Fixes to our LDAP/vampire codepaths:

 - Try better to add the appropriate mapping between UID and SIDs, based
   on Get_Pwnam()
 - Look for previous users (lookup by SID) and correctly modify the existing
   entry in that case
 - Map the root user to the Admin SID as a 'well known user'
 - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
   call on that user.  This means that VL's very nice work on atomic LDAP
   updates now really gets used properly!
 - This also means that we know the right DN to update, without the extra
   round-trips to the server.

Andrew Bartlett
(This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)

3 files changed, 61 insertions, 11 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 54a852601a..de919ef6f9 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -347,6 +347,10 @@ static void pdb_free_sam_contents(SAM_ACCOUNT *user)
 	data_blob_clear_free(&(user->private.nt_pw));
 	if (user->private.plaintext_pw!=NULL)
 		memset(user->private.plaintext_pw,'\0',strlen(user->private.plaintext_pw));
+
+	if (user->private.backend_private_data && user->private.backend_private_data_free_fn) {
+		user->private.backend_private_data_free_fn(&user->private.backend_private_data);
+	}
 }
 
 
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index c95719451a..e0b9f0e0ec 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -330,6 +330,14 @@ uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
 		return (-1);
 }
 
+void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
+{
+	if (sampass && my_methods == sampass->methods)
+		return sampass->private.backend_private_data;
+	else
+		return NULL;
+}
+
 /*********************************************************************
  Collection of set...() functions for SAM_ACCOUNT.
  ********************************************************************/
@@ -1011,6 +1019,28 @@ BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, enum pdb_value_sta
 	return pdb_set_init_flags(sampass, PDB_HOURS, flag);
 }
 
+BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data, 
+				   void (*free_fn)(void **), 
+				   const struct pdb_methods *my_methods, 
+				   enum pdb_value_state flag)
+{
+	if (!sampass)
+		return False;
+
+	/* does this backend 'own' this SAM_ACCOUNT? */
+	if (my_methods != sampass->methods)
+		return False;
+
+	if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) {
+		sampass->private.backend_private_data_free_fn(&sampass->private.backend_private_data);
+	}
+
+	sampass->private.backend_private_data = private_data;
+	sampass->private.backend_private_data_free_fn = free_fn;
+
+	return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
+}
+
 
 /* Helpful interfaces to the above */
 
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6911cea369..140b87afb9 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -108,6 +108,16 @@ struct ldapsam_privates {
 };
 
 /**********************************************************************
+ Free a LDAPMessage (one is stored on the SAM_ACCOUNT)
+ **********************************************************************/
+ 
+static void private_data_free_fn(void **result) 
+{
+	ldap_memfree(*result);
+	*result = NULL;
+}
+
+/**********************************************************************
  get the attribute name given a user schame version 
  **********************************************************************/
  
@@ -1503,7 +1513,9 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT
 			ldap_msgfree(result);
 			return NT_STATUS_NO_SUCH_USER;
 		}
-		ldap_msgfree(result);
+		pdb_set_backend_private_data(user, result, 
+					     private_data_free_fn, 
+					     my_methods, PDB_CHANGED);
 		ret = NT_STATUS_OK;
 	} else {
 		ldap_msgfree(result);
@@ -1591,9 +1603,13 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
 			ldap_msgfree(result);
 			return NT_STATUS_NO_SUCH_USER;
 		}
+		pdb_set_backend_private_data(user, result, 
+					     private_data_free_fn, 
+					     my_methods, PDB_CHANGED);
 		ret = NT_STATUS_OK;
+	} else {
+		ldap_msgfree(result);
 	}
-	ldap_msgfree(result);
 	return ret;
 }	
 
@@ -1789,15 +1805,18 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
 	LDAPMod **mods;
 	char **attr_list;
 
-	attr_list = get_userattr_list(ldap_state->schema_ver);
-	rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
-	free_attr_list( attr_list );
-	if (rc != LDAP_SUCCESS) 
-		return NT_STATUS_UNSUCCESSFUL;
+	result = pdb_get_backend_private_data(newpwd, my_methods);
+	if (!result) {
+		attr_list = get_userattr_list(ldap_state->schema_ver);
+		rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
+		free_attr_list( attr_list );
+		if (rc != LDAP_SUCCESS) 
+			return NT_STATUS_UNSUCCESSFUL;
+		pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED);
+	}
 
 	if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
 		DEBUG(0, ("No user to modify!\n"));
-		ldap_msgfree(result);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -1807,12 +1826,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
 	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
 				element_is_changed)) {
 		DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
-		ldap_msgfree(result);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 	
-        ldap_msgfree(result);
-	
 	if (mods == NULL) {
 		DEBUG(4,("mods is empty: nothing to update for user: %s\n",
 			 pdb_get_username(newpwd)));