From: Matthieu Patou Date: Sun, 15 Apr 2012 19:37:00 +0000 (-0700) Subject: s4: use enums instead of strings it's cheaper X-Git-Url: http://git.samba.org/?p=mat%2Fsamba.git;a=commitdiff_plain;h=562b50f92f8a1c521a581a6b986444d52843a9bc s4: use enums instead of strings it's cheaper --- diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d8f68c884b..9f5f2c988f 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -42,6 +42,12 @@ #include "libds/common/flag_mapping.h" struct samldb_ctx; +enum samldb_add_type { + SAMLDB_TYPE_USER, + SAMLDB_TYPE_GROUP, + SAMLDB_TYPE_CLASS, + SAMLDB_TYPE_ATTRIBUTE +}; typedef int (*samldb_step_fn_t)(struct samldb_ctx *); @@ -55,7 +61,7 @@ struct samldb_ctx { struct ldb_request *req; /* used for add operations */ - const char *type; + enum samldb_add_type type; /* the resulting message */ struct ldb_message *msg; @@ -581,162 +587,172 @@ static int samldb_fill_object(struct samldb_ctx *ac) int ret; /* Add information for the different account types */ - if (strcmp(ac->type, "user") == 0) { - struct ldb_control *rodc_control = ldb_request_get_control(ac->req, - LDB_CONTROL_RODC_DCPROMO_OID); - if (rodc_control != NULL) { - /* see [MS-ADTS] 3.1.1.3.4.1.23 LDAP_SERVER_RODC_DCPROMO_OID */ - rodc_control->critical = false; - ret = samldb_add_step(ac, samldb_rodc_add); - if (ret != LDB_SUCCESS) return ret; - } - - /* check if we have a valid sAMAccountName */ - ret = samldb_add_step(ac, samldb_check_sAMAccountName); - if (ret != LDB_SUCCESS) return ret; + switch(ac->type) { + case SAMLDB_TYPE_USER: { + struct ldb_control *rodc_control = ldb_request_get_control(ac->req, + LDB_CONTROL_RODC_DCPROMO_OID); + if (rodc_control != NULL) { + /* see [MS-ADTS] 3.1.1.3.4.1.23 LDAP_SERVER_RODC_DCPROMO_OID */ + rodc_control->critical = false; + ret = samldb_add_step(ac, samldb_rodc_add); + if (ret != LDB_SUCCESS) return ret; + } - ret = samldb_add_step(ac, samldb_add_entry); - if (ret != LDB_SUCCESS) return ret; + /* check if we have a valid sAMAccountName */ + ret = samldb_add_step(ac, samldb_check_sAMAccountName); + if (ret != LDB_SUCCESS) return ret; - } else if (strcmp(ac->type, "group") == 0) { - /* check if we have a valid sAMAccountName */ - ret = samldb_add_step(ac, samldb_check_sAMAccountName); - if (ret != LDB_SUCCESS) return ret; + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + break; + } - ret = samldb_add_step(ac, samldb_add_entry); - if (ret != LDB_SUCCESS) return ret; + case SAMLDB_TYPE_GROUP: { + /* check if we have a valid sAMAccountName */ + ret = samldb_add_step(ac, samldb_check_sAMAccountName); + if (ret != LDB_SUCCESS) return ret; - } else if (strcmp(ac->type, "classSchema") == 0) { - const struct ldb_val *rdn_value, *def_obj_cat_val; + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + break; + } - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "rdnAttId", "cn"); - if (ret != LDB_SUCCESS) return ret; + case SAMLDB_TYPE_CLASS: { + const struct ldb_val *rdn_value, *def_obj_cat_val; - /* do not allow to mark an attributeSchema as RODC filtered if it - * is system-critical */ - if (check_rodc_critical_attribute(ac->msg)) { - ldb_asprintf_errstring(ldb, "Refusing schema add of %s - cannot combine critical class with RODC filtering", - ldb_dn_get_linearized(ac->msg->dn)); - return LDB_ERR_UNWILLING_TO_PERFORM; - } + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "rdnAttId", "cn"); + if (ret != LDB_SUCCESS) return ret; - rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); - if (rdn_value == NULL) { - return ldb_operr(ldb); - } - if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) { - /* the RDN has prefix "CN" */ - ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName", - samdb_cn_to_lDAPDisplayName(ac->msg, - (const char *) rdn_value->data)); - if (ret != LDB_SUCCESS) { - ldb_oom(ldb); - return ret; + /* do not allow to mark an attributeSchema as RODC filtered if it + * is system-critical */ + if (check_rodc_critical_attribute(ac->msg)) { + ldb_asprintf_errstring(ldb, "Refusing schema add of %s - cannot combine critical class with RODC filtering", + ldb_dn_get_linearized(ac->msg->dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; } - } - if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { - struct GUID guid; - /* a new GUID */ - guid = GUID_random(); - ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID"); - if (ret != LDB_SUCCESS) { - ldb_oom(ldb); - return ret; + rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); + if (rdn_value == NULL) { + return ldb_operr(ldb); + } + if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) { + /* the RDN has prefix "CN" */ + ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName", + samdb_cn_to_lDAPDisplayName(ac->msg, + (const char *) rdn_value->data)); + if (ret != LDB_SUCCESS) { + ldb_oom(ldb); + return ret; + } } - } - def_obj_cat_val = ldb_msg_find_ldb_val(ac->msg, - "defaultObjectCategory"); - if (def_obj_cat_val != NULL) { - /* "defaultObjectCategory" has been set by the caller. - * Do some checks for consistency. - * NOTE: The real constraint check (that - * 'defaultObjectCategory' is the DN of the new - * objectclass or any parent of it) is still incomplete. - * For now we say that 'defaultObjectCategory' is valid - * if it exists and it is of objectclass "classSchema". - */ - ac->dn = ldb_dn_from_ldb_val(ac, ldb, def_obj_cat_val); - if (ac->dn == NULL) { - ldb_set_errstring(ldb, - "Invalid DN for 'defaultObjectCategory'!"); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { + struct GUID guid; + /* a new GUID */ + guid = GUID_random(); + ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID"); + if (ret != LDB_SUCCESS) { + ldb_oom(ldb); + return ret; + } } - } else { - /* "defaultObjectCategory" has not been set by the - * caller. Use the entry DN for it. */ - ac->dn = ac->msg->dn; - ret = ldb_msg_add_string(ac->msg, "defaultObjectCategory", - ldb_dn_alloc_linearized(ac->msg, ac->dn)); - if (ret != LDB_SUCCESS) { - ldb_oom(ldb); - return ret; + def_obj_cat_val = ldb_msg_find_ldb_val(ac->msg, + "defaultObjectCategory"); + if (def_obj_cat_val != NULL) { + /* "defaultObjectCategory" has been set by the caller. + * Do some checks for consistency. + * NOTE: The real constraint check (that + * 'defaultObjectCategory' is the DN of the new + * objectclass or any parent of it) is still incomplete. + * For now we say that 'defaultObjectCategory' is valid + * if it exists and it is of objectclass "classSchema". + */ + ac->dn = ldb_dn_from_ldb_val(ac, ldb, def_obj_cat_val); + if (ac->dn == NULL) { + ldb_set_errstring(ldb, + "Invalid DN for 'defaultObjectCategory'!"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + } else { + /* "defaultObjectCategory" has not been set by the + * caller. Use the entry DN for it. */ + ac->dn = ac->msg->dn; + + ret = ldb_msg_add_string(ac->msg, "defaultObjectCategory", + ldb_dn_alloc_linearized(ac->msg, ac->dn)); + if (ret != LDB_SUCCESS) { + ldb_oom(ldb); + return ret; + } } - } - ret = samldb_add_step(ac, samldb_add_entry); - if (ret != LDB_SUCCESS) return ret; + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; - /* Now perform the checks for the 'defaultObjectCategory'. The - * lookup DN was already saved in "ac->dn" */ - ret = samldb_add_step(ac, samldb_find_for_defaultObjectCategory); - if (ret != LDB_SUCCESS) return ret; + /* Now perform the checks for the 'defaultObjectCategory'. The + * lookup DN was already saved in "ac->dn" */ + ret = samldb_add_step(ac, samldb_find_for_defaultObjectCategory); + if (ret != LDB_SUCCESS) return ret; + break; + } - } else if (strcmp(ac->type, "attributeSchema") == 0) { - const struct ldb_val *rdn_value; - rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); - if (rdn_value == NULL) { - return ldb_operr(ldb); - } - if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) { - /* the RDN has prefix "CN" */ - ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName", - samdb_cn_to_lDAPDisplayName(ac->msg, - (const char *) rdn_value->data)); - if (ret != LDB_SUCCESS) { - ldb_oom(ldb); - return ret; + case SAMLDB_TYPE_ATTRIBUTE: { + const struct ldb_val *rdn_value; + rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); + if (rdn_value == NULL) { + return ldb_operr(ldb); + } + if (!ldb_msg_find_element(ac->msg, "lDAPDisplayName")) { + /* the RDN has prefix "CN" */ + ret = ldb_msg_add_string(ac->msg, "lDAPDisplayName", + samdb_cn_to_lDAPDisplayName(ac->msg, + (const char *) rdn_value->data)); + if (ret != LDB_SUCCESS) { + ldb_oom(ldb); + return ret; + } } - } - /* do not allow to mark an attributeSchema as RODC filtered if it - * is system-critical */ - if (check_rodc_critical_attribute(ac->msg)) { - ldb_asprintf_errstring(ldb, - "samldb: refusing schema add of %s - cannot combine critical attribute with RODC filtering", - ldb_dn_get_linearized(ac->msg->dn)); - return LDB_ERR_UNWILLING_TO_PERFORM; - } + /* do not allow to mark an attributeSchema as RODC filtered if it + * is system-critical */ + if (check_rodc_critical_attribute(ac->msg)) { + ldb_asprintf_errstring(ldb, + "samldb: refusing schema add of %s - cannot combine critical attribute with RODC filtering", + ldb_dn_get_linearized(ac->msg->dn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + } - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "isSingleValued", "FALSE"); - if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "isSingleValued", "FALSE"); + if (ret != LDB_SUCCESS) return ret; - if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { - struct GUID guid; - /* a new GUID */ - guid = GUID_random(); - ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID"); - if (ret != LDB_SUCCESS) { - ldb_oom(ldb); - return ret; + if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { + struct GUID guid; + /* a new GUID */ + guid = GUID_random(); + ret = dsdb_msg_add_guid(ac->msg, &guid, "schemaIDGUID"); + if (ret != LDB_SUCCESS) { + ldb_oom(ldb); + return ret; + } } - } - /* handle msDS-IntID attribute */ - ret = samldb_add_handle_msDS_IntId(ac); - if (ret != LDB_SUCCESS) return ret; + /* handle msDS-IntID attribute */ + ret = samldb_add_handle_msDS_IntId(ac); + if (ret != LDB_SUCCESS) return ret; - ret = samldb_add_step(ac, samldb_add_entry); - if (ret != LDB_SUCCESS) return ret; + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + break; + } - } else { - ldb_asprintf_errstring(ldb, - "Invalid entry type!"); - return LDB_ERR_OPERATIONS_ERROR; + default: + ldb_asprintf_errstring(ldb, + "Invalid entry type!"); + return LDB_ERR_OPERATIONS_ERROR; + break; } return samldb_first_step(ac); @@ -862,195 +878,205 @@ static int samldb_objectclass_trigger(struct samldb_ctx *ac) if (ret != LDB_SUCCESS) return ret; } - if (strcmp(ac->type, "user") == 0) { - bool uac_generated = false; + switch(ac->type) { + case SAMLDB_TYPE_USER: { + bool uac_generated = false; - /* Step 1.2: Default values */ - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "accountExpires", "9223372036854775807"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "badPasswordTime", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "badPwdCount", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "codePage", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "countryCode", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "lastLogoff", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "lastLogon", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "logonCount", "0"); - if (ret != LDB_SUCCESS) return ret; - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "pwdLastSet", "0"); - if (ret != LDB_SUCCESS) return ret; + /* Step 1.2: Default values */ + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "accountExpires", "9223372036854775807"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "badPasswordTime", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "badPwdCount", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "codePage", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "countryCode", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "lastLogoff", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "lastLogon", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "logonCount", "0"); + if (ret != LDB_SUCCESS) return ret; + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "pwdLastSet", "0"); + if (ret != LDB_SUCCESS) return ret; - /* On add operations we might need to generate a - * "userAccountControl" (if it isn't specified). */ - el = ldb_msg_find_element(ac->msg, "userAccountControl"); - if ((el == NULL) && (ac->req->operation == LDB_ADD)) { - ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg, - "userAccountControl", - UF_NORMAL_ACCOUNT); - if (ret != LDB_SUCCESS) { - return ret; + /* On add operations we might need to generate a + * "userAccountControl" (if it isn't specified). */ + el = ldb_msg_find_element(ac->msg, "userAccountControl"); + if ((el == NULL) && (ac->req->operation == LDB_ADD)) { + ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg, + "userAccountControl", + UF_NORMAL_ACCOUNT); + if (ret != LDB_SUCCESS) { + return ret; + } + uac_generated = true; } - uac_generated = true; - } - el = ldb_msg_find_element(ac->msg, "userAccountControl"); - if (el != NULL) { - uint32_t user_account_control, account_type; + el = ldb_msg_find_element(ac->msg, "userAccountControl"); + if (el != NULL) { + uint32_t user_account_control, account_type; - /* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */ - user_account_control = ldb_msg_find_attr_as_uint(ac->msg, - "userAccountControl", - 0); + /* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */ + user_account_control = ldb_msg_find_attr_as_uint(ac->msg, + "userAccountControl", + 0); - /* Temporary duplicate accounts aren't allowed */ - if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) { - return LDB_ERR_OTHER; - } + /* Temporary duplicate accounts aren't allowed */ + if ((user_account_control & UF_TEMP_DUPLICATE_ACCOUNT) != 0) { + return LDB_ERR_OTHER; + } - /* Workstation and (read-only) DC objects do need objectclass "computer" */ - if ((samdb_find_attribute(ldb, ac->msg, - "objectclass", "computer") == NULL) && - (user_account_control & - (UF_SERVER_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT))) { - ldb_set_errstring(ldb, - "samldb: Requested account type does need objectclass 'computer'!"); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } + /* Workstation and (read-only) DC objects do need objectclass "computer" */ + if ((samdb_find_attribute(ldb, ac->msg, + "objectclass", "computer") == NULL) && + (user_account_control & + (UF_SERVER_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT))) { + ldb_set_errstring(ldb, + "samldb: Requested account type does need objectclass 'computer'!"); + return LDB_ERR_OBJECT_CLASS_VIOLATION; + } - account_type = ds_uf2atype(user_account_control); - if (account_type == 0) { - ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; - } - el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); - el2->flags = LDB_FLAG_MOD_REPLACE; - - /* "isCriticalSystemObject" might be set */ - if (user_account_control & - (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) { - ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject", - "TRUE"); - if (ret != LDB_SUCCESS) { - return ret; + account_type = ds_uf2atype(user_account_control); + if (account_type == 0) { + ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); + return LDB_ERR_UNWILLING_TO_PERFORM; } - el2 = ldb_msg_find_element(ac->msg, - "isCriticalSystemObject"); - el2->flags = LDB_FLAG_MOD_REPLACE; - } else if (user_account_control & UF_WORKSTATION_TRUST_ACCOUNT) { - ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject", - "FALSE"); + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, + "sAMAccountType", + account_type); if (ret != LDB_SUCCESS) { return ret; } - el2 = ldb_msg_find_element(ac->msg, - "isCriticalSystemObject"); + el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); el2->flags = LDB_FLAG_MOD_REPLACE; - } - - /* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */ - if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) { - uint32_t rid = ds_uf2prim_group_rid(user_account_control); - /* - * Older AD deployments don't know about the - * RODC group - */ - if (rid == DOMAIN_RID_READONLY_DCS) { - ret = samldb_prim_group_tester(ac, rid); + /* "isCriticalSystemObject" might be set */ + if (user_account_control & + (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT)) { + ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject", + "TRUE"); if (ret != LDB_SUCCESS) { return ret; } + el2 = ldb_msg_find_element(ac->msg, + "isCriticalSystemObject"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } else if (user_account_control & UF_WORKSTATION_TRUST_ACCOUNT) { + ret = ldb_msg_add_string(ac->msg, "isCriticalSystemObject", + "FALSE"); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(ac->msg, + "isCriticalSystemObject"); + el2->flags = LDB_FLAG_MOD_REPLACE; } - ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, - "primaryGroupID", rid); - if (ret != LDB_SUCCESS) { - return ret; - } - el2 = ldb_msg_find_element(ac->msg, - "primaryGroupID"); - el2->flags = LDB_FLAG_MOD_REPLACE; - } + /* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */ + if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) { + uint32_t rid = ds_uf2prim_group_rid(user_account_control); + + /* + * Older AD deployments don't know about the + * RODC group + */ + if (rid == DOMAIN_RID_READONLY_DCS) { + ret = samldb_prim_group_tester(ac, rid); + if (ret != LDB_SUCCESS) { + return ret; + } + } - /* Step 1.5: Add additional flags when needed */ - /* Obviously this is done when the "userAccountControl" - * has been generated here (tested against Windows - * Server) */ - if (uac_generated) { - user_account_control |= UF_ACCOUNTDISABLE; - user_account_control |= UF_PASSWD_NOTREQD; + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, + "primaryGroupID", rid); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(ac->msg, + "primaryGroupID"); + el2->flags = LDB_FLAG_MOD_REPLACE; + } - ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg, - "userAccountControl", - user_account_control); - if (ret != LDB_SUCCESS) { - return ret; + /* Step 1.5: Add additional flags when needed */ + /* Obviously this is done when the "userAccountControl" + * has been generated here (tested against Windows + * Server) */ + if (uac_generated) { + user_account_control |= UF_ACCOUNTDISABLE; + user_account_control |= UF_PASSWD_NOTREQD; + + ret = samdb_msg_set_uint(ldb, ac->msg, ac->msg, + "userAccountControl", + user_account_control); + if (ret != LDB_SUCCESS) { + return ret; + } } } - } - - } else if (strcmp(ac->type, "group") == 0) { - const char *tempstr; + break; + } + case SAMLDB_TYPE_GROUP: { + const char *tempstr; + + /* Step 2.2: Default values */ + tempstr = talloc_asprintf(ac->msg, "%d", + GTYPE_SECURITY_GLOBAL_GROUP); + if (tempstr == NULL) return ldb_operr(ldb); + ret = samdb_find_or_add_attribute(ldb, ac->msg, + "groupType", tempstr); + if (ret != LDB_SUCCESS) return ret; - /* Step 2.2: Default values */ - tempstr = talloc_asprintf(ac->msg, "%d", - GTYPE_SECURITY_GLOBAL_GROUP); - if (tempstr == NULL) return ldb_operr(ldb); - ret = samdb_find_or_add_attribute(ldb, ac->msg, - "groupType", tempstr); - if (ret != LDB_SUCCESS) return ret; + /* Step 2.3: "groupType" -> "sAMAccountType" */ + el = ldb_msg_find_element(ac->msg, "groupType"); + if (el != NULL) { + uint32_t group_type, account_type; - /* Step 2.3: "groupType" -> "sAMAccountType" */ - el = ldb_msg_find_element(ac->msg, "groupType"); - if (el != NULL) { - uint32_t group_type, account_type; + group_type = ldb_msg_find_attr_as_uint(ac->msg, + "groupType", 0); - group_type = ldb_msg_find_attr_as_uint(ac->msg, - "groupType", 0); + /* The creation of builtin groups requires the + * RELAX control */ + if (group_type == GTYPE_SECURITY_BUILTIN_LOCAL_GROUP) { + if (ldb_request_get_control(ac->req, + LDB_CONTROL_RELAX_OID) == NULL) { + return LDB_ERR_UNWILLING_TO_PERFORM; + } + } - /* The creation of builtin groups requires the - * RELAX control */ - if (group_type == GTYPE_SECURITY_BUILTIN_LOCAL_GROUP) { - if (ldb_request_get_control(ac->req, - LDB_CONTROL_RELAX_OID) == NULL) { + account_type = ds_gtype2atype(group_type); + if (account_type == 0) { + ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); return LDB_ERR_UNWILLING_TO_PERFORM; } + ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); + el2->flags = LDB_FLAG_MOD_REPLACE; } - - account_type = ds_gtype2atype(group_type); - if (account_type == 0) { - ldb_set_errstring(ldb, "samldb: Unrecognized account type!"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; + break; } - el2 = ldb_msg_find_element(ac->msg, "sAMAccountType"); - el2->flags = LDB_FLAG_MOD_REPLACE; - } + + default: + ldb_asprintf_errstring(ldb, + "Invalid entry type!"); + return LDB_ERR_OPERATIONS_ERROR; + break; } return LDB_SUCCESS; @@ -1967,7 +1993,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) if (samdb_find_attribute(ldb, ac->msg, "objectclass", "user") != NULL) { - ac->type = "user"; + ac->type = SAMLDB_TYPE_USER; ret = samldb_prim_group_trigger(ac); if (ret != LDB_SUCCESS) { @@ -1984,7 +2010,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) if (samdb_find_attribute(ldb, ac->msg, "objectclass", "group") != NULL) { - ac->type = "group"; + ac->type = SAMLDB_TYPE_GROUP; ret = samldb_objectclass_trigger(ac); if (ret != LDB_SUCCESS) { @@ -2009,7 +2035,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ret; } - ac->type = "classSchema"; + ac->type = SAMLDB_TYPE_CLASS; return samldb_fill_object(ac); } @@ -2021,7 +2047,7 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return ret; } - ac->type = "attributeSchema"; + ac->type = SAMLDB_TYPE_ATTRIBUTE; return samldb_fill_object(ac); }