diff options
author | Tim Potter <tpot@samba.org> | 2003-09-15 05:33:34 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2003-09-15 05:33:34 +0000 |
commit | ca3d5310ce1ae62a8d169b68416096fca67a5f62 (patch) | |
tree | dc50319c976dbc40985b6388e58bf9e80c42ba20 | |
parent | 5b5ed5a6dcc07b979f4386636a5430bfac39ad2a (diff) | |
download | samba-ca3d5310ce1ae62a8d169b68416096fca67a5f62.tar.gz samba-ca3d5310ce1ae62a8d169b68416096fca67a5f62.tar.bz2 samba-ca3d5310ce1ae62a8d169b68416096fca67a5f62.zip |
Merge from Samba 3.0:
>remove getpwnam() calls from init_sam_from_xxx().
>This means that %u & %g will no longer expand, but %U
>and %G still do. The payback is that winbindd local
>accounts for users work with 'wbinfo -u' when winbind
>is running on a PDC.
>Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting
>to/from utf8 for some calls. The libads code gets this right. Wonder why
>the passdb code doesn't use it ?
>Jeremy.
(This used to be commit 1e60bbff70efe3b5c306bc1ef560ee8032b1a852)
-rw-r--r-- | source3/passdb/pdb_ldap.c | 493 |
1 files changed, 226 insertions, 267 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 009425c5f6..e00631fb7d 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -99,7 +99,7 @@ struct ldapsam_privates { }; /********************************************************************** - Free a LDAPMessage (one is stored on the SAM_ACCOUNT) + Free a LDAPMessage (one is stored on the SAM_ACCOUNT). **********************************************************************/ static void private_data_free_fn(void **result) @@ -109,13 +109,12 @@ static void private_data_free_fn(void **result) } /********************************************************************** - get the attribute name given a user schame version + Get the attribute name given a user schame version. **********************************************************************/ static const char* get_userattr_key2string( int schema_ver, int key ) { - switch ( schema_ver ) - { + switch ( schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: return get_attr_key2string( attrib_map_v22, key ); @@ -130,13 +129,12 @@ static const char* get_userattr_key2string( int schema_ver, int key ) } /********************************************************************** - return the list of attribute names given a user schema version - **********************************************************************/ + Return the list of attribute names given a user schema version. +**********************************************************************/ static char** get_userattr_list( int schema_ver ) { - switch ( schema_ver ) - { + switch ( schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: return get_attr_list( attrib_map_v22 ); @@ -149,17 +147,17 @@ static char** get_userattr_list( int schema_ver ) return NULL; } + /******************************************************************* - generate the LDAP search filter for the objectclass based on the - version of the schema we are using - ******************************************************************/ + Generate the LDAP search filter for the objectclass based on the + version of the schema we are using. +******************************************************************/ static const char* get_objclass_filter( int schema_ver ) { static fstring objclass_filter; - switch( schema_ver ) - { + switch( schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT ); break; @@ -167,7 +165,7 @@ static const char* get_objclass_filter( int schema_ver ) fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBASAMACCOUNT ); break; default: - DEBUG(0,("pdb_ldapsam: get_objclass_filter(): Invalid schema version specified!\n")); + DEBUG(0,("get_objclass_filter: Invalid schema version specified!\n")); break; } @@ -175,8 +173,9 @@ static const char* get_objclass_filter( int schema_ver ) } /******************************************************************* - run the search by name. + Run the search by name. ******************************************************************/ + static int ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, const char *user, LDAPMessage ** result, char **attr) @@ -208,8 +207,9 @@ static int ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, } /******************************************************************* - run the search by rid. + Run the search by rid. ******************************************************************/ + static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state, uint32 rid, LDAPMessage ** result, char **attr) @@ -226,8 +226,9 @@ static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state, } /******************************************************************* - run the search by SID. + Run the search by SID. ******************************************************************/ + static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state, const DOM_SID *sid, LDAPMessage ** result, char **attr) @@ -250,6 +251,7 @@ static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state, Delete complete object or objectclass and attrs from object found in search_result depending on lp_ldap_delete_dn ******************************************************************/ + static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, LDAPMessage *result, const char *objectclass, @@ -264,22 +266,25 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, rc = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if (rc != 1) { - DEBUG(0, ("Entry must exist exactly once!\n")); + DEBUG(0, ("ldapsam_delete_entry: Entry must exist exactly once!\n")); return NT_STATUS_UNSUCCESSFUL; } entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + if (!dn) { + return NT_STATUS_UNSUCCESSFUL; + } if (lp_ldap_delete_dn()) { NTSTATUS ret = NT_STATUS_OK; rc = smbldap_delete(ldap_state->smbldap_state, dn); if (rc != LDAP_SUCCESS) { - DEBUG(0, ("Could not delete object %s\n", dn)); + DEBUG(0, ("ldapsam_delete_entry: Could not delete object %s\n", dn)); ret = NT_STATUS_UNSUCCESSFUL; } - ldap_memfree(dn); + SAFE_FREE(dn); return ret; } @@ -287,17 +292,15 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, for (name = ldap_first_attribute(ldap_state->smbldap_state->ldap_struct, entry, &ptr); name != NULL; - name = ldap_next_attribute(ldap_state->smbldap_state->ldap_struct, entry, ptr)) - { + name = ldap_next_attribute(ldap_state->smbldap_state->ldap_struct, entry, ptr)) { char **attrib; /* We are only allowed to delete the attributes that really exist. */ - for (attrib = attrs; *attrib != NULL; attrib++) - { + for (attrib = attrs; *attrib != NULL; attrib++) { if (StrCaseCmp(*attrib, name) == 0) { - DEBUG(10, ("deleting attribute %s\n", name)); + DEBUG(10, ("ldapsam_delete_entry: deleting attribute %s\n", name)); smbldap_set_mod(&mods, LDAP_MOD_DELETE, name, NULL); } } @@ -319,18 +322,17 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0, ("could not delete attributes for %s, error: %s (%s)\n", + DEBUG(0, ("ldapsam_delete_entry: Could not delete attributes for %s, error: %s (%s)\n", dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); - ldap_memfree(dn); + SAFE_FREE(dn); return NT_STATUS_UNSUCCESSFUL; } - ldap_memfree(dn); + SAFE_FREE(dn); return NT_STATUS_OK; } - /* New Interface is being implemented here */ #if 0 /* JERRY - not uesed anymore */ @@ -390,9 +392,10 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, #endif /********************************************************************** -Initialize SAM_ACCOUNT from an LDAP query -(Based on init_sam_from_buffer in pdb_tdb.c) + Initialize SAM_ACCOUNT from an LDAP query. + (Based on init_sam_from_buffer in pdb_tdb.c) *********************************************************************/ + static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, SAM_ACCOUNT * sampass, LDAPMessage * entry) @@ -422,9 +425,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, uint32 hours_len; uint8 hours[MAX_HOURS_LEN]; pstring temp; - struct passwd *pw = NULL; - uid_t uid = -1; - gid_t gid = -1; /* * do a little initialization @@ -453,19 +453,11 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "uid", username)) { - DEBUG(1, ("No uid attribute found for this user!\n")); + DEBUG(1, ("init_sam_from_ldap: No uid attribute found for this user!\n")); return False; } - DEBUG(2, ("Entry found for user: %s\n", username)); - - /* I'm not going to fail here, since there are checks - higher up the cal stack to do this --jerry */ - - if ( (pw=Get_Pwnam(username)) != NULL ) { - uid = pw->pw_uid; - gid = pw->pw_gid; - } + DEBUG(2, ("init_sam_from_ldap: Entry found for user: %s\n", username)); pstrcpy(nt_username, username); @@ -478,38 +470,27 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, /* deal with different attributes between the schema first */ - if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) - { + if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) { if (smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp)) { pdb_set_user_sid_from_string(sampass, temp, PDB_SET); } if (smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_SID), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_SID), temp)) { pdb_set_group_sid_from_string(sampass, temp, PDB_SET); - } - else - { + } else { pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT); } - - - } - else - { + } else { if (smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp)) { user_rid = (uint32)atol(temp); pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_RID), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_RID), temp)) { pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT); } else { uint32 group_rid; @@ -527,7 +508,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) { - DEBUG(1, ("no %s or %s attribute found for this user %s\n", + DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n", get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), username)); @@ -557,8 +538,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, #endif if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) { /* leave as default */ } else { pass_last_set_time = (time_t) atol(temp); @@ -566,8 +546,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp)) { /* leave as default */ } else { logon_time = (time_t) atol(temp); @@ -575,8 +554,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp)) { /* leave as default */ } else { logoff_time = (time_t) atol(temp); @@ -584,8 +562,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp)) { /* leave as default */ } else { kickoff_time = (time_t) atol(temp); @@ -593,8 +570,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp)) { /* leave as default */ } else { pass_can_change_time = (time_t) atol(temp); @@ -602,8 +578,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp)) { /* leave as default */ } else { pass_must_change_time = (time_t) atol(temp); @@ -617,11 +592,9 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, */ if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), fullname)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), fullname)) { if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_CN), fullname)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_CN), fullname)) { /* leave as default */ } else { pdb_set_fullname(sampass, fullname, PDB_SET); @@ -631,49 +604,41 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), dir_drive)) + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), dir_drive)) { - pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx, - lp_logon_drive(), - username, domain, - uid, gid), - PDB_DEFAULT); + pdb_set_dir_drive( sampass, + talloc_sub_basic(sampass->mem_ctx, username, lp_logon_drive()), + PDB_DEFAULT ); } else { pdb_set_dir_drive(sampass, dir_drive, PDB_SET); } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir)) + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir)) { - pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx, - lp_logon_home(), - username, domain, - uid, gid), - PDB_DEFAULT); + pdb_set_homedir( sampass, + talloc_sub_basic(sampass->mem_ctx, username, lp_logon_home()), + PDB_DEFAULT ); } else { pdb_set_homedir(sampass, homedir, PDB_SET); } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script)) + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script)) { - pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx, - lp_logon_script(), - username, domain, - uid, gid), - PDB_DEFAULT); + pdb_set_logon_script( sampass, + talloc_sub_basic(sampass->mem_ctx, username, lp_logon_script()), + PDB_DEFAULT ); } else { pdb_set_logon_script(sampass, logon_script, PDB_SET); } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path)) + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path)) { - pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx, - lp_logon_path(), - username, domain, - uid, gid), - PDB_DEFAULT); + pdb_set_profile_path( sampass, + talloc_sub_basic( sampass->mem_ctx, username, lp_logon_path()), + PDB_DEFAULT ); } else { pdb_set_profile_path(sampass, profile_path, PDB_SET); } @@ -687,8 +652,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations)) { /* leave as default */; } else { pdb_set_workstations(sampass, workstations, PDB_SET); @@ -701,8 +665,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, memset(hours, 0xff, hours_len); if (!smbldap_get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smblmpwd); @@ -713,8 +676,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp)) { /* leave as default */ } else { pdb_gethexpwd(temp, smbntpwd); @@ -725,8 +687,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } if (!smbldap_get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry, - get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp)) - { + get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp)) { acct_ctrl |= ACB_NORMAL; } else { acct_ctrl = pdb_decode_acct_ctrl(temp); @@ -752,9 +713,10 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, } /********************************************************************** -Initialize SAM_ACCOUNT from an LDAP query -(Based on init_buffer_from_sam in pdb_tdb.c) + Initialize SAM_ACCOUNT from an LDAP query. + (Based on init_buffer_from_sam in pdb_tdb.c) *********************************************************************/ + static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, LDAPMessage *existing, LDAPMod *** mods, SAM_ACCOUNT * sampass, @@ -779,20 +741,18 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, "uid", pdb_get_username(sampass)); - DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass))); + DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); /* only update the RID if we actually need to */ - if (need_update(sampass, PDB_USERSID)) - { + if (need_update(sampass, PDB_USERSID)) { fstring sid_string; fstring dom_sid_string; const DOM_SID *user_sid = pdb_get_user_sid(sampass); - switch ( ldap_state->schema_ver ) - { + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) { - DEBUG(1, ("User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", + DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", sid_to_string(sid_string, user_sid), sid_to_string(dom_sid_string, &ldap_state->domain_sid))); return False; @@ -818,17 +778,15 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, /* we don't need to store the primary group RID - so leaving it 'free' to hang off the unix primary group makes life easier */ - if (need_update(sampass, PDB_GROUPSID)) - { + if (need_update(sampass, PDB_GROUPSID)) { fstring sid_string; fstring dom_sid_string; const DOM_SID *group_sid = pdb_get_group_sid(sampass); - switch ( ldap_state->schema_ver ) - { + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) { - DEBUG(1, ("User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n", + DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n", sid_to_string(sid_string, group_sid), sid_to_string(dom_sid_string, &ldap_state->domain_sid))); return False; @@ -922,8 +880,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp); if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) - || (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) - { + || (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) { pdb_sethexpwd(temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass)); @@ -958,11 +915,10 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, return True; } - - /********************************************************************** -Connect to LDAP server for password enumeration + Connect to LDAP server for password enumeration. *********************************************************************/ + static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; @@ -980,8 +936,8 @@ static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) free_attr_list( attr_list ); if (rc != LDAP_SUCCESS) { - DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc))); + DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", lp_ldap_suffix(), filter)); ldap_msgfree(ldap_state->result); ldap_state->result = NULL; return NT_STATUS_UNSUCCESSFUL; @@ -999,8 +955,9 @@ static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update) } /********************************************************************** -End enumeration of the LDAP password list + End enumeration of the LDAP password list. *********************************************************************/ + static void ldapsam_endsampwent(struct pdb_methods *my_methods) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; @@ -1011,8 +968,9 @@ static void ldapsam_endsampwent(struct pdb_methods *my_methods) } /********************************************************************** -Get the next entry in the LDAP password database +Get the next entry in the LDAP password database. *********************************************************************/ + static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT *user) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -1034,8 +992,9 @@ static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT } /********************************************************************** -Get SAM_ACCOUNT entry from LDAP by username +Get SAM_ACCOUNT entry from LDAP by username. *********************************************************************/ + static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *user, const char *sname) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -1056,15 +1015,11 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if (count < 1) { - DEBUG(4, - ("Unable to locate user [%s] count=%d\n", sname, - count)); + DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_USER; } else if (count > 1) { - DEBUG(1, - ("Duplicate entries for this user [%s] Failing. count=%d\n", sname, - count)); + DEBUG(1, ("ldapsam_getsampwnam: Duplicate entries for this user [%s] Failing. count=%d\n", sname, count)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_USER; } @@ -1093,8 +1048,7 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, char ** attr_list; uint32 rid; - switch ( ldap_state->schema_ver ) - { + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBASAMACCOUNT: attr_list = get_userattr_list(ldap_state->schema_ver); rc = ldapsam_search_suffix_by_sid(ldap_state, sid, result, attr_list); @@ -1121,8 +1075,9 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, } /********************************************************************** -Get SAM_ACCOUNT entry from LDAP by SID + Get SAM_ACCOUNT entry from LDAP by SID. *********************************************************************/ + static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; @@ -1139,26 +1094,20 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); - if (count < 1) - { - DEBUG(4, - ("Unable to locate SID [%s] count=%d\n", sid_to_string(sid_string, sid), + if (count < 1) { + DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] count=%d\n", sid_to_string(sid_string, sid), count)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_USER; - } - else if (count > 1) - { - DEBUG(1, - ("More than one user with SID [%s]. Failing. count=%d\n", sid_to_string(sid_string, sid), + } else if (count > 1) { + DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID [%s]. Failing. count=%d\n", sid_to_string(sid_string, sid), count)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_USER; } entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - if (!entry) - { + if (!entry) { ldap_msgfree(result); return NT_STATUS_NO_SUCH_USER; } @@ -1176,15 +1125,14 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT } /******************************************************************** -Do the actual modification - also change a plaintext passord if -it it set. + Do the actual modification - also change a plaintext passord if + it it set. **********************************************************************/ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, SAM_ACCOUNT *newpwd, char *dn, LDAPMod **mods, int ldap_op, - BOOL (*need_update)(const SAM_ACCOUNT *, - enum pdb_elements)) + BOOL (*need_update)(const SAM_ACCOUNT *, enum pdb_elements)) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; int rc; @@ -1194,11 +1142,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, } if (!mods) { - DEBUG(5,("mods is empty: nothing to modify\n")); + DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n")); /* may be password change below however */ } else { - switch(ldap_op) - { + switch(ldap_op) { case LDAP_MOD_ADD: smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", @@ -1211,7 +1158,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, dn ,mods); break; default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", + DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n", ldap_op)); return NT_STATUS_INVALID_PARAMETER; } @@ -1220,8 +1167,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, char *ld_error = NULL; ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("failed to %s user dn= %s with: %s\n\t%s\n", + DEBUG(1, ("ldapsam_modify_entry: Failed to %s user dn= %s with: %s\n\t%s\n", ldap_op == LDAP_MOD_ADD ? "add" : "modify", dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); @@ -1231,9 +1177,9 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, } if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) && - (lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) && - need_update(newpwd, PDB_PLAINTEXT_PW) && - (pdb_get_plaintext_passwd(newpwd)!=NULL)) { + (lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) && + need_update(newpwd, PDB_PLAINTEXT_PW) && + (pdb_get_plaintext_passwd(newpwd)!=NULL)) { BerElement *ber; struct berval *bv; char *retoid; @@ -1261,7 +1207,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, ber_printf (ber, "N}"); if ((rc = ber_flatten (ber, &bv))<0) { - DEBUG(0,("ber_flatten returns a value <0\n")); + DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n")); ber_free(ber,1); SAFE_FREE(utf8_dn); SAFE_FREE(utf8_password); @@ -1276,12 +1222,12 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, LDAP_EXOP_MODIFY_PASSWD, bv, NULL, NULL, &retoid, &retdata)) != LDAP_SUCCESS) { - DEBUG(0,("LDAP Password could not be changed for user %s: %s\n", + DEBUG(0,("ldapsam_modify_entry: LDAP Password could not be changed for user %s: %s\n", pdb_get_username(newpwd),ldap_err2string(rc))); } else { - DEBUG(3,("LDAP Password changed for user %s\n",pdb_get_username(newpwd))); + DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd))); #ifdef DEBUG_PASSWORD - DEBUG(100,("LDAP Password changed to %s\n",pdb_get_plaintext_passwd(newpwd))); + DEBUG(100,("ldapsam_modify_entry: LDAP Password changed to %s\n",pdb_get_plaintext_passwd(newpwd))); #endif ber_bvfree(retdata); ber_memfree(retoid); @@ -1292,8 +1238,9 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, } /********************************************************************** -Delete entry from LDAP for username + Delete entry from LDAP for username. *********************************************************************/ + static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; @@ -1305,13 +1252,13 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A fstring objclass; if (!sam_acct) { - DEBUG(0, ("sam_acct was NULL!\n")); + DEBUG(0, ("ldapsam_delete_sam_account: sam_acct was NULL!\n")); return NT_STATUS_INVALID_PARAMETER; } sname = pdb_get_username(sam_acct); - DEBUG (3, ("Deleting user %s from LDAP.\n", sname)); + DEBUG (3, ("ldapsam_delete_sam_account: Deleting user %s from LDAP.\n", sname)); attr_list= get_userattr_list( ldap_state->schema_ver ); rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result, attr_list); @@ -1321,8 +1268,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A return NT_STATUS_NO_SUCH_USER; } - switch ( ldap_state->schema_ver ) - { + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBASAMACCOUNT: fstrcpy( objclass, LDAP_OBJ_SAMBASAMACCOUNT ); break; @@ -1344,9 +1290,10 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A } /********************************************************************** - Helper function to determine for update_sam_account whether - we need LDAP modification. + Helper function to determine for update_sam_account whether + we need LDAP modification. *********************************************************************/ + static BOOL element_is_changed(const SAM_ACCOUNT *sampass, enum pdb_elements element) { @@ -1354,13 +1301,14 @@ static BOOL element_is_changed(const SAM_ACCOUNT *sampass, } /********************************************************************** -Update SAM_ACCOUNT + Update SAM_ACCOUNT. *********************************************************************/ + static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - int rc; + int rc = 0; char *dn; LDAPMessage *result; LDAPMessage *entry; @@ -1379,53 +1327,57 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A } if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) { - DEBUG(0, ("No user to modify!\n")); + DEBUG(0, ("ldapsam_update_sam_account: No user to modify!\n")); return NT_STATUS_UNSUCCESSFUL; } entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + if (!dn) { + return NT_STATUS_UNSUCCESSFUL; + } - DEBUG(4, ("user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn)); + DEBUG(4, ("ldapsam_update_sam_account: user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn)); if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, element_is_changed)) { DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n")); - ldap_memfree(dn); + SAFE_FREE(dn); return NT_STATUS_UNSUCCESSFUL; } if (mods == NULL) { - DEBUG(4,("mods is empty: nothing to update for user: %s\n", + DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n", pdb_get_username(newpwd))); ldap_mods_free(mods, True); - ldap_memfree(dn); + SAFE_FREE(dn); return NT_STATUS_OK; } ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed); ldap_mods_free(mods,True); - ldap_memfree(dn); + SAFE_FREE(dn); if (!NT_STATUS_IS_OK(ret)) { char *ld_error = NULL; ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0,("failed to modify user with uid = %s, error: %s (%s)\n", + DEBUG(0,("ldapsam_update_sam_account: failed to modify user with uid = %s, error: %s (%s)\n", pdb_get_username(newpwd), ld_error?ld_error:"(unknwon)", ldap_err2string(rc))); SAFE_FREE(ld_error); return ret; } - DEBUG(2, ("successfully modified uid = %s in the LDAP database\n", + DEBUG(2, ("ldapsam_update_sam_account: successfully modified uid = %s in the LDAP database\n", pdb_get_username(newpwd))); return NT_STATUS_OK; } /********************************************************************** - Helper function to determine for update_sam_account whether - we need LDAP modification. + Helper function to determine for update_sam_account whether + we need LDAP modification. *********************************************************************/ + static BOOL element_is_set_or_changed(const SAM_ACCOUNT *sampass, enum pdb_elements element) { @@ -1434,7 +1386,7 @@ static BOOL element_is_set_or_changed(const SAM_ACCOUNT *sampass, } /********************************************************************** -Add SAM_ACCOUNT to LDAP + Add SAM_ACCOUNT to LDAP. *********************************************************************/ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * newpwd) @@ -1446,7 +1398,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO LDAPMessage *entry = NULL; pstring dn; LDAPMod **mods = NULL; - int ldap_op; + int ldap_op = LDAP_MOD_REPLACE; uint32 num_result; char **attr_list; char *escape_user; @@ -1456,7 +1408,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO fstring sid_string; if (!username || !*username) { - DEBUG(0, ("Cannot add user without a username!\n")); + DEBUG(0, ("ldapsam_add_sam_account: Cannot add user without a username!\n")); return NT_STATUS_INVALID_PARAMETER; } @@ -1471,7 +1423,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO } if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) { - DEBUG(0,("User '%s' already in the base, with samba attributes\n", + DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n", username)); ldap_msgfree(result); free_attr_list( attr_list ); @@ -1485,7 +1437,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO sid, &result); if (rc == LDAP_SUCCESS) { if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) { - DEBUG(0,("SID '%s' already in the base, with samba attributes\n", + DEBUG(0,("ldapsam_add_sam_account: SID '%s' already in the base, with samba attributes\n", sid_to_string(sid_string, sid))); free_attr_list( attr_list ); return NT_STATUS_UNSUCCESSFUL; @@ -1512,7 +1464,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if (num_result > 1) { - DEBUG (0, ("More than one user with that uid exists: bailing out!\n")); + DEBUG (0, ("ldapsam_add_sam_account: More than one user with that uid exists: bailing out!\n")); free_attr_list( attr_list ); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; @@ -1522,12 +1474,17 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO if (num_result == 1) { char *tmp; - DEBUG(3,("User exists without samba attributes: adding them\n")); + DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n")); ldap_op = LDAP_MOD_REPLACE; entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result); - tmp = ldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); + tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); + if (!tmp) { + free_attr_list( attr_list ); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } slprintf (dn, sizeof (dn) - 1, "%s", tmp); - ldap_memfree (tmp); + SAFE_FREE(tmp); } else if (ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT) { @@ -1550,7 +1507,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if (num_result > 1) { - DEBUG (0, ("More than one user with that uid exists: bailing out!\n")); + DEBUG (0, ("ldapsam_add_sam_account: More than one user with that uid exists: bailing out!\n")); free_attr_list( attr_list ); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; @@ -1560,12 +1517,17 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO if (num_result == 1) { char *tmp; - DEBUG(3,("User exists without samba attributes: adding them\n")); + DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n")); ldap_op = LDAP_MOD_REPLACE; entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result); - tmp = ldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); + tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); + if (!tmp) { + free_attr_list( attr_list ); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } slprintf (dn, sizeof (dn) - 1, "%s", tmp); - ldap_memfree (tmp); + SAFE_FREE(tmp); } } @@ -1573,7 +1535,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO if (num_result == 0) { /* Check if we need to add an entry */ - DEBUG(3,("Adding new user\n")); + DEBUG(3,("ldapsam_add_sam_account: Adding new user\n")); ldap_op = LDAP_MOD_ADD; if (username[strlen(username)-1] == '$') { slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_machine_suffix ()); @@ -1592,11 +1554,10 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO ldap_msgfree(result); if (mods == NULL) { - DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd))); + DEBUG(0,("ldapsam_add_sam_account: mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd))); return NT_STATUS_UNSUCCESSFUL; } - switch ( ldap_state->schema_ver ) - { + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT); break; @@ -1610,13 +1571,13 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, element_is_set_or_changed); if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n", + DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n", pdb_get_username(newpwd),dn)); ldap_mods_free(mods, True); return ret; } - DEBUG(2,("added: uid == %s in the LDAP database\n", pdb_get_username(newpwd))); + DEBUG(2,("ldapsam_add_sam_account: added: uid == %s in the LDAP database\n", pdb_get_username(newpwd))); ldap_mods_free(mods, True); return NT_STATUS_OK; @@ -1666,64 +1627,58 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, pstring temp; if (ldap_state == NULL || map == NULL || entry == NULL || - ldap_state->smbldap_state->ldap_struct == NULL) - { + ldap_state->smbldap_state->ldap_struct == NULL) { DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n")); return False; } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp)) - { - DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp)) { + DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER))); return False; } - DEBUG(2, ("Entry found for group: %s\n", temp)); + DEBUG(2, ("init_group_from_ldap: Entry found for group: %s\n", temp)); map->gid = (gid_t)atol(temp); if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp)) - { - DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp)) { + DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID))); return False; } string_to_sid(&map->sid, temp); if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) - { - DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) { + DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE))); return False; } map->sid_name_use = (enum SID_NAME_USE)atol(temp); if ((map->sid_name_use < SID_NAME_USER) || - (map->sid_name_use > SID_NAME_UNKNOWN)) { - DEBUG(0, ("Unknown Group type: %d\n", map->sid_name_use)); + (map->sid_name_use > SID_NAME_UNKNOWN)) { + DEBUG(0, ("init_group_from_ldap: Unknown Group type: %d\n", map->sid_name_use)); return False; } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp)) - { + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp)) { temp[0] = '\0'; if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, get_attr_key2string( groupmap_attr_list, LDAP_ATTR_CN), temp)) { - DEBUG(0, ("Attributes cn not found either " - "for gidNumber(%lu)\n",(unsigned long)map->gid)); + DEBUG(0, ("init_group_from_ldap: Attributes cn not found either \ +for gidNumber(%lu)\n",(unsigned long)map->gid)); return False; } } fstrcpy(map->nt_name, temp); if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, - get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp)) - { + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp)) { temp[0] = '\0'; } fstrcpy(map->comment, temp); @@ -1784,13 +1739,13 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods, count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if (count < 1) { - DEBUG(4, ("Did not find group\n")); + DEBUG(4, ("ldapsam_getgroup: Did not find group\n")); ldap_msgfree(result); return NT_STATUS_NO_SUCH_GROUP; } if (count > 1) { - DEBUG(1, ("Duplicate entries for filter %s: count=%d\n", + DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: count=%d\n", filter, count)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_GROUP; @@ -1804,7 +1759,7 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods, } if (!init_group_from_ldap(ldap_state, map, entry)) { - DEBUG(1, ("init_group_from_ldap failed for group filter %s\n", + DEBUG(1, ("ldapsam_getgroup: init_group_from_ldap failed for group filter %s\n", filter)); ldap_msgfree(result); return NT_STATUS_NO_SUCH_GROUP; @@ -1908,7 +1863,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, if (NT_STATUS_IS_OK(ldapsam_getgrgid(methods, &dummy, map->gid))) { - DEBUG(0, ("Group %ld already exists in LDAP\n", (unsigned long)map->gid)); + DEBUG(0, ("ldapsam_add_group_mapping_entry: Group %ld already exists in LDAP\n", (unsigned long)map->gid)); return NT_STATUS_UNSUCCESSFUL; } @@ -1926,20 +1881,24 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, } if (count > 1) { - DEBUG(2, ("Group %lu must exist exactly once in LDAP\n", + DEBUG(2, ("ldapsam_add_group_mapping_entry: Group %lu must exist exactly once in LDAP\n", (unsigned long)map->gid)); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - tmp = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + tmp = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + if (!tmp) { + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } pstrcpy(dn, tmp); - ldap_memfree(tmp); + SAFE_FREE(tmp); if (!init_ldap_from_group(ldap_state->smbldap_state->ldap_struct, result, &mods, map)) { - DEBUG(0, ("init_ldap_from_group failed!\n")); + DEBUG(0, ("ldapsam_add_group_mapping_entry: init_ldap_from_group failed!\n")); ldap_mods_free(mods, True); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; @@ -1948,7 +1907,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, ldap_msgfree(result); if (mods == NULL) { - DEBUG(0, ("mods is empty\n")); + DEBUG(0, ("ldapsam_add_group_mapping_entry: mods is empty\n")); return NT_STATUS_UNSUCCESSFUL; } @@ -1961,13 +1920,13 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, char *ld_error = NULL; ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0, ("failed to add group %lu error: %s (%s)\n", (unsigned long)map->gid, + DEBUG(0, ("ldapsam_add_group_mapping_entry: failed to add group %lu error: %s (%s)\n", (unsigned long)map->gid, ld_error ? ld_error : "(unknown)", ldap_err2string(rc))); SAFE_FREE(ld_error); return NT_STATUS_UNSUCCESSFUL; } - DEBUG(2, ("successfully modified group %lu in LDAP\n", (unsigned long)map->gid)); + DEBUG(2, ("ldapsam_add_group_mapping_entry: successfully modified group %lu in LDAP\n", (unsigned long)map->gid)); return NT_STATUS_OK; } @@ -1992,17 +1951,16 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, } if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) { - DEBUG(0, ("No group to modify!\n")); + DEBUG(0, ("ldapsam_update_group_mapping_entry: No group to modify!\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); - dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); if (!init_ldap_from_group(ldap_state->smbldap_state->ldap_struct, result, &mods, map)) { - DEBUG(0, ("init_ldap_from_group failed\n")); + DEBUG(0, ("ldapsam_update_group_mapping_entry: init_ldap_from_group failed\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -2010,11 +1968,16 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, ldap_msgfree(result); if (mods == NULL) { - DEBUG(4, ("mods is empty: nothing to do\n")); + DEBUG(4, ("ldapsam_update_group_mapping_entry: mods is empty: nothing to do\n")); return NT_STATUS_UNSUCCESSFUL; } + dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + if (!dn) { + return NT_STATUS_UNSUCCESSFUL; + } rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); + SAFE_FREE(dn); ldap_mods_free(mods, True); @@ -2022,12 +1985,12 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, char *ld_error = NULL; ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(0, ("failed to modify group %lu error: %s (%s)\n", (unsigned long)map->gid, + DEBUG(0, ("ldapsam_update_group_mapping_entry: failed to modify group %lu error: %s (%s)\n", (unsigned long)map->gid, ld_error ? ld_error : "(unknown)", ldap_err2string(rc))); SAFE_FREE(ld_error); } - DEBUG(2, ("successfully modified group %lu in LDAP\n", (unsigned long)map->gid)); + DEBUG(2, ("ldapsam_update_group_mapping_entry: successfully modified group %lu in LDAP\n", (unsigned long)map->gid)); return NT_STATUS_OK; } @@ -2082,8 +2045,8 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update) free_attr_list( attr_list ); if (rc != LDAP_SUCCESS) { - DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("Query was: %s, %s\n", lp_ldap_group_suffix(), filter)); + DEBUG(0, ("ldapsam_setsamgrent: LDAP search failed: %s\n", ldap_err2string(rc))); + DEBUG(3, ("ldapsam_setsamgrent: Query was: %s, %s\n", lp_ldap_group_suffix(), filter)); ldap_msgfree(ldap_state->result); ldap_state->result = NULL; return NT_STATUS_UNSUCCESSFUL; @@ -2147,24 +2110,24 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, *rmap = NULL; if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) { - DEBUG(0, ("Unable to open passdb\n")); + DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open passdb\n")); return NT_STATUS_ACCESS_DENIED; } while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) { if (sid_name_use != SID_NAME_UNKNOWN && sid_name_use != map.sid_name_use) { - DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); + DEBUG(11,("ldapsam_enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { - DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); + DEBUG(11,("ldapsam_enum_group_mapping: group %s is non mapped\n", map.nt_name)); continue; } mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); if (!mapt) { - DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + DEBUG(0,("ldapsam_enum_group_mapping: Unable to enlarge group map!\n")); SAFE_FREE(*rmap); return NT_STATUS_UNSUCCESSFUL; } @@ -2235,7 +2198,7 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state)); if (!ldap_state) { - DEBUG(0, ("talloc() failed for ldapsam private_data!\n")); + DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n")); return NT_STATUS_NO_MEMORY; } @@ -2325,9 +2288,9 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met ldap_state->domain_name, True); if ( !NT_STATUS_IS_OK(nt_status) ) { - DEBUG(2, ("WARNING: Could not get domain info, nor add one to the domain\n")); - DEBUGADD(2, ("Continuing on regardless, will be unable to allocate new users/groups, " - "and will risk BDCs having inconsistant SIDs\n")); + DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain\n")); + DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, \ +and will risk BDCs having inconsistant SIDs\n")); sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); return NT_STATUS_OK; } @@ -2336,15 +2299,14 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); if (!entry) { - DEBUG(0, ("Could not get domain info entry\n")); + DEBUG(0, ("pdb_init_ldapsam: Could not get domain info entry\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } if (smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), - domain_sid_string)) - { + domain_sid_string)) { BOOL found_sid; string_to_sid(&ldap_domain_sid, domain_sid_string); found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid); @@ -2357,12 +2319,11 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met if (smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ALGORITHMIC_RID_BASE), - alg_rid_base_string)) - { + alg_rid_base_string)) { alg_rid_base = (uint32)atol(alg_rid_base_string); if (alg_rid_base != algorithmic_rid_base()) { - DEBUG(0, ("The value of 'algorithmic RID base' has changed since the LDAP\n" - "database was initialised. Aborting. \n")); + DEBUG(0, ("pdb_init_ldapsam: The value of 'algorithmic RID base' has changed since the LDAP\n\ +database was initialised. Aborting. \n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -2383,5 +2344,3 @@ NTSTATUS pdb_ldap_init(void) return NT_STATUS_OK; } - - |