Merge branch 'master' of ssh://jht@git.samba.org/data/git/samba

author: John H Terpstra <jht@samba.org> 2009-07-23 09:33:06 -0500
committer: John H Terpstra <jht@samba.org> 2009-07-23 09:33:06 -0500
commit: 94717ae8e5dfe2ccdb7f3557d5490708b00ae471 (patch)
tree: a39f669faf23ad05497963cf5ccf611467d0145b /source3/passdb/pdb_ldap.c
parent: 14952c72a29ec92badb1bcf16d2a15fe100f060d (diff)
parent: 7bad4b48c82fed4263c2bfe97a4d00b47913604a (diff)
download: samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.tar.gz
samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.tar.bz2
samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.zip
1 files changed, 69 insertions, 50 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3579325769..1b1e22f2c8 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -336,7 +336,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 					  const char **attr)
 {
 	char *filter = NULL;
-	char *escape_user = escape_ldap_string_alloc(user);
+	char *escape_user = escape_ldap_string(talloc_tos(), user);
 	int ret = -1;
 
 	if (!escape_user) {
@@ -350,7 +350,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 	filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
 		get_objclass_filter(ldap_state->schema_ver));
 	if (!filter) {
-		SAFE_FREE(escape_user);
+		TALLOC_FREE(escape_user);
 		return LDAP_NO_MEMORY;
 	}
 	/*
@@ -360,7 +360,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 
 	filter = talloc_all_string_sub(talloc_tos(),
 				filter, "%u", escape_user);
-	SAFE_FREE(escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		return LDAP_NO_MEMORY;
 	}
@@ -902,7 +902,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 
 	pwHistLen = 0;
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen > 0){
 		uint8 *pwhist = NULL;
 		int i;
@@ -1327,7 +1327,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		if (need_update(sampass, PDB_PWHISTORY)) {
 			char *pwstr = NULL;
 			uint32 pwHistLen = 0;
-			pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+			pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 
 			pwstr = SMB_MALLOC_ARRAY(char, 1024);
 			if (!pwstr) {
@@ -1404,7 +1404,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		uint16 badcount = pdb_get_bad_password_count(sampass);
 		time_t badtime = pdb_get_bad_password_time(sampass);
 		uint32 pol;
-		pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+		pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
 
 		DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
 			(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@@ -1701,6 +1701,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		char *utf8_password;
 		char *utf8_dn;
 		size_t converted_size;
+		int ret;
 
 		if (!ldap_state->is_nds_ldap) {
 
@@ -1732,14 +1733,31 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		}
 
 		if ((ber_printf (ber, "{") < 0) ||
-		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
-		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
-		    (ber_printf (ber, "n}") < 0)) {
-			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
-                       ber_free(ber,1);
-                       TALLOC_FREE(utf8_dn);
-                       TALLOC_FREE(utf8_password);
-                       return NT_STATUS_UNSUCCESSFUL;
+		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+				 utf8_dn) < 0)) {
+			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+				 "value <0\n"));
+			ber_free(ber,1);
+			TALLOC_FREE(utf8_dn);
+			TALLOC_FREE(utf8_password);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		if ((utf8_password != NULL) && (*utf8_password != '\0')) {
+			ret = ber_printf(ber, "ts}",
+					 LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+					 utf8_password);
+		} else {
+			ret = ber_printf(ber, "}");
+		}
+
+		if (ret < 0) {
+			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+				 "value <0\n"));
+			ber_free(ber,1);
+			TALLOC_FREE(utf8_dn);
+			TALLOC_FREE(utf8_password);
+			return NT_STATUS_UNSUCCESSFUL;
 		}
 
 	        if ((rc = ber_flatten (ber, &bv))<0) {
@@ -2120,18 +2138,18 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
 	/* does the entry already exist but without a samba attributes?
 	   we need to return the samba attributes here */
 
-	escape_user = escape_ldap_string_alloc( username );
+	escape_user = escape_ldap_string(talloc_tos(), username);
 	filter = talloc_strdup(attr_list, "(uid=%u)");
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
 	filter = talloc_all_string_sub(attr_list, filter, "%u", escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
-	SAFE_FREE(escape_user);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state,
 				   filter, attr_list, &result);
@@ -2278,7 +2296,6 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
   fn_exit:
 
 	TALLOC_FREE(ctx);
-	SAFE_FREE(escape_user);
 	if (result) {
 		ldap_msgfree(result);
 	}
@@ -2528,7 +2545,7 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 				 const char *name)
 {
 	char *filter = NULL;
-	char *escape_name = escape_ldap_string_alloc(name);
+	char *escape_name = escape_ldap_string(talloc_tos(), name);
 	NTSTATUS status;
 
 	if (!escape_name) {
@@ -2540,11 +2557,11 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN),
 		escape_name) < 0) {
-		SAFE_FREE(escape_name);
+		TALLOC_FREE(escape_name);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	status = ldapsam_getgroup(methods, filter, map);
 	SAFE_FREE(filter);
 	return status;
@@ -2665,20 +2682,19 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 		for (memberuid = values; *memberuid != NULL; memberuid += 1) {
 			char *escape_memberuid;
 
-			escape_memberuid = escape_ldap_string_alloc(*memberuid);
+			escape_memberuid = escape_ldap_string(talloc_tos(),
+							      *memberuid);
 			if (escape_memberuid == NULL) {
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
 
 			filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
+			TALLOC_FREE(escape_memberuid);
 			if (filter == NULL) {
-				SAFE_FREE(escape_memberuid);
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
-
-			SAFE_FREE(escape_memberuid);
 		}
 
 		filter = talloc_asprintf_append_buffer(filter, "))");
@@ -2812,7 +2828,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	escape_name = escape_ldap_string_alloc(pdb_get_username(user));
+	escape_name = escape_ldap_string(talloc_tos(), pdb_get_username(user));
 	if (escape_name == NULL)
 		return NT_STATUS_NO_MEMORY;
 
@@ -2950,7 +2966,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
  done:
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	return ret;
 }
 
@@ -3764,7 +3780,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
-						   int policy_index,
+						   enum pdb_policy_type type,
 						   uint32 value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3782,7 +3798,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (policy_attr == NULL) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
 			 "policy\n"));
@@ -3802,7 +3818,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return ntstatus;
 	}
 
-	if (!cache_account_policy_set(policy_index, value)) {
+	if (!cache_account_policy_set(type, value)) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
 			 "update local tdb cache\n"));
 		return ntstatus;
@@ -3812,14 +3828,15 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 value)
+					   enum pdb_policy_type type,
+					   uint32_t value)
 {
-	return ldapsam_set_account_policy_in_ldap(methods, policy_index,
+	return ldapsam_set_account_policy_in_ldap(methods, type,
 						  value);
 }
 
 static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
-						     int policy_index,
+						     enum pdb_policy_type type,
 						     uint32 *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3841,10 +3858,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (!policy_attr) {
 		DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
-			 "policy index: %d\n", policy_index));
+			 "policy index: %d\n", type));
 		return ntstatus;
 	}
 
@@ -3898,17 +3915,18 @@ out:
    Guenther
 */
 static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 *value)
+					   enum pdb_policy_type type,
+					   uint32_t *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
 
-	if (cache_account_policy_get(policy_index, value)) {
+	if (cache_account_policy_get(type, value)) {
 		DEBUG(11,("ldapsam_get_account_policy: got valid value from "
 			  "cache\n"));
 		return NT_STATUS_OK;
 	}
 
-	ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
+	ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
 							value);
 	if (NT_STATUS_IS_OK(ntstatus)) {
 		goto update_cache;
@@ -3919,27 +3937,27 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
 
 #if 0
 	/* should we automagically migrate old tdb value here ? */
-	if (account_policy_get(policy_index, value))
+	if (account_policy_get(type, value))
 		goto update_ldap;
 
 	DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
-		  "default\n", policy_index));
+		  "default\n", type));
 #endif
 
-	if (!account_policy_get_default(policy_index, value)) {
+	if (!account_policy_get_default(type, value)) {
 		return ntstatus;
 	}
 
 /* update_ldap: */
 
- 	ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
+	ntstatus = ldapsam_set_account_policy(methods, type, *value);
 	if (!NT_STATUS_IS_OK(ntstatus)) {
 		return ntstatus;
 	}
 
  update_cache:
 
-	if (!cache_account_policy_set(policy_index, *value)) {
+	if (!cache_account_policy_set(type, *value)) {
 		DEBUG(0,("ldapsam_get_account_policy: failed to update local "
 			 "tdb as a cache\n"));
 		return NT_STATUS_UNSUCCESSFUL;
@@ -4185,14 +4203,14 @@ static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
 		goto done;
 	}
 
-	escaped = escape_ldap_string_alloc(username);
+	escaped = escape_ldap_string(talloc_tos(), username);
 	if (escaped == NULL) goto done;
 
 	result = talloc_string_sub(mem_ctx, filter, "%u", username);
 
  done:
 	SAFE_FREE(filter);
-	SAFE_FREE(escaped);
+	TALLOC_FREE(escaped);
 
 	return result;
 }
@@ -4994,10 +5012,10 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 		is_machine = True;
 	}
 
-	username = escape_ldap_string_alloc(name);
+	username = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
 				 username, LDAP_OBJ_POSIXACCOUNT);
-	SAFE_FREE(username);
+	TALLOC_FREE(username);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5270,10 +5288,10 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
 	gid_t gid = -1;
 	int rc;
 
-	groupname = escape_ldap_string_alloc(name);
+	groupname = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
 				 groupname, LDAP_OBJ_POSIXGROUP);
-	SAFE_FREE(groupname);
+	TALLOC_FREE(groupname);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5702,7 +5720,8 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+	escape_username = escape_ldap_string(talloc_tos(),
+					     pdb_get_username(sampass));
 	if (escape_username== NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -5715,7 +5734,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 				 LDAP_OBJ_POSIXACCOUNT,
 				 LDAP_OBJ_SAMBASAMACCOUNT);
 
-	SAFE_FREE(escape_username);
+	TALLOC_FREE(escape_username);
 
 	if (filter == NULL) {
 		return NT_STATUS_NO_MEMORY;
author	John H Terpstra <jht@samba.org>	2009-07-23 09:33:06 -0500
committer	John H Terpstra <jht@samba.org>	2009-07-23 09:33:06 -0500
commit	94717ae8e5dfe2ccdb7f3557d5490708b00ae471 (patch)
tree	a39f669faf23ad05497963cf5ccf611467d0145b /source3/passdb/pdb_ldap.c
parent	14952c72a29ec92badb1bcf16d2a15fe100f060d (diff)
parent	7bad4b48c82fed4263c2bfe97a4d00b47913604a (diff)
download	samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.tar.gz samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.tar.bz2 samba-94717ae8e5dfe2ccdb7f3557d5490708b00ae471.zip