summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h14
-rw-r--r--source3/passdb/ldap.c495
2 files changed, 434 insertions, 75 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5457d99570..29135ec02b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -225,10 +225,11 @@ void initialize_multibyte_vectors( int client_codepage);
/*The following definitions come from ldap.c */
-BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd);
+BOOL ldap_open_connection(LDAP **ldap_struct);
BOOL add_ldappwd_entry(struct smb_passwd *newpwd);
-BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override);
-BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override);
+BOOL mod_ldappwd_entry(struct smb_passwd *pwd, BOOL override);
+BOOL add_ldap21pwd_entry(struct sam_passwd *newpwd);
+BOOL mod_ldap21pwd_entry(struct sam_passwd *pwd, BOOL override);
void *startldappwent(BOOL update);
struct smb_passwd *getldappwent(void *vp);
struct sam_passwd *getldap21pwent(void *vp);
@@ -1827,7 +1828,6 @@ char *smb_errstr(char *inbuf);
/*The following definitions come from smbpass.c */
-BOOL do_file_lock(int fd, int waitsecs, int type);
void *startsmbpwent(BOOL update);
void endsmbpwent(void *vp);
struct sam_passwd *getsmb21pwent(void *vp);
@@ -1838,6 +1838,12 @@ BOOL add_smb21pwd_entry(struct sam_passwd *newpwd);
BOOL add_smbpwd_entry(struct smb_passwd *newpwd);
BOOL mod_smb21pwd_entry(struct sam_passwd* pwd, BOOL override);
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override);
+
+/*The following definitions come from smbpassfile.c */
+
+BOOL do_file_lock(int fd, int waitsecs, int type);
+BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth);
+BOOL pw_file_unlock(int fd, int *plock_depth);
BOOL trust_password_lock( char *domain, char *name, BOOL update);
BOOL trust_password_unlock(void);
BOOL trust_password_delete( char *domain, char *name );
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 3d584c1c0e..0804caf1a0 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -24,14 +24,17 @@
#include "includes.h"
+#define ADD_USER 1
+#define MODIFY_USER 2
+
extern int DEBUGLEVEL;
/*******************************************************************
open a connection to the ldap serve.
******************************************************************/
-static BOOL ldap_open_connection(LDAP **ldap_struct)
+BOOL ldap_open_connection(LDAP **ldap_struct)
{
- if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) )== NULL)
+ if ( (*ldap_struct = ldap_open(lp_ldap_server(),lp_ldap_port()) ) == NULL)
{
DEBUG(0,("%s: The LDAP server is not responding !\n",timestring()));
return(False);
@@ -47,7 +50,7 @@ static BOOL ldap_open_connection(LDAP **ldap_struct)
******************************************************************/
static BOOL ldap_connect_anonymous(LDAP *ldap_struct)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
+ if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
{
DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
return(False);
@@ -61,12 +64,12 @@ static BOOL ldap_connect_anonymous(LDAP *ldap_struct)
******************************************************************/
static BOOL ldap_connect_system(LDAP *ldap_struct)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
+ if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
{
DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
return(False);
}
- DEBUG(2,("ldap_connect_system: succesfull connection to the LDAP server\n"));
+ DEBUG(2,("ldap_connect_system: succesful connection to the LDAP server\n"));
return (True);
}
@@ -75,12 +78,12 @@ static BOOL ldap_connect_system(LDAP *ldap_struct)
******************************************************************/
static BOOL ldap_connect_user(LDAP *ldap_struct, char *user, char *password)
{
- if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) != LDAP_SUCCESS)
+ if ( ldap_simple_bind_s(ldap_struct,lp_ldap_root(),lp_ldap_rootpasswd()) ! = LDAP_SUCCESS)
{
DEBUG(0,("%s: Couldn't bind to the LDAP server !\n", timestring() ));
return(False);
}
- DEBUG(2,("ldap_connect_user: succesfull connection to the LDAP server\n"));
+ DEBUG(2,("ldap_connect_user: succesful connection to the LDAP server\n"));
return (True);
}
@@ -94,9 +97,9 @@ static BOOL ldap_search_one_user(LDAP *ldap_struct, char *filter, LDAPMessage **
DEBUG(2,("ldap_search_one_user: searching for:[%s]\n", filter));
- rc=ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, result);
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, result);
- if (rc != LDAP_SUCCESS )
+ if (rc ! = LDAP_SUCCESS )
{
DEBUG(0,("%s: Problem during the LDAP search\n",timestring()));
return(False);
@@ -130,11 +133,8 @@ static BOOL ldap_search_one_user_by_name(LDAP *ldap_struct, char *user, LDAPMess
static BOOL ldap_search_one_user_by_uid(LDAP *ldap_struct, int uid, LDAPMessage **result)
{
pstring filter;
- /*
- in the filter expression, replace %u with the real name
- so in ldap filter, %u MUST exist :-)
- */
- snprintf(filter, sizeof(pstring), "uidAccount=%d", uid);
+
+ snprintf(filter, sizeof(pstring), "uidAccount = %d", uid);
if ( !ldap_search_one_user(ldap_struct, filter, result) )
{
@@ -150,15 +150,15 @@ static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *at
{
char **valeurs;
- if ( (valeurs=ldap_get_values(ldap_struct, entry, attribute)) != NULL)
+ if ( (valeurs = ldap_get_values(ldap_struct, entry, attribute)) ! = NULL)
{
pstrcpy(value, valeurs[0]);
ldap_value_free(valeurs);
- DEBUG(3,("get_single_attribute: [%s]=[%s]\n", attribute, value));
+ DEBUG(3,("get_single_attribute: [%s] = [%s]\n", attribute, value));
}
else
{
- value=NULL;
+ value = NULL;
}
}
@@ -167,17 +167,17 @@ static void get_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, char *at
******************************************************************/
static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
{
- BOOL sambaAccount=False;
+ BOOL sambaAccount = False;
char **valeur;
int i;
DEBUG(2,("ldap_check_user: "));
- valeur=ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur!=NULL)
+ valeur = ldap_get_values(ldap_struct, entry, "objectclass");
+ if (valeur! = NULL)
{
- for (i=0;valeur[i]!=NULL;i++)
+ for (i = 0;valeur[i]! = NULL;i++)
{
- if (!strcmp(valeur[i],"sambaAccount")) sambaAccount=True;
+ if (!strcmp(valeur[i],"sambaAccount")) sambaAccount = True;
}
}
DEBUG(2,("%s\n",sambaAccount?"yes":"no"));
@@ -186,26 +186,26 @@ static BOOL ldap_check_user(LDAP *ldap_struct, LDAPMessage *entry)
}
/*******************************************************************
- check if the returned entry is a sambaMachine objectclass.
+ check if the returned entry is a sambaTrust objectclass.
******************************************************************/
static BOOL ldap_check_trust(LDAP *ldap_struct, LDAPMessage *entry)
{
- BOOL sambaMachine=False;
+ BOOL sambaTrust = False;
char **valeur;
int i;
DEBUG(2,("ldap_check_trust: "));
- valeur=ldap_get_values(ldap_struct, entry, "objectclass");
- if (valeur!=NULL)
+ valeur = ldap_get_values(ldap_struct, entry, "objectclass");
+ if (valeur! = NULL)
{
- for (i=0;valeur[i]!=NULL;i++)
+ for (i = 0;valeur[i]! = NULL;i++)
{
- if (!strcmp(valeur[i],"sambaMachine")) sambaMachine=True;
+ if (!strcmp(valeur[i],"sambaTrust")) sambaTrust = True;
}
}
- DEBUG(2,("%s\n",sambaMachine?"yes":"no"));
+ DEBUG(2,("%s\n",sambaTrust?"yes":"no"));
ldap_value_free(valeur);
- return (sambaMachine);
+ return (sambaTrust);
}
/*******************************************************************
@@ -224,7 +224,10 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
user->smb_passwd = NULL;
user->smb_nt_passwd = NULL;
user->smb_userid = 0;
- user->pass_last_set_time = (time_t)-1;
+ user->pass_last_set_time = (time_t)-1;
+
+ bzero(smblmpwd, sizeof(smblmpwd));
+ bzero(smbntpwd, sizeof(smbntpwd));
get_single_attribute(ldap_struct, entry, "cn", user_name);
DEBUG(2,("ldap_get_smb_passwd: user: %s\n",user_name));
@@ -234,16 +237,17 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
nt_lm_owf_gen(temp, user->smb_nt_passwd, user->smb_passwd);
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#else
- get_single_attribute(ldap_struct, entry, "ntPasswordHash", temp);
- pdb_gethexpwd(temp, user->smb_nt_passwd);
+ get_single_attribute(ldap_struct, entry, "unicodePwd", temp);
+ pdb_gethexpwd(temp, smbntpwd);
+ bzero(temp, sizeof(temp)); /* destroy local copy of the password */
- get_single_attribute(ldap_struct, entry, "lmPasswordHash", temp);
- pdb_gethexpwd(temp, user->smb_passwd);
+ get_single_attribute(ldap_struct, entry, "dBCSPwd", temp);
+ pdb_gethexpwd(temp, smblmpwd);
bzero(temp, sizeof(temp)); /* destroy local copy of the password */
#endif
-
+
get_single_attribute(ldap_struct, entry, "userAccountControl", temp);
- user->acct_ctrl=decode_acct_ctrl(temp);
+ user->acct_ctrl = pdb_decode_acct_ctrl(temp);
get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
user->pass_last_set_time = (time_t)strtol(temp, NULL, 16);
@@ -251,7 +255,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
get_single_attribute(ldap_struct, entry, "rid", temp);
/* the smb (unix) ids are not stored: they are created */
- user->smb_userid = user_rid_to_uid (atoi(temp));
+ user->smb_userid = pdb_user_rid_to_uid (atoi(temp));
if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
{
@@ -343,23 +347,23 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
user->munged_dial = NULL; /* "munged" dial-back telephone number */
get_single_attribute(ldap_struct, entry, "rid", temp);
- user->user_rid=atoi(temp);
+ user->user_rid = atoi(temp);
get_single_attribute(ldap_struct, entry, "primaryGroupID", temp);
- user->group_rid=atoi(temp);
+ user->group_rid = atoi(temp);
/* the smb (unix) ids are not stored: they are created */
user->smb_userid = pw_buf.smb_userid;
- user->smb_grpid = group_rid_to_uid(user->group_rid);
+ user->smb_grpid = group_rid_to_uid(user->group_rid);
user->acct_ctrl = pw_buf.acct_ctrl;
- user->unknown_3 = 0xffffff; /* don't know */
+ user->unknown_3 = 0xffffff; /* don't know */
user->logon_divs = 168; /* hours per week */
- user->hours_len = 21; /* 21 times 8 bits = 168 */
+ user->hours_len = 21; /* 21 times 8 bits = 168 */
memset(user->hours, 0xff, user->hours_len); /* available at all hours */
- user->unknown_5 = 0x00020000; /* don't know */
- user->unknown_5 = 0x000004ec; /* don't know */
+ user->unknown_5 = 0x00020000; /* don't know */
+ user->unknown_5 = 0x000004ec; /* don't know */
if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
{
@@ -374,14 +378,350 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
}
/************************************************************************
- Routine to add an entry to the ldap passwd file.
+ Routine to manage the LDAPMod structure array
+ manage memory used by the array, by each struct, and values
- do not call this function directly. use passdb.c instead.
+************************************************************************/
+static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *value)
+{
+ LDAPMod **mods;
+ int i;
+ int j;
+
+ mods = *modlist;
+
+ if (mods == NULL)
+ {
+ mods = (LDAPMod **)malloc( sizeof(LDAPMod *) );
+ mods[0] = NULL;
+ }
+
+ for ( i = 0; mods[ i ] ! = NULL; ++i )
+ {
+ if ( mods[ i ]->mod_op == modop &&
+ !strcasecmp( mods[ i ]->mod_type, attribute ) )
+ {
+ break;
+ }
+ }
+
+ if (mods[i] == NULL)
+ {
+ mods = (LDAPMod **)realloc( mods, (i+2) * sizeof( LDAPMod * ) );
+ mods[i] = (LDAPMod *)malloc( sizeof( LDAPMod ) );
+ mods[i]->mod_op = modop;
+ mods[i]->mod_values = NULL;
+ mods[i]->mod_type = strdup( attribute );
+ mods[i+1] = NULL;
+ }
+
+ if (value ! = NULL )
+ {
+ j = 0;
+ if ( mods[ i ]->mod_values ! = NULL )
+ {
+ for ( ; mods[ i ]->mod_values[ j ] ! = NULL; j++ );
+ }
+ mods[ i ]->mod_values = (char **)realloc(mods[ i ]->mod_values,
+ (j+2) * sizeof( char * ));
+ mods[ i ]->mod_values[ j ] = strdup(value);
+ mods[ i ]->mod_values[ j + 1 ] = NULL;
+ }
+ *modlist = mods;
+}
+
+/************************************************************************
+ Add or modify an entry. Only the smb struct values
*************************************************************************/
-BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd)
+static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
{
- DEBUG(0,("add_ldap21pwd_entry - currently not supported\n"));
+
+ /* assume the struct is correct and filled
+ that's the job of passdb.c to check */
+ int scope = LDAP_SCOPE_ONELEVEL;
+ int rc;
+ char *smb_name;
+ int trust = False;
+ int ldap_state;
+ pstring filter;
+ pstring dn;
+ pstring lmhash;
+ pstring nthash;
+ pstring rid;
+ pstring lst;
+ pstring temp;
+
+ LDAP *ldap_struct;
+ LDAPMessage *result;
+ LDAPMod **mods;
+
+ smb_name = newpwd->smb_name;
+
+ if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */
+ {
+ return False;
+ }
+
+ if (!ldap_connect_system(ldap_struct)) /* connect as system account */
+ {
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+
+ if (smb_name[strlen(smb_name)-1] == '$' )
+ {
+ smb_name[strlen(smb_name)-1] = '\0';
+ trust = True;
+ }
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))",
+ smb_name);
+
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result);
+
+ switch (flag)
+ {
+ case ADD_USER:
+ {
+ if (ldap_count_entries(ldap_struct, result) ! = 0)
+ {
+ DEBUG(0,("User already in the base, with samba properties\n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+ ldap_state = LDAP_MOD_ADD;
+ break;
+ }
+ case MODIFY_USER:
+ {
+ if (ldap_count_entries(ldap_struct, result) ! = 1)
+ {
+ DEBUG(0,("No user to modify !\n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+ ldap_state = LDAP_MOD_REPLACE;
+ break;
+ }
+ default:
+ {
+ DEBUG(0,("How did you come here? \n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ break;
+ }
+ }
+ slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() );
+
+ if (newpwd->smb_passwd ! = NULL)
+ {
+ int i;
+ for( i = 0; i < 16; i++)
+ {
+ slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_passwd[i]);
+ }
+
+ }
+ else
+ {
+ if (newpwd->acct_ctrl & ACB_PWNOTREQ)
+ {
+ slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ }
+ else
+ {
+ slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ }
+ }
+ slprintf(lmhash, sizeof(lmhash)-1, "%s", temp);
+
+ if (newpwd->smb_nt_passwd ! = NULL)
+ {
+ int i;
+ for( i = 0; i < 16; i++)
+ {
+ slprintf(&temp[2*i], sizeof(temp) - 1, "%02X", newpwd->smb_nt_passwd[i]);
+ }
+
+ }
+ else
+ {
+ if (newpwd->acct_ctrl & ACB_PWNOTREQ)
+ {
+ slprintf(temp, sizeof(temp) - 1, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+ }
+ else
+ {
+ slprintf(temp, sizeof(temp) - 1, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+ }
+ }
+ slprintf(nthash, sizeof(nthash)-1, "%s", temp);
+
+ slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) );
+ slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time);
+
+ mods = NULL;
+
+ if (trust)
+ {
+ make_a_mod(&mods, ldap_state, "objectclass", "sambaTrust");
+ make_a_mod(&mods, ldap_state, "netbiosTrustName", smb_name);
+ make_a_mod(&mods, ldap_state, "trustPassword", nthash);
+ }
+ else
+ {
+ make_a_mod(&mods, ldap_state, "objectclass", "sambaAccount");
+ make_a_mod(&mods, ldap_state, "dBCSPwd", lmhash);
+ make_a_mod(&mods, ldap_state, "uid", smb_name);
+ make_a_mod(&mods, ldap_state, "unicodePwd", nthash);
+ }
+
+ make_a_mod(&mods, ldap_state, "cn", smb_name);
+
+ make_a_mod(&mods, ldap_state, "rid", rid);
+ make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
+ make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl));
+
+ switch(flag)
+ {
+ case ADD_USER:
+ {
+ ldap_add_s(ldap_struct, dn, mods);
+ DEBUG(2,("modadd_ldappwd_entry: added: cn = %s in the LDAP database\n",smb_name));
+ break;
+ }
+ case MODIFY_USER:
+ {
+ ldap_modify_s(ldap_struct, dn, mods);
+ DEBUG(2,("modadd_ldappwd_entry: changed: cn = %s in the LDAP database_n",smb_name));
+ break;
+ }
+ default:
+ {
+ DEBUG(2,("modadd_ldappwd_entry: How did you come here? \n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ break;
+ }
+ }
+
+ ldap_mods_free(mods, 1);
+
+ ldap_unbind(ldap_struct);
+
+ return True;
+}
+
+/************************************************************************
+ Add or modify an entry. everything except the smb struct
+
+*************************************************************************/
+static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag)
+{
+
+ /* assume the struct is correct and filled
+ that's the job of passdb.c to check */
+ int scope = LDAP_SCOPE_ONELEVEL;
+ int rc;
+ char *smb_name;
+ int trust = False;
+ int ldap_state;
+ pstring filter;
+ pstring dn;
+ pstring lmhash;
+ pstring nthash;
+ pstring rid;
+ pstring lst;
+ pstring temp;
+
+ LDAP *ldap_struct;
+ LDAPMessage *result;
+ LDAPMod **mods;
+
+ smb_name = newpwd->smb_name;
+
+ if (!ldap_open_connection(&ldap_struct)) /* open a connection to the server */
+ {
+ return False;
+ }
+
+ if (!ldap_connect_system(ldap_struct)) /* connect as system account */
+ {
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+
+ if (smb_name[strlen(smb_name)-1] == '$' )
+ {
+ smb_name[strlen(smb_name)-1] = '\0';
+ trust = True;
+ }
+
+ slprintf(filter, sizeof(filter)-1,
+ "(&(cn = %s)(|(objectclass = sambaTrust)(objectclass = sambaAccount)))",
+ smb_name);
+
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &result);
+
+ switch (flag)
+ {
+ case ADD_USER:
+ {
+ if (ldap_count_entries(ldap_struct, result) ! = 1)
+ {
+ DEBUG(2,("User already in the base, with samba properties\n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+ ldap_state = LDAP_MOD_ADD;
+ break;
+ }
+
+ case MODIFY_USER:
+ {
+ if (ldap_count_entries(ldap_struct, result) ! = 1)
+ {
+ DEBUG(2,("No user to modify !\n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ }
+ ldap_state = LDAP_MOD_REPLACE;
+ break;
+ }
+
+ default:
+ {
+ DEBUG(2,("How did you come here? \n"));
+ ldap_unbind(ldap_struct);
+ return False;
+ break;
+ }
+ }
+ slprintf(dn, sizeof(dn)-1, "cn = %s, %s",smb_name, lp_ldap_suffix() );
+
+ mods = NULL;
+
+ if (trust)
+ {
+ }
+ else
+ {
+ }
+
+ make_a_mod(&mods, ldap_state, "cn", smb_name);
+
+ make_a_mod(&mods, ldap_state, "rid", rid);
+ make_a_mod(&mods, ldap_state, "pwdLastSet", lst);
+ make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl));
+
+ ldap_modify_s(ldap_struct, dn, mods);
+
+ ldap_mods_free(mods, 1);
+
+ ldap_unbind(ldap_struct);
+
return True;
}
@@ -393,8 +733,7 @@ BOOL add_ldap21pwd_entry(struct smb_passwd *newpwd)
*************************************************************************/
BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
{
- DEBUG(0,("add_ldappwd_entry - currently not supported\n"));
- return True;
+ return (modadd_ldappwd_entry(newpwd, ADD_USER) );
}
/************************************************************************
@@ -408,10 +747,21 @@ BOOL add_ldappwd_entry(struct smb_passwd *newpwd)
do not call this function directly. use passdb.c instead.
************************************************************************/
-BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
+BOOL mod_ldappwd_entry(struct smb_passwd *pwd, BOOL override)
{
- DEBUG(0,("mod_ldappwd_entry - currently not supported\n"));
- return False;
+ return (modadd_ldappwd_entry(pwd, MODIFY_USER) );
+}
+
+/************************************************************************
+ Routine to add an entry to the ldap passwd file.
+
+ do not call this function directly. use passdb.c instead.
+
+*************************************************************************/
+BOOL add_ldap21pwd_entry(struct sam_passwd *newpwd)
+{
+ return( modadd_ldappwd_entry(newpwd, ADD_USER)?
+ modadd_ldap21pwd_entry(newpwd, ADD_USER):False);
}
/************************************************************************
@@ -425,20 +775,12 @@ BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override)
do not call this function directly. use passdb.c instead.
************************************************************************/
-BOOL mod_ldap21pwd_entry(struct smb_passwd* pwd, BOOL override)
+BOOL mod_ldap21pwd_entry(struct sam_passwd *pwd, BOOL override)
{
- DEBUG(0,("mod_ldap21pwd_entry - currently not supported\n"));
- return False;
+ return( modadd_ldappwd_entry(pwd, MODIFY_USER)?
+ modadd_ldap21pwd_entry(pwd, MODIFY_USER):False);
}
-/***************************************************************
- Start to enumerate the ldap passwd list. Returns a void pointer
- to ensure no modification outside this module.
-
- do not call this function directly. use passdb.c instead.
-
- ****************************************************************/
-
struct ldap_enum_info
{
LDAP *ldap_struct;
@@ -448,6 +790,13 @@ struct ldap_enum_info
static struct ldap_enum_info ldap_ent;
+/***************************************************************
+ Start to enumerate the ldap passwd list. Returns a void pointer
+ to ensure no modification outside this module.
+
+ do not call this function directly. use passdb.c instead.
+
+ ****************************************************************/
void *startldappwent(BOOL update)
{
int scope = LDAP_SCOPE_ONELEVEL;
@@ -456,32 +805,36 @@ void *startldappwent(BOOL update)
pstring filter;
if (!ldap_open_connection(&ldap_ent.ldap_struct)) /* open a connection to the server */
+ {
return NULL;
+ }
if (!ldap_connect_system(ldap_ent.ldap_struct)) /* connect as system account */
+ {
return NULL;
+ }
/* when the class is known the search is much faster */
switch (0)
{
case 1:
{
- pstrcpy(filter, "objectclass=sambaAccount");
+ pstrcpy(filter, "objectclass = sambaAccount");
break;
}
case 2:
{
- pstrcpy(filter, "objectclass=sambaMachine");
+ pstrcpy(filter, "objectclass = sambaTrust");
break;
}
default:
{
- pstrcpy(filter, "(|(objectclass=sambaMachine)(objectclass=sambaAccount))");
+ pstrcpy(filter, "(|(objectclass = sambaTrust)(objectclass = sambaAccount))");
break;
}
}
- rc=ldap_search_s(ldap_ent.ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &ldap_ent.result);
+ rc = ldap_search_s(ldap_ent.ldap_struct, lp_ldap_suffix(), scope, filter, NULL, 0, &ldap_ent.result);
DEBUG(2,("%d entries in the base!\n", ldap_count_entries(ldap_ent.ldap_struct, ldap_ent.result) ));
@@ -503,7 +856,7 @@ struct smb_passwd *getldappwent(void *vp)
ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry);
- if (ldap_vp->entry != NULL)
+ if (ldap_vp->entry ! = NULL)
{
ldap_get_smb_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user);
return &user;
@@ -524,7 +877,7 @@ struct sam_passwd *getldap21pwent(void *vp)
ldap_vp->entry = ldap_next_entry(ldap_vp->ldap_struct, ldap_vp->entry);
- if (ldap_vp->entry != NULL)
+ if (ldap_vp->entry ! = NULL)
{
ldap_get_sam_passwd(ldap_vp->ldap_struct, ldap_vp->entry, &user);
return &user;