diff options
author | Simo Sorce <idra@samba.org> | 2005-03-27 23:31:43 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:18 -0500 |
commit | 5487ee5e9c9e6ea087b778ab7d90d8c38b348017 (patch) | |
tree | cb272ecd076a5f262f67c0920c1d9aa9a47132f6 /source4/dsdb/samdb | |
parent | 6ed40eda29a00cafd9a316bec86c41c5cce592c3 (diff) | |
download | samba-5487ee5e9c9e6ea087b778ab7d90d8c38b348017.tar.gz samba-5487ee5e9c9e6ea087b778ab7d90d8c38b348017.tar.bz2 samba-5487ee5e9c9e6ea087b778ab7d90d8c38b348017.zip |
r6084: - Introduce the samldb module dependency on samba4
- This module will take care of properly filling an user or group object
with required fields. You just need to provide the dn and the objectclass
and a user/group get created
Simo.
(This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 375 |
1 files changed, 170 insertions, 205 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index ddd878070d..7ec1ea1a29 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1,25 +1,25 @@ /* - ldb database library + SAM ldb module Copyright (C) Simo Sorce 2004 - ** NOTE! The following LGPL license applies to the ldb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + * NOTICE: this module is NOT released under the GNU LGPL license as + * other ldb code. This module is release under the GNU GPL v2 or + * later license. - This library is distributed in the hope that it will be useful, + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* @@ -27,7 +27,7 @@ * * Component: ldb samldb module * - * Description: add object timestamping functionality + * Description: add embedded user/group creation functionality * * Author: Simo Sorce */ @@ -53,11 +53,10 @@ static int samldb_search(struct ldb_module *module, const char *base, static int samldb_search_free(struct ldb_module *module, struct ldb_message **res) { -ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_search_free\n"); return ldb_next_search_free(module, res); } - /* allocate a new id, attempting to do it atomically return 0 on failure, the id on success @@ -84,14 +83,15 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx ldb_search_free(ldb, res); return -1; } - talloc_steal(mem_ctx, str); - ldb_search_free(ldb, res); *id = strtol(str, NULL, 0); if ((*id)+1 == 0) { /* out of IDs ! */ + ldb_debug(ldb, LDB_DEBUG_FATAL, "Are we out of valid IDs ?\n"); + ldb_search_free(ldb, res); return -1; } + ldb_search_free(ldb, res); /* we do a delete and add as a single operation. That prevents a race */ @@ -138,11 +138,36 @@ static int samldb_allocate_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx return 0; } +static char *samldb_search_domain(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *dn) +{ + const char *sdn; + struct ldb_message **res = NULL; + int ret; + + sdn = dn; + while ((sdn = strchr(sdn, ',')) != NULL) { + + sdn++; + + ret = ldb_search(module->ldb, sdn, LDB_SCOPE_BASE, "objectClass=domain", NULL, &res); + ldb_search_free(module->ldb, res); + + if (ret == 1) + break; + } + + if (ret != 1) { + return NULL; + } + + return talloc_strdup(mem_ctx, sdn); +} + /* search the domain related to the provided dn allocate a new RID for the domain return the new sid string */ -static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *obj_dn) +static char *samldb_get_new_sid(struct ldb_module *module, TALLOC_CTX *mem_ctx, const char *obj_dn) { const char * const attrs[2] = { "objectSid", NULL }; struct ldb_message **res = NULL; @@ -159,44 +184,41 @@ static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, co /* FIXME: "dc=" is probably not utf8 safe either, we need a multibyte safe substring search function here */ - dom_dn = strstr(obj_dn, "dc="); + dom_dn = samldb_search_domain(module, mem_ctx, obj_dn); if (dom_dn == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "Invalid dn (%s)!\n", obj_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Invalid dn (%s) not child of a domain object!\n", obj_dn); return NULL; } /* find the domain sid */ - ret = ldb_search(ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); + ret = ldb_search(module->ldb, dom_dn, LDB_SCOPE_BASE, "objectSid=*", attrs, &res); if (ret != 1) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - if (res) ldb_search_free(ldb, res); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + if (res) ldb_search_free(module->ldb, res); return NULL; } dom_sid = ldb_msg_find_string(res[0], "objectSid", NULL); if (dom_sid == NULL) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); - ldb_search_free(ldb, res); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_get_new_sid: error retrieving domain sid!\n"); + ldb_search_free(module->ldb, res); return NULL; } - talloc_steal(mem_ctx, dom_sid); - ldb_search_free(ldb, res); - /* allocate a new Rid for the domain */ - /* we need to try multiple times to cope with two account creations at the same time */ while (tries--) { - ret = samldb_allocate_next_rid(ldb, mem_ctx, dom_dn, &rid); + ret = samldb_allocate_next_rid(module->ldb, mem_ctx, dom_dn, &rid); if (ret != 1) { break; } } if (ret != 0) { - ldb_debug(ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s\n", dom_dn); + ldb_search_free(module->ldb, res); return NULL; } @@ -204,6 +226,8 @@ static char *samldb_get_new_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, co obj_sid = talloc_asprintf(mem_ctx, "%s-%u", dom_sid, rid); + ldb_search_free(module->ldb, res); + return obj_sid; } @@ -224,13 +248,8 @@ static BOOL samldb_get_rdn_and_basedn(const void *mem_ctx, const char *dn, char if ( ! p ) { return False; } - /* clear separator */ - *p = '\0'; - *rdn = talloc_strdup(mem_ctx, dn); - - /* put back separator */ - *p = ','; + *rdn = talloc_strndup(mem_ctx, dn, p - dn); if ( ! *rdn) { return False; @@ -268,287 +287,234 @@ static struct ldb_message_element *samldb_find_attribute(const struct ldb_messag return NULL; } -static BOOL samldb_add_attribute(struct ldb_message *msg, const char *name, const char *value) +static BOOL samldb_msg_add_string(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value) { - struct ldb_message_element *attr; - int i; - - attr = samldb_find_attribute(msg, name, NULL); - if ( ! attr) { - msg->num_elements++; - msg->elements = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements); - if ( ! msg->elements ) { - return False; - } - attr = &msg->elements[msg->num_elements - 1]; - - attr->name = talloc_strdup(msg, name); - if ( ! attr->name ) { - return False; - } - attr->flags = 0; - attr->num_values = 0; - attr->values = NULL; - } + char *aname = talloc_strdup(msg, name); + char *aval = talloc_strdup(msg, value); - i = attr->num_values; - attr->num_values++; - attr->values = talloc_realloc(msg, attr->values, struct ldb_val, attr->num_values); - if ( ! attr->values ){ + if (aname == NULL || aval == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_msg_add_string: talloc_strdup failed!\n"); return False; } - attr->values[i].data = talloc_strdup(msg, value); - attr->values[i].length = strlen(value); - - if ( ! attr->values[i].data) { + if (ldb_msg_add_string(module->ldb, msg, aname, aval) != 0) { return False; } return True; } -static BOOL samldb_find_or_add_attribute(struct ldb_message *msg, const char *name, const char *value, const char *set_value) +static BOOL samldb_find_or_add_attribute(struct ldb_module *module, struct ldb_message *msg, const char *name, const char *value, const char *set_value) { if (samldb_find_attribute(msg, name, value) == NULL) { - if ( ! samldb_add_attribute(msg, name, set_value)) { - return False; - } + return samldb_msg_add_string(module, msg, name, set_value); } return True; } -static struct ldb_message *samldb_manage_group_object(struct ldb_module *module, const struct ldb_message *msg) +static int samldb_copy_template(struct ldb_module *module, struct ldb_message *msg, const char *filter) +{ + struct ldb_message **res, *t; + int ret, i, j; + + + /* pull the template record */ + ret = ldb_search(module->ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &res); + if (ret != 1) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb: ERROR: template '%s' matched %d records\n", filter, ret); + return -1; + } + t = res[0]; + + for (i = 0; i < t->num_elements; i++) { + struct ldb_message_element *el = &t->elements[i]; + /* some elements should not be copied from the template */ + if (strcasecmp(el->name, "cn") == 0 || + strcasecmp(el->name, "name") == 0 || + strcasecmp(el->name, "sAMAccountName") == 0) { + continue; + } + for (j = 0; j < el->num_values; j++) { + if (strcasecmp(el->name, "objectClass") == 0 && + (strcasecmp((char *)el->values[j].data, "Template") == 0 || + strcasecmp((char *)el->values[j].data, "userTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 || + strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) { + continue; + } + if ( ! samldb_find_or_add_attribute(module, msg, el->name, + NULL, + (char *)el->values[j].data)) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Attribute adding failed...\n"); + ldb_search_free(module->ldb, res); + return -1; + } + } + } + + ldb_search_free(module->ldb, res); + + return 0; +} + +static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg) { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; - int i; + char *rdn, *basedn, *sidstr; if (samldb_find_attribute(msg, "objectclass", "group") == NULL) { return NULL; } - msg2 = talloc(module, struct ldb_message); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_group_object\n"); + + /* build the new msg */ + msg2 = ldb_msg_copy(module->ldb, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); return NULL; } - /* build the new msg */ - msg2->dn = msg->dn; - msg2->num_elements = msg->num_elements; - msg2->private_data = msg->private_data; - msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); - if (! msg2->elements) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: talloc_array failed!\n"); - talloc_free(msg2); + if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Error copying template!\n"); return NULL; } - for (i = 0; i < msg2->num_elements; i++) { - msg2->elements[i] = msg->elements[i]; - } if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad DN (%s)!\n", msg2->dn); return NULL; } if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); - talloc_free(msg2); - return NULL; - } - - if (! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn); return NULL; } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for CN\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad Attribute Syntax for name\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - char *sidstr; - if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: internal error! Can't generate new sid\n"); - talloc_free(msg2); + if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: internal error! Can't generate new sid\n"); return NULL; } - - if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { - talloc_free(msg2); + + if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { return NULL; } } - if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x10000000")) { - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "groupType", NULL, "0x80000002")) { + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } + /* TODO: objectGUID */ - /* TODO: objectGUID, objectSid, objectCategory */ - /* need a way to lock a new Sid */ + talloc_steal(msg, msg2); return msg2; } -static struct ldb_message *samldb_manage_user_object(struct ldb_module *module, const struct ldb_message *msg) +static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg) { struct ldb_message *msg2; struct ldb_message_element *attribute; - char *rdn, *basedn; - int i; + char *rdn, *basedn, *sidstr; - if (samldb_find_attribute(msg, "objectclass", "user") == NULL) { + if ((samldb_find_attribute(msg, "objectclass", "user") == NULL) && (samldb_find_attribute(msg, "objectclass", "computer") == NULL)) { return NULL; } - msg2 = talloc(module, struct ldb_message); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_fill_user_or_computer_object\n"); + + /* build the new msg */ + msg2 = ldb_msg_copy(module->ldb, msg); if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc failed!\n"); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); return NULL; } - /* build the new msg */ - msg2->dn = msg->dn; - msg2->num_elements = msg->num_elements; - msg2->private_data = msg->private_data; - msg2->elements = talloc_array(msg2, struct ldb_message_element, msg2->num_elements); - if (! msg2->elements) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: talloc_array failed!\n"); - talloc_free(msg2); + if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Error copying template!\n"); return NULL; } - for (i = 0; i < msg2->num_elements; i++) { - msg2->elements[i] = msg->elements[i]; - } if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) { - talloc_free(msg2); return NULL; } if (strncasecmp(rdn, "cn", 2) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_group_object: Bad RDN (%s) for group!\n", rdn); - talloc_free(msg2); - return NULL; - } - - - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "top", "top")) { - talloc_free(msg2); + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad RDN (%s) for group!\n", rdn); return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "person", "person")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "objectclass", "organizationalPerson", "organizationalPerson")) { - talloc_free(msg2); + /* if the only attribute was: "objectclass: computer", then make sure we also add "user" objectclass */ + if ( ! samldb_find_or_add_attribute(module, msg2, "objectclass", "user", "user")) { return NULL; } if ((attribute = samldb_find_attribute(msg2, "cn", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for CN\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for CN\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "cn" attribute */ - if ( ! samldb_add_attribute(msg2, "cn", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "cn", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "name", NULL)) != NULL) { - if (strcasecmp(rdn, attribute->values[0].data) != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: Bad Attribute Syntax for name\n"); - talloc_free(msg2); + if (strcasecmp(&rdn[3], attribute->values[0].data) != 0) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: Bad Attribute Syntax for name\n"); return NULL; } } else { /* FIXME: remove this if ldb supports natively aliasing between the rdn and the "name" attribute */ - if ( ! samldb_add_attribute(msg2, "name", &rdn[3])) { - talloc_free(msg2); + if ( ! samldb_msg_add_string(module, msg2, "name", &rdn[3])) { return NULL; } } if ((attribute = samldb_find_attribute(msg2, "objectSid", NULL)) == NULL ) { - char *sidstr; - if ((sidstr = samldb_get_new_sid(module->ldb, msg2, msg2->dn)) == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_manage_user_object: internal error! Can't generate new sid\n"); - talloc_free(msg2); + if ((sidstr = samldb_get_new_sid(module, msg2, msg2->dn)) == NULL) { + ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: internal error! Can't generate new sid\n"); return NULL; } - - if ( ! samldb_add_attribute(msg2, "objectSid", sidstr)) { - talloc_free(msg2); + + if ( ! samldb_msg_add_string(module, msg2, "objectSid", sidstr)) { return NULL; } } - if ( ! samldb_find_or_add_attribute(msg2, "instanceType", NULL, "4")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { - talloc_free(msg2); + if ( ! samldb_find_or_add_attribute(module, msg2, "sAMAccountName", NULL, samldb_generate_samAccountName(msg2))) { return NULL; } - if ( ! samldb_find_or_add_attribute(msg2, "sAMAccountType", NULL, "0x30000000")) { - talloc_free(msg2); - return NULL; - } - - if ( ! samldb_find_or_add_attribute(msg2, "objectCategory", NULL, "foo")) { /* keep the schema module happy :) */ - return NULL; - } + /* TODO: objectGUID, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ - /* TODO: objectGUID, objectSid, objectCategory, userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + talloc_steal(msg, msg2); return msg2; } @@ -565,17 +531,16 @@ static int samldb_add_record(struct ldb_module *module, const struct ldb_message return ldb_next_add_record(module, msg); } - /* is group? add all group relevant missing objects */ - msg2 = samldb_manage_group_object(module, msg); + /* is user or computer? add all relevant missing objects */ + msg2 = samldb_fill_user_or_computer_object(module, msg); - /* is user? add all user relevant missing objects */ + /* is group? add all relevant missing objects */ if ( ! msg2 ) { - msg2 = samldb_manage_user_object(module, msg); + msg2 = samldb_fill_group_object(module, msg); } if (msg2) { ret = ldb_next_add_record(module, msg2); - talloc_free(msg2); } else { ret = ldb_next_add_record(module, msg); } @@ -633,7 +598,7 @@ static const char *samldb_errstring(struct ldb_module *module) static int samldb_destructor(void *module_ctx) { - struct ldb_module *ctx = module_ctx; + /* struct ldb_module *ctx = module_ctx; */ /* put your clean-up functions here */ return 0; } |