatus = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
rc = smbldap_search(ldap_state->smbldap_state, suffix,
}
p = values[0];
- if (!next_token(&p, tok, "#", sizeof(tok))) {
+ if (!next_token_talloc(mem_ctx, &p, &tok, "#")) {
DEBUG(0,("ldapsam_get_seq_num: failed to parse sequence number\n"));
goto done;
}
Run the search by name.
******************************************************************/
-int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
+int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
const char *user,
LDAPMessage ** result,
const char **attr)
{
- pstring filter;
+ char *filter = NULL;
char *escape_user = escape_ldap_string_alloc(user);
+ int ret = -1;
if (!escape_user) {
return LDAP_NO_MEMORY;
* in the filter expression, replace %u with the real name
* so in ldap filter, %u MUST exist :-)
*/
- pstr_sprintf(filter, "(&%s%s)", "(uid=%u)",
+ filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
get_objclass_filter(ldap_state->schema_ver));
-
- /*
+ if (!filter) {
+ SAFE_FREE(escape_user);
+ return LDAP_NO_MEMORY;
+ }
+ /*
* have to use this here because $ is filtered out
- * in pstring_sub
+ * in string_sub
*/
-
- all_string_sub(filter, "%u", escape_user, sizeof(pstring));
+ filter = talloc_all_string_sub(talloc_tos(),
+ filter, "%u", escape_user);
SAFE_FREE(escape_user);
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
- return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
+ ret = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+ TALLOC_FREE(filter);
+ return ret;
}
/*******************************************************************
Run the search by rid.
******************************************************************/
-static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid, LDAPMessage ** result,
+static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
+ uint32 rid, LDAPMessage ** result,
const char **attr)
{
- pstring filter;
+ char *filter = NULL;
int rc;
- pstr_sprintf(filter, "(&(rid=%i)%s)", rid,
+ filter = talloc_asprintf(talloc_tos(), "(&(rid=%i)%s)", rid,
get_objclass_filter(ldap_state->schema_ver));
-
- rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
-
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
+
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+ TALLOC_FREE(filter);
return rc;
}
Run the search by SID.
******************************************************************/
-static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage ** result,
- const char **attr)
+static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
+ const DOM_SID *sid, LDAPMessage ** result,
+ const char **attr)
{
- pstring filter;
+ char *filter = NULL;
int rc;
fstring sid_string;
- pstr_sprintf(filter, "(&(%s=%s)%s)",
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, sid),
+ filter = talloc_asprintf(talloc_tos(), "(&(%s=%s)%s)",
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ sid_to_fstring(sid_string, sid),
get_objclass_filter(ldap_state->schema_ver));
-
- rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
-
+ if (!filter) {
+ return LDAP_NO_MEMORY;
+ }
+
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr, result);
+
+ TALLOC_FREE(filter);
return rc;
}
if (ptr != NULL) {
ber_free(ptr, 0);
}
-
+
smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
talloc_autofree_ldapmod(mem_ctx, mods);
-
+
return smbldap_modify(priv->smbldap_state, dn, mods);
}
-
+
static time_t ldapsam_get_entry_timestamp( struct ldapsam_privates *ldap_state, LDAPMessage * entry)
{
- pstring temp;
+ char *temp;
struct tm tm;
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
+ temp = smbldap_talloc_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP),
- temp))
+ talloc_tos());
+ if (!temp) {
return (time_t) 0;
+ }
if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
(char*)temp));
+ TALLOC_FREE(temp);
return (time_t) 0;
}
+ TALLOC_FREE(temp);
tzset();
return timegm(&tm);
}
(Based on init_sam_from_buffer in pdb_tdb.c)
*********************************************************************/
-static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
+static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
struct samu * sampass,
LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
kickoff_time,
- pass_last_set_time,
- pass_can_change_time,
+ pass_last_set_time,
+ pass_can_change_time,
pass_must_change_time,
ldap_entry_time,
bad_password_time;
- pstring username,
- domain,
- nt_username,
- fullname,
- homedir,
- dir_drive,
- logon_script,
- profile_path,
- acct_desc,
- workstations;
- char munged_dial[2048];
- uint32 user_rid;
+ char *username = NULL,
+ *domain = NULL,
+ *nt_username = NULL,
+ *fullname = NULL,
+ *homedir = NULL,
+ *dir_drive = NULL,
+ *logon_script = NULL,
+ *profile_path = NULL,
+ *acct_desc = NULL,
+ *workstations = NULL,
+ *munged_dial = NULL;
+ uint32 user_rid;
uint8 smblmpwd[LM_HASH_LEN],
smbntpwd[NT_HASH_LEN];
- BOOL use_samba_attrs = True;
+ bool use_samba_attrs = True;
uint32 acct_ctrl = 0;
uint16 logon_divs;
- uint16 bad_password_count = 0,
+ uint16 bad_password_count = 0,
logon_count = 0;
uint32 hours_len;
uint8 hours[MAX_HOURS_LEN];
- pstring temp;
+ char *temp = NULL;
LOGIN_CACHE *cache_entry = NULL;
uint32 pwHistLen;
- pstring tmpstring;
- BOOL expand_explicit = lp_passdb_expand_explicit();
-
- /*
- * do a little initialization
- */
- username[0] = '\0';
- domain[0] = '\0';
- nt_username[0] = '\0';
- fullname[0] = '\0';
- homedir[0] = '\0';
- dir_drive[0] = '\0';
- logon_script[0] = '\0';
- profile_path[0] = '\0';
- acct_desc[0] = '\0';
- munged_dial[0] = '\0';
- workstations[0] = '\0';
-
+ bool expand_explicit = lp_passdb_expand_explicit();
+ bool ret = false;
+ TALLOC_CTX *ctx = talloc_init("init_sam_from_ldap");
+ if (!ctx) {
+ return false;
+ }
if (sampass == NULL || ldap_state == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
- return False;
+ goto fn_exit;
}
if (priv2ld(ldap_state) == NULL) {
DEBUG(0, ("init_sam_from_ldap: ldap_state->smbldap_state->"
"ldap_struct is NULL!\n"));
- return False;
+ goto fn_exit;
}
-
- if (!smbldap_get_single_pstring(priv2ld(ldap_state), entry, "uid",
- username)) {
+
+ if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+ entry,
+ "uid",
+ ctx))) {
DEBUG(1, ("init_sam_from_ldap: No uid attribute found for "
"this user!\n"));
- return False;
+ goto fn_exit;
}
DEBUG(2, ("init_sam_from_ldap: Entry found for user: %s\n", username));
- pstrcpy(nt_username, username);
+ nt_username = talloc_strdup(ctx, username);
+ if (!nt_username) {
+ goto fn_exit;
+ }
+
+ domain = talloc_strdup(ctx, ldap_state->domain_name);
+ if (!domain) {
+ goto fn_exit;
+ }
- pstrcpy(domain, ldap_state->domain_name);
-
pdb_set_username(sampass, username, PDB_SET);
pdb_set_domain(sampass, domain, PDB_DEFAULT);
pdb_set_nt_username(sampass, nt_username, PDB_SET);
/* deal with different attributes between the schema first */
-
+
if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) {
- if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp)) {
+ if ((temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ ctx))!=NULL) {
pdb_set_user_sid_from_string(sampass, temp, PDB_SET);
}
} else {
- if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp)) {
+ if ((temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_RID),
+ ctx))!=NULL) {
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) {
DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_RID),
username));
return False;
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PWD_LAST_SET),
+ ctx);
+ if (temp) {
pass_last_set_time = (time_t) atol(temp);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+ pdb_set_pass_last_set_time(sampass,
+ pass_last_set_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGON_TIME),
+ ctx);
+ if (temp) {
logon_time = (time_t) atol(temp);
pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGOFF_TIME),
+ ctx);
+ if (temp) {
logoff_time = (time_t) atol(temp);
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_KICKOFF_TIME),
+ ctx);
+ if (temp) {
kickoff_time = (time_t) atol(temp);
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PWD_CAN_CHANGE),
+ ctx);
+ if (temp) {
pass_can_change_time = (time_t) atol(temp);
- pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+ pdb_set_pass_can_change_time(sampass,
+ pass_can_change_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PWD_MUST_CHANGE),
+ ctx);
+ if (temp) {
pass_must_change_time = (time_t) atol(temp);
- pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+ pdb_set_pass_must_change_time(sampass,
+ pass_must_change_time, PDB_SET);
}
/* recommend that 'gecos' and 'displayName' should refer to the same
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), fullname)) {
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_CN), fullname)) {
- /* leave as default */
- } else {
+ fullname = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_DISPLAY_NAME),
+ ctx);
+ if (fullname) {
+ pdb_set_fullname(sampass, fullname, PDB_SET);
+ } else {
+ fullname = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_CN),
+ ctx);
+ if (fullname) {
pdb_set_fullname(sampass, fullname, PDB_SET);
}
- } else {
- pdb_set_fullname(sampass, fullname, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), dir_drive))
- {
- pdb_set_dir_drive( sampass, lp_logon_drive(), PDB_DEFAULT );
- } else {
+ dir_drive = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_HOME_DRIVE),
+ ctx);
+ if (dir_drive) {
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
+ } else {
+ pdb_set_dir_drive( sampass, lp_logon_drive(), PDB_DEFAULT );
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir))
- {
- pdb_set_homedir( sampass,
- talloc_sub_basic(sampass, username, domain,
- lp_logon_home()),
- PDB_DEFAULT );
- } else {
- pstrcpy( tmpstring, homedir );
+ homedir = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_HOME_PATH),
+ ctx);
+ if (homedir) {
if (expand_explicit) {
- standard_sub_basic( username, domain, tmpstring,
- sizeof(tmpstring) );
+ homedir = talloc_sub_basic(ctx,
+ username,
+ domain,
+ homedir);
+ if (!homedir) {
+ goto fn_exit;
+ }
}
- pdb_set_homedir(sampass, tmpstring, PDB_SET);
+ pdb_set_homedir(sampass, homedir, PDB_SET);
+ } else {
+ pdb_set_homedir(sampass,
+ talloc_sub_basic(ctx, username, domain,
+ lp_logon_home()),
+ PDB_DEFAULT);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script))
- {
- pdb_set_logon_script( sampass,
- talloc_sub_basic(sampass, username, domain,
- lp_logon_script()),
- PDB_DEFAULT );
- } else {
- pstrcpy( tmpstring, logon_script );
+ logon_script = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGON_SCRIPT),
+ ctx);
+ if (logon_script) {
if (expand_explicit) {
- standard_sub_basic( username, domain, tmpstring,
- sizeof(tmpstring) );
+ logon_script = talloc_sub_basic(ctx,
+ username,
+ domain,
+ logon_script);
+ if (!logon_script) {
+ goto fn_exit;
+ }
}
- pdb_set_logon_script(sampass, tmpstring, PDB_SET);
+ pdb_set_logon_script(sampass, logon_script, PDB_SET);
+ } else {
+ pdb_set_logon_script(sampass,
+ talloc_sub_basic(ctx, username, domain,
+ lp_logon_script()),
+ PDB_DEFAULT );
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path))
- {
- pdb_set_profile_path( sampass,
- talloc_sub_basic( sampass, username, domain,
- lp_logon_path()),
- PDB_DEFAULT );
- } else {
- pstrcpy( tmpstring, profile_path );
+ profile_path = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PROFILE_PATH),
+ ctx);
+ if (profile_path) {
if (expand_explicit) {
- standard_sub_basic( username, domain, tmpstring,
- sizeof(tmpstring) );
+ profile_path = talloc_sub_basic(ctx,
+ username,
+ domain,
+ profile_path);
+ if (!profile_path) {
+ goto fn_exit;
+ }
}
- pdb_set_profile_path(sampass, tmpstring, PDB_SET);
+ pdb_set_profile_path(sampass, profile_path, PDB_SET);
+ } else {
+ pdb_set_profile_path(sampass,
+ talloc_sub_basic(ctx, username, domain,
+ lp_logon_path()),
+ PDB_DEFAULT );
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), acct_desc))
- {
- /* leave as default */
- } else {
+ acct_desc = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_DESC),
+ ctx);
+ if (acct_desc) {
pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations)) {
- /* leave as default */;
- } else {
+ workstations = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_WKS),
+ ctx);
+ if (workstations) {
pdb_set_workstations(sampass, workstations, PDB_SET);
}
- if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL), munged_dial, sizeof(munged_dial))) {
- /* leave as default */;
- } else {
+ munged_dial = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_MUNGED_DIAL),
+ ctx);
+ if (munged_dial) {
pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
}
-
+
/* FIXME: hours stuff should be cleaner */
-
+
logon_divs = 168;
hours_len = 21;
memset(hours, 0xff, hours_len);
char *user_dn;
size_t pwd_len;
char clear_text_pw[512];
-
+
/* Make call to Novell eDirectory ldap extension to get clear text password.
NOTE: This will only work if we have an SSL connection to eDirectory. */
user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
}
if (use_samba_attrs) {
- if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LMPW),
+ ctx);
+ if (temp) {
pdb_gethexpwd(temp, smblmpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
- return False;
+ if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) {
+ goto fn_exit;
+ }
ZERO_STRUCT(smblmpwd);
}
- if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_NTPW),
+ ctx);
+ if (temp) {
pdb_gethexpwd(temp, smbntpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
- return False;
+ if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) {
+ goto fn_exit;
+ }
ZERO_STRUCT(smbntpwd);
}
}
if (pwHistLen > 0){
uint8 *pwhist = NULL;
int i;
- char history_string[MAX_PW_HISTORY_LEN*64];
+ char *history_string = TALLOC_ARRAY(ctx, char,
+ MAX_PW_HISTORY_LEN*64);
+
+ if (!history_string) {
+ goto fn_exit;
+ }
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- if ((pwhist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
- DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
- return False;
+ if ((pwhist = TALLOC_ARRAY(ctx, uint8,
+ pwHistLen * PW_HISTORY_ENTRY_LEN)) ==
+ NULL){
+ DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
+ goto fn_exit;
}
memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);
- if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
- history_string, sizeof(history_string))) {
- /* leave as default - zeros */
- } else {
- BOOL hex_failed = False;
+ if (smbldap_get_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_PWD_HISTORY),
+ history_string,
+ MAX_PW_HISTORY_LEN*64)) {
+ bool hex_failed = false;
for (i = 0; i < pwHistLen; i++){
/* Get the 16 byte salt. */
- if (!pdb_gethexpwd(&history_string[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
- hex_failed = True;
+ if (!pdb_gethexpwd(&history_string[i*64],
+ &pwhist[i*PW_HISTORY_ENTRY_LEN])) {
+ hex_failed = true;
break;
}
/* Get the 16 byte MD5 hash of salt+passwd. */
if (!pdb_gethexpwd(&history_string[(i*64)+32],
- &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) {
+ &pwhist[(i*PW_HISTORY_ENTRY_LEN)+
+ PW_HISTORY_SALT_LEN])) {
hex_failed = True;
break;
}
}
}
if (!pdb_set_pw_history(sampass, pwhist, pwHistLen, PDB_SET)){
- SAFE_FREE(pwhist);
- return False;
+ goto fn_exit;
}
- SAFE_FREE(pwhist);
}
- if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp)) {
- acct_ctrl |= ACB_NORMAL;
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_ACB_INFO),
+ ctx);
+ if (temp) {
acct_ctrl = pdb_decode_acct_ctrl(temp);
- if (acct_ctrl == 0)
+ if (acct_ctrl == 0) {
acct_ctrl |= ACB_NORMAL;
+ }
pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+ } else {
+ acct_ctrl |= ACB_NORMAL;
}
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_BAD_PASSWORD_COUNT),
+ ctx);
+ if (temp) {
bad_password_count = (uint32) atol(temp);
- pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
+ pdb_set_bad_password_count(sampass,
+ bad_password_count, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_TIME), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_BAD_PASSWORD_TIME),
+ ctx);
+ if (temp) {
bad_password_time = (time_t) atol(temp);
pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET);
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_COUNT), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGON_COUNT),
+ ctx);
+ if (temp) {
logon_count = (uint32) atol(temp);
pdb_set_logon_count(sampass, logon_count, PDB_SET);
}
/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
- if(!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_HOURS), temp)) {
- /* leave as default */
- } else {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_LOGON_HOURS),
+ ctx);
+ if (temp) {
pdb_gethexhours(temp, hours);
memset((char *)temp, '\0', strlen(temp) +1);
pdb_set_hours(sampass, hours, PDB_SET);
}
if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
- if (smbldap_get_single_pstring(priv2ld(ldap_state), entry,
- "uidNumber", temp)) {
+ temp = smbldap_talloc_single_attribute(
+ priv2ld(ldap_state),
+ entry,
+ "uidNumber",
+ ctx);
+ if (temp) {
/* We've got a uid, feed the cache */
uid_t uid = strtoul(temp, NULL, 10);
store_uid_sid_cache(pdb_get_user_sid(sampass), uid);
}
/* check the timestamp of the cache vs ldap entry */
- if (!(ldap_entry_time = ldapsam_get_entry_timestamp(ldap_state,
- entry)))
- return True;
+ if (!(ldap_entry_time = ldapsam_get_entry_timestamp(ldap_state,
+ entry))) {
+ ret = true;
+ goto fn_exit;
+ }
/* see if we have newer updates */
if (!(cache_entry = login_cache_read(sampass))) {
DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n",
(unsigned int)pdb_get_bad_password_count(sampass),
(unsigned int)pdb_get_bad_password_time(sampass)));
- return True;
+ ret = true;
+ goto fn_exit;
}
- DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n",
- (unsigned int)ldap_entry_time, (unsigned int)cache_entry->entry_timestamp,
+ DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n",
+ (unsigned int)ldap_entry_time,
+ (unsigned int)cache_entry->entry_timestamp,
(unsigned int)cache_entry->bad_password_time));
if (ldap_entry_time > cache_entry->entry_timestamp) {
/* cache is older than directory , so
- we need to delete the entry but allow the
+ we need to delete the entry but allow the
fields to be written out */
login_cache_delentry(sampass);
} else {
/* read cache in */
- pdb_set_acct_ctrl(sampass,
- pdb_get_acct_ctrl(sampass) |
+ pdb_set_acct_ctrl(sampass,
+ pdb_get_acct_ctrl(sampass) |
(cache_entry->acct_ctrl & ACB_AUTOLOCK),
PDB_SET);
- pdb_set_bad_password_count(sampass,
- cache_entry->bad_password_count,
+ pdb_set_bad_password_count(sampass,
+ cache_entry->bad_password_count,
PDB_SET);
- pdb_set_bad_password_time(sampass,
- cache_entry->bad_password_time,
+ pdb_set_bad_password_time(sampass,
+ cache_entry->bad_password_time,
PDB_SET);
}
+ ret = true;
+
+ fn_exit:
+
+ TALLOC_FREE(ctx);
SAFE_FREE(cache_entry);
- return True;
+ return ret;
}
/**********************************************************************
(Based on init_buffer_from_sam in pdb_tdb.c)
*********************************************************************/
-static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
+static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
LDAPMessage *existing,
LDAPMod *** mods, struct samu * sampass,
- BOOL (*need_update)(const struct samu *,
+ bool (*need_update)(const struct samu *,
enum pdb_elements))
{
- pstring temp;
+ char *temp = NULL;
uint32 rid;
if (mods == NULL || sampass == NULL) {
*mods = NULL;
- /*
+ /*
* took out adding "objectclass: sambaAccount"
* do this on a per-mod basis
*/
if (need_update(sampass, PDB_USERSID)) {
fstring sid_string;
const DOM_SID *user_sid = pdb_get_user_sid(sampass);
-
+
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_static(user_sid),
- sid_string_static(&ldap_state->domain_sid)));
+ sid_string_dbg(user_sid),
+ sid_string_dbg(
+ &ldap_state->domain_sid)));
return False;
}
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ if (asprintf(&temp, "%i", rid) < 0) {
+ return false;
+ }
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),
temp);
+ SAFE_FREE(temp);
break;
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, user_sid));
+ sid_to_fstring(sid_string, user_sid));
break;
-
+
default:
DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n"));
break;
- }
+ }
}
/* we don't need to store the primary group RID - so leaving it
if (need_update(sampass, PDB_GROUPSID)) {
fstring sid_string;
const DOM_SID *group_sid = pdb_get_group_sid(sampass);
-
+
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_string_static(group_sid),
- sid_string_static(&ldap_state->domain_sid)));
+ sid_string_dbg(group_sid),
+ sid_string_dbg(
+ &ldap_state->domain_sid)));
return False;
}
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ if (asprintf(&temp, "%i", rid) < 0) {
+ return false;
+ }
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PRIMARY_GROUP_RID), temp);
+ SAFE_FREE(temp);
break;
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid));
+ LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_fstring(sid_string, group_sid));
break;
-
+
default:
DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n"));
break;
}
-
+
}
-
+
/* displayName, cn, and gecos should all be the same
* most easily accomplished by giving them the same OID
- * gecos isn't set here b/c it should be handled by the
+ * gecos isn't set here b/c it should be handled by the
* add-user script
* We change displayName only and fall back to cn if
* it does not exist.
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
pdb_get_workstations(sampass));
-
+
if (need_update(sampass, PDB_MUNGEDDIAL))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL),
pdb_get_munged_dial(sampass));
-
+
if (need_update(sampass, PDB_SMBHOME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
pdb_get_homedir(sampass));
-
+
if (need_update(sampass, PDB_DRIVE))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
- slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
+ if (asprintf(&temp, "%li", pdb_get_logon_time(sampass)) < 0) {
+ return false;
+ }
if (need_update(sampass, PDB_LOGONTIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
+ SAFE_FREE(temp);
- slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
+ if (asprintf(&temp, "%li", pdb_get_logoff_time(sampass)) < 0) {
+ return false;
+ }
if (need_update(sampass, PDB_LOGOFFTIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
+ SAFE_FREE(temp);
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
+ if (asprintf(&temp, "%li", pdb_get_kickoff_time(sampass)) < 0) {
+ return false;
+ }
if (need_update(sampass, PDB_KICKOFFTIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
+ SAFE_FREE(temp);
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time_noncalc(sampass));
+ if (asprintf(&temp, "%li", pdb_get_pass_can_change_time_noncalc(sampass)) < 0) {
+ return false;
+ }
if (need_update(sampass, PDB_CANCHANGETIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
+ SAFE_FREE(temp);
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
+ if (asprintf(&temp, "%li", pdb_get_pass_must_change_time(sampass)) < 0) {
+ return false;
+ }
if (need_update(sampass, PDB_MUSTCHANGETIME))
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp);
-
+ SAFE_FREE(temp);
if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))
|| (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
if (need_update(sampass, PDB_LMPASSWD)) {
- const uchar *lm_pw = pdb_get_lanman_passwd(sampass);
+ const uchar *lm_pw = pdb_get_lanman_passwd(sampass);
if (lm_pw) {
- pdb_sethexpwd(temp, lm_pw,
+ char pwstr[34];
+ pdb_sethexpwd(pwstr, lm_pw,
pdb_get_acct_ctrl(sampass));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
- temp);
+ pwstr);
} else {
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
}
}
if (need_update(sampass, PDB_NTPASSWD)) {
- const uchar *nt_pw = pdb_get_nt_passwd(sampass);
+ const uchar *nt_pw = pdb_get_nt_passwd(sampass);
if (nt_pw) {
- pdb_sethexpwd(temp, nt_pw,
+ char pwstr[34];
+ pdb_sethexpwd(pwstr, nt_pw,
pdb_get_acct_ctrl(sampass));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
- temp);
+ pwstr);
} else {
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
}
if (need_update(sampass, PDB_PWHISTORY)) {
+ char *pwstr = NULL;
uint32 pwHistLen = 0;
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+
+ pwstr = SMB_MALLOC_ARRAY(char, 1024);
+ if (!pwstr) {
+ return false;
+ }
if (pwHistLen == 0) {
/* Remove any password history from the LDAP store. */
- memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */
- temp[64] = '\0';
+ memset(pwstr, '0', 64); /* NOTE !!!! '0' *NOT '\0' */
+ pwstr[64] = '\0';
} else {
- int i;
+ int i;
uint32 currHistLen = 0;
const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);
if (pwhist != NULL) {
- /* We can only store (sizeof(pstring)-1)/64 password history entries. */
- pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
+ /* We can only store (1024-1/64 password history entries. */
+ pwHistLen = MIN(pwHistLen, ((1024-1)/64));
for (i=0; i< pwHistLen && i < currHistLen; i++) {
/* Store the salt. */
- pdb_sethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN], 0);
+ pdb_sethexpwd(&pwstr[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN], 0);
/* Followed by the md5 hash of salt + md4 hash */
- pdb_sethexpwd(&temp[(i*64)+32],
+ pdb_sethexpwd(&pwstr[(i*64)+32],
&pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN], 0);
- DEBUG(100, ("temp=%s\n", temp));
+ DEBUG(100, ("pwstr=%s\n", pwstr));
}
- }
+ }
}
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
- temp);
+ pwstr);
+ SAFE_FREE(pwstr);
}
if (need_update(sampass, PDB_PASSLASTSET)) {
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+ if (asprintf(&temp, "%li",
+ pdb_get_pass_last_set_time(sampass)) < 0) {
+ return false;
+ }
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
temp);
+ SAFE_FREE(temp);
}
}
if (need_update(sampass, PDB_HOURS)) {
const uint8 *hours = pdb_get_hours(sampass);
if (hours) {
- pdb_sethexhours(temp, hours);
+ char hourstr[44];
+ pdb_sethexhours(hourstr, hours);
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct,
existing,
mods,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_LOGON_HOURS),
- temp);
+ hourstr);
}
}
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN));
- /* password lockout cache:
+ /* password lockout cache:
- If we are now autolocking or clearing, we write to ldap
- If we are clearing, we delete the cache entry
- If the count is > 0, we update the cache
if ((badcount >= pol) || (badcount == 0)) {
DEBUG(7, ("making mods to update ldap, count=%u, time=%u\n",
(unsigned int)badcount, (unsigned int)badtime));
- slprintf (temp, sizeof (temp) - 1, "%li", (long)badcount);
+ if (asprintf(&temp, "%li", (long)badcount) < 0) {
+ return false;
+ }
smbldap_make_mod(
ldap_state->smbldap_state->ldap_struct,
- existing, mods,
+ existing, mods,
get_userattr_key2string(
- ldap_state->schema_ver,
+ ldap_state->schema_ver,
LDAP_ATTR_BAD_PASSWORD_COUNT),
temp);
+ SAFE_FREE(temp);
- slprintf (temp, sizeof (temp) - 1, "%li", badtime);
+ if (asprintf(&temp, "%li", badtime) < 0) {
+ return false;
+ }
smbldap_make_mod(
- ldap_state->smbldap_state->ldap_struct,
+ ldap_state->smbldap_state->ldap_struct,
existing, mods,
get_userattr_key2string(
- ldap_state->schema_ver,
- LDAP_ATTR_BAD_PASSWORD_TIME),
+ ldap_state->schema_ver,
+ LDAP_ATTR_BAD_PASSWORD_TIME),
temp);
+ SAFE_FREE(temp);
}
if (badcount == 0) {
DEBUG(7, ("bad password count is reset, deleting login cache entry for %s\n", pdb_get_nt_username(sampass)));
return True;
}
-/**********************************************************************
- Connect to LDAP server for password enumeration.
-*********************************************************************/
-
-static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update, uint32 acb_mask)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- int rc;
- pstring filter, suffix;
- const char **attr_list;
- BOOL machine_mask = False, user_mask = False;
-
- pstr_sprintf( filter, "(&%s%s)", "(uid=%u)",
- get_objclass_filter(ldap_state->schema_ver));
- all_string_sub(filter, "%u", "*", sizeof(pstring));
-
- machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)));
- user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL));
-
- if (machine_mask) {
- pstrcpy(suffix, lp_ldap_machine_suffix());
- } else if (user_mask) {
- pstrcpy(suffix, lp_ldap_user_suffix());
- } else {
- pstrcpy(suffix, lp_ldap_suffix());
- }
-
- DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n",
- acb_mask, suffix));
-
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
- rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- TALLOC_FREE( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result), suffix));
-
- ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- ldap_state->result);
- ldap_state->index = 0;
-
- return NT_STATUS_OK;
-}
-
/**********************************************************************
End enumeration of the LDAP password list.
*********************************************************************/
}
}
-/**********************************************************************
-Get the next entry in the LDAP password database.
-*********************************************************************/
-
-static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods,
- struct samu *user)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct ldapsam_privates *ldap_state =
- (struct ldapsam_privates *)my_methods->private_data;
- BOOL bret = False;
-
- while (!bret) {
- if (!ldap_state->entry)
- return ret;
-
- ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
-
- ldap_state->entry = ldap_next_entry(priv2ld(ldap_state),
- ldap_state->entry);
- }
-
- return NT_STATUS_OK;
-}
-
static void append_attr(TALLOC_CTX *mem_ctx, const char ***attr_list,
const char *new_attr)
{
LDAPMessage *entry = NULL;
int count;
int rc;
- fstring sid_string;
rc = ldapsam_get_ldap_user_by_sid(ldap_state,
sid, &result);
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (count < 1) {
- DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] count=%d\n", sid_to_string(sid_string, sid),
- count));
+ DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
+ "count=%d\n", sid_string_dbg(sid), count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
} else if (count > 1) {
- DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID [%s]. Failing. count=%d\n", sid_to_string(sid_string, sid),
- count));
+ DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID "
+ "[%s]. Failing. count=%d\n", sid_string_dbg(sid),
+ count));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
struct samu *newpwd, char *dn,
LDAPMod **mods, int ldap_op,
- BOOL (*need_update)(const struct samu *, enum pdb_elements))
+ bool (*need_update)(const struct samu *, enum pdb_elements))
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown"));
SAFE_FREE(ld_error);
ber_bvfree(bv);
+#if defined(LDAP_CONSTRAINT_VIOLATION)
+ if (rc == LDAP_CONSTRAINT_VIOLATION)
+ return NT_STATUS_PASSWORD_RESTRICTION;
+#endif
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
we need LDAP modification.
*********************************************************************/
-static BOOL element_is_changed(const struct samu *sampass,
+static bool element_is_changed(const struct samu *sampass,
enum pdb_elements element)
{
return IS_SAM_CHANGED(sampass, element);
ldap_mods_free(mods,True);
return NT_STATUS_UNSUCCESSFUL;
}
-
- if (mods == NULL) {
+
+ if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY)
+ && (mods == NULL)) {
DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n",
pdb_get_username(newpwd)));
SAFE_FREE(dn);
}
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
- ldap_mods_free(mods,True);
+
+ if (mods != NULL) {
+ ldap_mods_free(mods,True);
+ }
+
SAFE_FREE(dn);
/*
***************************************************************************/
static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods,
- struct samu *old_acct,
+ struct samu *old_acct,
const char *newname)
{
const char *oldname;
int rc;
- pstring rename_script;
+ char *rename_script = NULL;
fstring oldname_lower, newname_lower;
if (!old_acct) {
DEBUG(0, ("ldapsam_rename_sam_account: newname was NULL!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
oldname = pdb_get_username(old_acct);
- /* rename the posix user */
- pstrcpy(rename_script, lp_renameuser_script());
+ /* rename the posix user */
+ rename_script = SMB_STRDUP(lp_renameuser_script());
+ if (rename_script == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (!(*rename_script))
+ if (!(*rename_script)) {
+ SAFE_FREE(rename_script);
return NT_STATUS_ACCESS_DENIED;
+ }
- DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n",
+ DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n",
oldname, newname));
/* We have to allow the account name to end with a '$'.
strlower_m( oldname_lower );
fstrcpy( newname_lower, newname );
strlower_m( newname_lower );
- string_sub2(rename_script, "%unew", newname_lower, sizeof(pstring),
- True, False, True);
- string_sub2(rename_script, "%uold", oldname_lower, sizeof(pstring),
- True, False, True);
+ rename_script = realloc_string_sub2(rename_script,
+ "%unew",
+ newname_lower,
+ true,
+ true);
+ if (rename_script) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ rename_script = realloc_string_sub2(rename_script,
+ "%uold",
+ oldname_lower,
+ true,
+ true);
rc = smbrun(rename_script, NULL);
- DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n",
+ DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n",
rename_script, rc));
+ SAFE_FREE(rename_script);
+
if (rc == 0) {
smb_nscd_flush_user_cache();
}
we need LDAP modification.
*********************************************************************/
-static BOOL element_is_set_or_changed(const struct samu *sampass,
+static bool element_is_set_or_changed(const struct samu *sampass,
enum pdb_elements element)
{
return (IS_SAM_SET(sampass, element) ||
int rc;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- pstring dn;
LDAPMod **mods = NULL;
int ldap_op = LDAP_MOD_REPLACE;
uint32 num_result;
const char **attr_list;
- char *escape_user;
+ char *escape_user = NULL;
const char *username = pdb_get_username(newpwd);
const DOM_SID *sid = pdb_get_user_sid(newpwd);
- pstring filter;
- fstring sid_string;
+ char *filter = NULL;
+ char *dn = NULL;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ TALLOC_CTX *ctx = talloc_init("ldapsam_add_sam_account");
+
+ if (!ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (!username || !*username) {
DEBUG(0, ("ldapsam_add_sam_account: Cannot add user without a username!\n"));
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fn_exit;
}
/* free this list after the second search or in case we exit on failure */
- attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
+ attr_list = get_userattr_list(ctx, ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_name (ldap_state, username, &result, attr_list);
if (rc != LDAP_SUCCESS) {
- TALLOC_FREE( attr_list );
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n",
username));
- ldap_msgfree(result);
- TALLOC_FREE( attr_list );
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
ldap_msgfree(result);
result = NULL;
if (element_is_set_or_changed(newpwd, PDB_USERSID)) {
- rc = ldapsam_get_ldap_user_by_sid(ldap_state,
- sid, &result);
+ rc = ldapsam_get_ldap_user_by_sid(ldap_state,
+ sid, &result);
if (rc == LDAP_SUCCESS) {
if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
- DEBUG(0,("ldapsam_add_sam_account: SID '%s' already in the base, with samba attributes\n",
- sid_to_string(sid_string, sid)));
- TALLOC_FREE( attr_list );
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ DEBUG(0,("ldapsam_add_sam_account: SID '%s' "
+ "already in the base, with samba "
+ "attributes\n", sid_string_dbg(sid)));
+ goto fn_exit;
}
ldap_msgfree(result);
+ result = NULL;
}
}
/* does the entry already exist but without a samba attributes?
we need to return the samba attributes here */
-
+
escape_user = escape_ldap_string_alloc( username );
- pstrcpy( filter, "(uid=%u)" );
- all_string_sub( filter, "%u", escape_user, sizeof(filter) );
- SAFE_FREE( escape_user );
+ filter = talloc_strdup(attr_list, "(uid=%u)");
+ if (!filter) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
+ filter = talloc_all_string_sub(attr_list, filter, "%u", escape_user);
+ if (!filter) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
+ SAFE_FREE(escape_user);
- rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr_list, &result);
if ( rc != LDAP_SUCCESS ) {
- TALLOC_FREE( attr_list );
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (num_result > 1) {
DEBUG (0, ("ldapsam_add_sam_account: More than one user with that uid exists: bailing out!\n"));
- TALLOC_FREE( attr_list );
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
-
+
/* Check if we need to update an existing entry */
if (num_result == 1) {
char *tmp;
-
+
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
- tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
+ tmp = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
if (!tmp) {
- TALLOC_FREE( attr_list );
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
- slprintf (dn, sizeof (dn) - 1, "%s", tmp);
+ dn = talloc_asprintf(ctx, "%s", tmp);
SAFE_FREE(tmp);
+ if (!dn) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
} else if (ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT) {
/* There might be a SID for this account already - say an idmap entry */
- pstr_sprintf(filter, "(&(%s=%s)(|(objectClass=%s)(objectClass=%s)))",
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
- sid_to_string(sid_string, sid),
- LDAP_OBJ_IDMAP_ENTRY,
- LDAP_OBJ_SID_ENTRY);
-
+ filter = talloc_asprintf(ctx,
+ "(&(%s=%s)(|(objectClass=%s)(objectClass=%s)))",
+ get_userattr_key2string(ldap_state->schema_ver,
+ LDAP_ATTR_USER_SID),
+ sid_string_talloc(ctx, sid),
+ LDAP_OBJ_IDMAP_ENTRY,
+ LDAP_OBJ_SID_ENTRY);
+ if (!filter) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
+
/* free old result before doing a new search */
if (result != NULL) {
ldap_msgfree(result);
result = NULL;
}
- rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
filter, attr_list, &result);
-
+
if ( rc != LDAP_SUCCESS ) {
- TALLOC_FREE( attr_list );
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
-
+
num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (num_result > 1) {
DEBUG (0, ("ldapsam_add_sam_account: More than one user with specified Sid exists: bailing out!\n"));
- TALLOC_FREE( attr_list );
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
-
+
/* Check if we need to update an existing entry */
if (num_result == 1) {
char *tmp;
-
+
DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
if (!tmp) {
- TALLOC_FREE( attr_list );
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
- slprintf (dn, sizeof (dn) - 1, "%s", tmp);
+ dn = talloc_asprintf(ctx, "%s", tmp);
SAFE_FREE(tmp);
+ if (!dn) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
}
}
-
- TALLOC_FREE( attr_list );
if (num_result == 0) {
char *escape_username;
escape_username = escape_rdn_val_string_alloc(username);
if (!escape_username) {
- DEBUG(0, ("Out of memory!\n"));
- ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
}
if (username[strlen(username)-1] == '$') {
- slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_machine_suffix ());
+ dn = talloc_asprintf(ctx,
+ "uid=%s,%s",
+ escape_username,
+ lp_ldap_machine_suffix());
} else {
- slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_user_suffix ());
+ dn = talloc_asprintf(ctx,
+ "uid=%s,%s",
+ escape_username,
+ lp_ldap_user_suffix());
}
SAFE_FREE(escape_username);
+ if (!dn) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fn_exit;
+ }
}
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_set_or_changed)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
- ldap_msgfree(result);
- if (mods != NULL)
- ldap_mods_free(mods,True);
- return NT_STATUS_UNSUCCESSFUL;
+ if (mods != NULL) {
+ ldap_mods_free(mods, true);
+ }
+ goto fn_exit;
}
-
- ldap_msgfree(result);
if (mods == NULL) {
DEBUG(0,("ldapsam_add_sam_account: mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
- return NT_STATUS_UNSUCCESSFUL;
+ goto fn_exit;
}
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
- ldap_mods_free(mods, True);
- return ret;
+ ldap_mods_free(mods, true);
+ goto fn_exit;
}
DEBUG(2,("ldapsam_add_sam_account: added: uid == %s in the LDAP database\n", pdb_get_username(newpwd)));
- ldap_mods_free(mods, True);
-
- return NT_STATUS_OK;
+ ldap_mods_free(mods, true);
+
+ status = NT_STATUS_OK;
+
+ fn_exit:
+
+ TALLOC_FREE(ctx);
+ SAFE_FREE(escape_user);
+ if (result) {
+ ldap_msgfree(result);
+ }
+ return status;
}
/**********************************************************************
const char **attr_list;
attr_list = get_attr_list(NULL, groupmap_attr_list);
- rc = smbldap_search(ldap_state->smbldap_state,
+ rc = smbldap_search(ldap_state->smbldap_state,
lp_ldap_group_suffix (), scope,
filter, attr_list, 0, result);
TALLOC_FREE(attr_list);
/**********************************************************************
*********************************************************************/
-static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
+static bool init_group_from_ldap(struct ldapsam_privates *ldap_state,
GROUP_MAP *map, LDAPMessage *entry)
{
- pstring temp;
+ char *temp = NULL;
+ TALLOC_CTX *ctx = talloc_init("init_group_from_ldap");
if (ldap_state == NULL || map == NULL || entry == NULL ||
ldap_state->smbldap_state->ldap_struct == NULL) {
DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n"));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp)) {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_GIDNUMBER),
+ ctx);
+ if (!temp) {
DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER)));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
DEBUG(2, ("init_group_from_ldap: Entry found for group: %s\n", temp));
map->gid = (gid_t)atol(temp);
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp)) {
+ TALLOC_FREE(temp);
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_GROUP_SID),
+ ctx);
+ if (!temp) {
DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID)));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
-
+
if (!string_to_sid(&map->sid, temp)) {
DEBUG(1, ("SID string [%s] could not be read as a valid SID\n", temp));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) {
+ TALLOC_FREE(temp);
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_GROUP_TYPE),
+ ctx);
+ if (!temp) {
DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE)));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
map->sid_name_use = (enum lsa_SidType)atol(temp);
if ((map->sid_name_use < SID_NAME_USER) ||
(map->sid_name_use > SID_NAME_UNKNOWN)) {
DEBUG(0, ("init_group_from_ldap: Unknown Group type: %d\n", map->sid_name_use));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp)) {
- temp[0] = '\0';
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string( groupmap_attr_list, LDAP_ATTR_CN), temp))
- {
+ TALLOC_FREE(temp);
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_DISPLAY_NAME),
+ ctx);
+ if (!temp) {
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_CN),
+ ctx);
+ if (!temp) {
DEBUG(0, ("init_group_from_ldap: Attributes cn not found either \
for gidNumber(%lu)\n",(unsigned long)map->gid));
- return False;
+ TALLOC_FREE(ctx);
+ return false;
}
}
fstrcpy(map->nt_name, temp);
- if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
- get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp)) {
- temp[0] = '\0';
+ TALLOC_FREE(temp);
+ temp = smbldap_talloc_single_attribute(
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ get_attr_key2string(groupmap_attr_list,
+ LDAP_ATTR_DESC),
+ ctx);
+ if (!temp) {
+ temp = talloc_strdup(ctx, "");
+ if (!temp) {
+ TALLOC_FREE(ctx);
+ return false;
+ }
}
fstrcpy(map->comment, temp);
- if (lp_parm_bool(-1, "ldapsam", "trusted", False)) {
+ if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
store_gid_sid_cache(&map->sid, map->gid);
}
- return True;
+ TALLOC_FREE(ctx);
+ return true;
}
/**********************************************************************
count = ldap_count_entries(priv2ld(ldap_state), result);
if (count < 1) {
- DEBUG(4, ("ldapsam_getgroup: Did not find group\n"));
+ DEBUG(4, ("ldapsam_getgroup: Did not find group, filter was "
+ "%s\n", filter));
ldap_msgfree(result);
return NT_STATUS_NO_SUCH_GROUP;
}
static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid)
{
- pstring filter;
+ char *filter = NULL;
+ NTSTATUS status;
+ fstring tmp;
- pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_GROUPMAP,
+ if (asprintf(&filter, "(&(objectClass=%s)(%s=%s))",
+ LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID),
- sid_string_static(&sid));
+ sid_to_fstring(tmp, &sid)) < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
- return ldapsam_getgroup(methods, filter, map);
+ status = ldapsam_getgroup(methods, filter, map);
+ SAFE_FREE(filter);
+ return status;
}
/**********************************************************************
static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid)
{
- pstring filter;
+ char *filter = NULL;
+ NTSTATUS status;
- pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))",
+ if (asprintf(&filter, "(&(objectClass=%s)(%s=%lu))",
LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER),
- (unsigned long)gid);
+ (unsigned long)gid) < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
- return ldapsam_getgroup(methods, filter, map);
+ status = ldapsam_getgroup(methods, filter, map);
+ SAFE_FREE(filter);
+ return status;
}
/**********************************************************************
static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
const char *name)
{
- pstring filter;
+ char *filter = NULL;
char *escape_name = escape_ldap_string_alloc(name);
+ NTSTATUS status;
if (!escape_name) {
return NT_STATUS_NO_MEMORY;
}
- pstr_sprintf(filter, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))",
+ if (asprintf(&filter, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))",
LDAP_OBJ_GROUPMAP,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name,
- get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN), escape_name);
+ get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN),
+ escape_name) < 0) {
+ SAFE_FREE(escape_name);
+ return NT_STATUS_NO_MEMORY;
+ }
SAFE_FREE(escape_name);
-
- return ldapsam_getgroup(methods, filter, map);
+ status = ldapsam_getgroup(methods, filter, map);
+ SAFE_FREE(filter);
+ return status;
}
-static BOOL ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
+static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct,
LDAPMessage *entry,
const DOM_SID *domain_sid,
uint32 *rid)
if (sid_compare_domain(&sid, domain_sid) != 0) {
DEBUG(10, ("SID %s is not in expected domain %s\n",
- str, sid_string_static(domain_sid)));
+ str, sid_string_dbg(domain_sid)));
return False;
}
"(sambaSID=%s))",
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP,
- sid_string_static(group));
+ sid_string_talloc(mem_ctx, group));
if (filter == NULL) {
ret = NT_STATUS_NO_MEMORY;
goto done;
if (count > 1) {
DEBUG(1, ("Found more than one groupmap entry for %s\n",
- sid_string_static(group)));
+ sid_string_dbg(group)));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto done;
}
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
LDAP_OBJ_SAMBASAMACCOUNT,
gidstr);
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
&result);
goto done;
}
- rc = smbldap_search(conn, lp_ldap_user_suffix(),
+ rc = smbldap_search(conn, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
if (rc != LDAP_SUCCESS)
/* This sid will be replaced later */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
ret = NT_STATUS_NO_MEMORY;
goto done;
}
- if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
- &num_sids)) {
- ret = NT_STATUS_NO_MEMORY;
+ ret = add_sid_to_array_unique(mem_ctx, &sid, pp_sids,
+ &num_sids);
+ if (!NT_STATUS_IS_OK(ret)) {
goto done;
}
}
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass",
"sambaGroupMapping");
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid",
- sid_string_static(&map->sid));
+ sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType",
talloc_asprintf(mem_ctx, "%d", map->sid_name_use));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName",
}
filter = talloc_asprintf(mem_ctx, "(sambaSid=%s)",
- sid_string_static(&map->sid));
+ sid_string_talloc(mem_ctx, &map->sid));
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
(ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) > 0)) {
DEBUG(3, ("SID %s already present in LDAP, refusing to add "
- "group mapping entry\n",
- sid_string_static(&map->sid)));
+ "group mapping entry\n", sid_string_dbg(&map->sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
&& !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
- sid_string_static(&map->sid)));
+ sid_string_dbg(&map->sid)));
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
if (pdb_gid_to_sid(map->gid, &sid)) {
DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to "
- "add\n", map->gid, sid_string_static(&sid)));
+ "add\n", map->gid, sid_string_dbg(&sid)));
result = NT_STATUS_GROUP_EXISTS;
goto done;
}
* the best we can get out of LDAP. */
dn = talloc_asprintf(mem_ctx, "sambaSid=%s,%s",
- sid_string_static(&map->sid),
+ sid_string_talloc(mem_ctx, &map->sid),
lp_ldap_group_suffix());
if (dn == NULL) {
result = NT_STATUS_NO_MEMORY;
"sambaGroupMapping");
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid",
- sid_string_static(&map->sid));
+ sid_string_talloc(mem_ctx, &map->sid));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType",
talloc_asprintf(mem_ctx, "%d", map->sid_name_use));
smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "displayName",
"(sambaSid=%s)(gidNumber=%u)"
"(sambaGroupType=%d))",
LDAP_OBJ_GROUPMAP,
- sid_string_static(&map->sid), map->gid,
- map->sid_name_use);
+ sid_string_talloc(mem_ctx, &map->sid),
+ map->gid, map->sid_name_use);
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))",
LDAP_OBJ_GROUPMAP, LDAP_ATTRIBUTE_SID,
- sid_string_static(&sid));
+ sid_string_talloc(mem_ctx, &sid));
if (filter == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
*********************************************************************/
static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods,
- BOOL update)
+ bool update)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)my_methods->private_data;
- fstring filter;
+ char *filter = NULL;
int rc;
const char **attr_list;
- pstr_sprintf( filter, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
+ filter = talloc_asprintf(NULL, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
+ if (!filter) {
+ return NT_STATUS_NO_MEMORY;
+ }
attr_list = get_attr_list( NULL, groupmap_attr_list );
rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
LDAP_SCOPE_SUBTREE, filter,
lp_ldap_group_suffix(), filter));
ldap_msgfree(ldap_state->result);
ldap_state->result = NULL;
+ TALLOC_FREE(filter);
return NT_STATUS_UNSUCCESSFUL;
}
+ TALLOC_FREE(filter);
+
DEBUG(2, ("ldapsam_setsamgrent: %d entries in the base!\n",
ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
ldap_state->result)));
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)my_methods->private_data;
- BOOL bret = False;
+ bool bret = False;
while (!bret) {
if (!ldap_state->entry)
const DOM_SID *domsid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap,
size_t *p_num_entries,
- BOOL unix_only)
+ bool unix_only)
{
GROUP_MAP map;
size_t entries = 0;
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
- char *dn;
+ char *dn = NULL;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
int count;
LDAPMod **mods = NULL;
int rc;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
- pstring filter;
+ char *filter = NULL;
if (sid_check_is_in_builtin(alias)) {
type = SID_NAME_ALIAS;
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_static(alias)));
+ sid_string_dbg(alias)));
return NT_STATUS_NO_SUCH_ALIAS;
}
- pstr_sprintf(filter,
+ if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
- type);
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
+ type) < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (ldapsam_search_one_group(ldap_state, filter,
- &result) != LDAP_SUCCESS)
+ &result) != LDAP_SUCCESS) {
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
result);
if (count < 1) {
DEBUG(4, ("ldapsam_modify_aliasmem: Did not find alias\n"));
ldap_msgfree(result);
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
}
DEBUG(1, ("ldapsam_modify_aliasmem: Duplicate entries for "
"filter %s: count=%d\n", filter, count));
ldap_msgfree(result);
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
}
+ SAFE_FREE(filter);
+
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
result);
smbldap_set_mod(&mods, modop,
get_attr_key2string(groupmap_attr_list,
LDAP_ATTR_SID_LIST),
- sid_string_static(member));
+ sid_to_fstring(tmp, member));
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
int count;
- char **values;
+ char **values = NULL;
int i;
- pstring filter;
+ char *filter = NULL;
size_t num_members = 0;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ fstring tmp;
*pp_members = NULL;
*p_num_members = 0;
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n",
- sid_string_static(alias)));
+ sid_string_dbg(alias)));
return NT_STATUS_NO_SUCH_ALIAS;
}
- pstr_sprintf(filter,
+ if (asprintf(&filter,
"(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))",
- LDAP_OBJ_GROUPMAP, sid_string_static(alias),
- type);
+ LDAP_OBJ_GROUPMAP, sid_to_fstring(tmp, alias),
+ type) < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (ldapsam_search_one_group(ldap_state, filter,
- &result) != LDAP_SUCCESS)
+ &result) != LDAP_SUCCESS) {
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
result);
if (count < 1) {
DEBUG(4, ("ldapsam_enum_aliasmem: Did not find alias\n"));
ldap_msgfree(result);
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
}
DEBUG(1, ("ldapsam_enum_aliasmem: Duplicate entries for "
"filter %s: count=%d\n", filter, count));
ldap_msgfree(result);
+ SAFE_FREE(filter);
return NT_STATUS_NO_SUCH_ALIAS;
}
+ SAFE_FREE(filter);
+
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
result);
for (i=0; i<count; i++) {
DOM_SID member;
+ NTSTATUS status;
if (!string_to_sid(&member, values[i]))
continue;
- if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) {
+ status = add_sid_to_array(NULL, &member, pp_members,
+ &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
ldap_value_free(values);
ldap_msgfree(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
if (type == SID_NAME_USE_NONE) {
DEBUG(5, ("SID %s is neither builtin nor domain!\n",
- sid_string_static(domain_sid)));
+ sid_string_dbg(domain_sid)));
return NT_STATUS_UNSUCCESSFUL;
}
for (i=0; i<num_members; i++)
filter = talloc_asprintf(mem_ctx, "%s(sambaSIDList=%s)",
filter,
- sid_string_static(&members[i]));
+ sid_string_talloc(mem_ctx,
+ &members[i]));
filter = talloc_asprintf(mem_ctx, "%s))", filter);
NTSTATUS result = NT_STATUS_NO_MEMORY;
TALLOC_CTX *mem_ctx;
LDAP *ld;
- BOOL is_builtin;
+ bool is_builtin;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
for (i=0; i<num_rids; i++) {
DOM_SID sid;
sid_compose(&sid, domain_sid, rids[i]);
- allsids = talloc_asprintf_append_buffer(allsids, "(sambaSid=%s)",
- sid_string_static(&sid));
+ allsids = talloc_asprintf_append_buffer(
+ allsids, "(sambaSid=%s)",
+ sid_string_talloc(mem_ctx, &sid));
if (allsids == NULL) {
goto done;
}
void *pagedresults_cookie;
LDAPMessage *entries, *current_entry;
- BOOL (*ldap2displayentry)(struct ldap_search_state *state,
+ bool (*ldap2displayentry)(struct ldap_search_state *state,
TALLOC_CTX *mem_ctx,
LDAP *ld, LDAPMessage *entry,
struct samr_displayentry *result);
};
-static BOOL ldapsam_search_firstpage(struct pdb_search *search)
+static bool ldapsam_search_firstpage(struct pdb_search *search)
{
struct ldap_search_state *state =
(struct ldap_search_state *)search->private_data;
return True;
}
-static BOOL ldapsam_search_nextpage(struct pdb_search *search)
+static bool ldapsam_search_nextpage(struct pdb_search *search)
{
struct ldap_search_state *state =
(struct ldap_search_state *)search->private_data;
return True;
}
-static BOOL ldapsam_search_next_entry(struct pdb_search *search,
+static bool ldapsam_search_next_entry(struct pdb_search *search,
struct samr_displayentry *entry)
{
struct ldap_search_state *state =
(struct ldap_search_state *)search->private_data;
- BOOL result;
+ bool result;
retry:
if ((state->entries == NULL) && (state->pagedresults_cookie == NULL))
return;
}
-static BOOL ldapuser2displayentry(struct ldap_search_state *state,
+static bool ldapuser2displayentry(struct ldap_search_state *state,
TALLOC_CTX *mem_ctx,
LDAP *ld, LDAPMessage *entry,
struct samr_displayentry *result)
if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)) {
DEBUG(0, ("sid %s does not belong to our domain\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return False;
}
}
-static BOOL ldapsam_search_users(struct pdb_methods *methods,
+static bool ldapsam_search_users(struct pdb_methods *methods,
struct pdb_search *search,
uint32 acct_flags)
{
return ldapsam_search_firstpage(search);
}
-static BOOL ldapgroup2displayentry(struct ldap_search_state *state,
+static bool ldapgroup2displayentry(struct ldap_search_state *state,
TALLOC_CTX *mem_ctx,
LDAP *ld, LDAPMessage *entry,
struct samr_displayentry *result)
&& !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
{
DEBUG(0, ("%s is not in our domain\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return False;
}
break;
return True;
}
-static BOOL ldapsam_search_grouptype(struct pdb_methods *methods,
+static bool ldapsam_search_grouptype(struct pdb_methods *methods,
struct pdb_search *search,
const DOM_SID *sid,
enum lsa_SidType type)
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
+ fstring tmp;
state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
if (state == NULL) {
state->filter = talloc_asprintf(search->mem_ctx,
"(&(objectclass=sambaGroupMapping)"
"(sambaGroupType=%d)(sambaSID=%s*))",
- type, sid_string_static(sid));
+ type, sid_to_fstring(tmp, sid));
state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid",
"displayName", "description",
"sambaGroupType", NULL);
return ldapsam_search_firstpage(search);
}
-static BOOL ldapsam_search_groups(struct pdb_methods *methods,
+static bool ldapsam_search_groups(struct pdb_methods *methods,
struct pdb_search *search)
{
return ldapsam_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP);
}
-static BOOL ldapsam_search_aliases(struct pdb_methods *methods,
+static bool ldapsam_search_aliases(struct pdb_methods *methods,
struct pdb_search *search,
const DOM_SID *sid)
{
return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS);
}
-static BOOL ldapsam_rid_algorithm(struct pdb_methods *methods)
+static bool ldapsam_rid_algorithm(struct pdb_methods *methods)
{
return False;
}
return NT_STATUS_ACCESS_DENIED;
}
-static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)
+static bool ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)
{
NTSTATUS result = ldapsam_new_rid_internal(methods, rid);
return NT_STATUS_IS_OK(result) ? True : False;
}
-static BOOL ldapsam_sid_to_id(struct pdb_methods *methods,
+static bool ldapsam_sid_to_id(struct pdb_methods *methods,
const DOM_SID *sid,
union unid_t *id, enum lsa_SidType *type)
{
NULL };
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- BOOL ret = False;
+ bool ret = False;
char *value;
int rc;
filter = talloc_asprintf(mem_ctx,
"(&(sambaSid=%s)"
"(|(objectClass=%s)(objectClass=%s)))",
- sid_string_static(sid),
+ sid_string_talloc(mem_ctx, sid),
LDAP_OBJ_GROUPMAP, LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) {
DEBUG(5, ("talloc_asprintf failed\n"));
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
uint32 num_result;
- BOOL is_machine = False;
- BOOL add_posix = False;
+ bool is_machine = False;
+ bool add_posix = False;
LDAPMod **mods = NULL;
struct samu *user;
char *filter;
LDAPMessage *entry = NULL;
LDAPMessage *result = NULL;
uint32 num_result;
- BOOL is_new_entry = False;
+ bool is_new_entry = False;
LDAPMod **mods = NULL;
char *filter;
char *groupsidstr;
sid_compose(&group_sid, get_global_sam_sid(), *rid);
- groupsidstr = talloc_strdup(tmp_ctx, sid_string_static(&group_sid));
+ groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,
+ &group_sid));
grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);
if (!groupsidstr || !grouptype) {
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
- sid_string_static(&group_sid),
+ sid_string_talloc(tmp_ctx, &group_sid),
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP);
if (filter == NULL) {
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
- sid_string_static(&member_sid),
+ sid_string_talloc(tmp_ctx, &member_sid),
LDAP_OBJ_POSIXACCOUNT,
LDAP_OBJ_SAMBASAMACCOUNT);
if (filter == NULL) {
}
if (user_gid == group_gid) {
- DEBUG (3, ("ldapsam_change_groupmem: can't remove user from it's own primary group!\n"));
+ DEBUG (3, ("ldapsam_change_groupmem: can't remove user from its own primary group!\n"));
return NT_STATUS_MEMBERS_PRIMARY_GROUP;
}
}
"(&(sambaSID=%s)"
"(objectClass=%s)"
"(objectClass=%s))",
- sid_string_static(&group_sid),
+ sid_string_talloc(tmp_ctx, &group_sid),
LDAP_OBJ_POSIXGROUP,
LDAP_OBJ_GROUPMAP);
ldap_state->domain_dn);
}
-static BOOL get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
const char *domain, LDAPMessage **entry)
{
int rc;
return True;
}
-static BOOL ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
+static bool ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
const char *domain,
char** pwd,
DOM_SID *sid,
return True;
}
-static BOOL ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
+static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
const char* domain,
const char* pwd,
const DOM_SID *sid)
return True;
}
-static BOOL ldapsam_del_trusteddom_pw(struct pdb_methods *methods,
+static bool ldapsam_del_trusteddom_pw(struct pdb_methods *methods,
const char *domain)
{
int rc;
(*pdb_method)->name = "ldapsam";
- (*pdb_method)->setsampwent = ldapsam_setsampwent;
- (*pdb_method)->endsampwent = ldapsam_endsampwent;
- (*pdb_method)->getsampwent = ldapsam_getsampwent;
(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
(*pdb_method)->getsampwsid = ldapsam_getsampwsid;
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
{
NTSTATUS nt_status;
- struct ldapsam_privates *ldap_state;
+ struct ldapsam_privates *ldap_state = NULL;
uint32 alg_rid_base;
- pstring alg_rid_base_string;
+ char *alg_rid_base_string = NULL;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
DOM_SID ldap_domain_sid;
DOM_SID secrets_domain_sid;
- pstring domain_sid_string;
- char *dn;
+ char *domain_sid_string = NULL;
+ char *dn = NULL;
char *uri = talloc_strdup( NULL, location );
trim_char( uri, '\"', '\"' );
nt_status = pdb_init_ldapsam_common(pdb_method, uri);
- if ( uri )
- TALLOC_FREE( uri );
+ if (uri) {
+ TALLOC_FREE(uri);
+ }
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
ldapsam_enum_group_memberships;
(*pdb_method)->lookup_rids = ldapsam_lookup_rids;
(*pdb_method)->sid_to_id = ldapsam_sid_to_id;
-
+
if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
(*pdb_method)->create_user = ldapsam_create_user;
(*pdb_method)->delete_user = ldapsam_delete_user;
ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT;
/* Try to setup the Domain Name, Domain SID, algorithmic rid base */
-
+
nt_status = smbldap_search_domain_info(ldap_state->smbldap_state,
- &result,
+ &result,
ldap_state->domain_name, True);
-
+
if ( !NT_STATUS_IS_OK(nt_status) ) {
DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain "
"info, nor add one to the domain\n"));
/* Given that the above might fail, everything below this must be
* optional */
-
+
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
result);
if (!entry) {
ldap_state->domain_dn = smb_xstrdup(dn);
ldap_memfree(dn);
- if (smbldap_get_single_pstring(
+ domain_sid_string = smbldap_talloc_single_attribute(
ldap_state->smbldap_state->ldap_struct,
- entry,
+ entry,
get_userattr_key2string(ldap_state->schema_ver,
- LDAP_ATTR_USER_SID),
- domain_sid_string)) {
- BOOL found_sid;
+ LDAP_ATTR_USER_SID),
+ talloc_tos());
+
+ if (domain_sid_string) {
+ bool found_sid;
if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) {
DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be "
"read as a valid SID\n", domain_sid_string));
ldap_msgfree(result);
+ TALLOC_FREE(domain_sid_string);
return NT_STATUS_INVALID_PARAMETER;
}
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,
&secrets_domain_sid);
if (!found_sid || !sid_equal(&secrets_domain_sid,
&ldap_domain_sid)) {
- fstring new_sid_str, old_sid_str;
DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain "
"%s based on pdb_ldap results %s -> %s\n",
ldap_state->domain_name,
- sid_to_string(old_sid_str,
- &secrets_domain_sid),
- sid_to_string(new_sid_str,
- &ldap_domain_sid)));
-
+ sid_string_dbg(&secrets_domain_sid),
+ sid_string_dbg(&ldap_domain_sid)));
+
/* reset secrets.tdb sid */
secrets_store_domain_sid(ldap_state->domain_name,
&ldap_domain_sid);
DEBUG(1, ("New global sam SID: %s\n",
- sid_to_string(new_sid_str,
- get_global_sam_sid())));
+ sid_string_dbg(get_global_sam_sid())));
}
sid_copy(&ldap_state->domain_sid, &ldap_domain_sid);
+ TALLOC_FREE(domain_sid_string);
}
- if (smbldap_get_single_pstring(
+ alg_rid_base_string = smbldap_talloc_single_attribute(
ldap_state->smbldap_state->ldap_struct,
- entry,
+ entry,
get_attr_key2string( dominfo_attr_list,
LDAP_ATTR_ALGORITHMIC_RID_BASE ),
- alg_rid_base_string)) {
+ talloc_tos());
+ if (alg_rid_base_string) {
alg_rid_base = (uint32)atol(alg_rid_base_string);
if (alg_rid_base != algorithmic_rid_base()) {
DEBUG(0, ("The value of 'algorithmic RID base' has "
"changed since the LDAP\n"
"database was initialised. Aborting. \n"));
ldap_msgfree(result);
+ TALLOC_FREE(alg_rid_base_string);
return NT_STATUS_UNSUCCESSFUL;
}
+ TALLOC_FREE(alg_rid_base_string);
}
ldap_msgfree(result);
git.samba.org / samba.git / blobdiff