summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smbldap.h8
-rw-r--r--source3/lib/smbldap.c102
-rw-r--r--source3/libads/ldap.c119
-rw-r--r--source3/passdb/pdb_ldap.c104
4 files changed, 165 insertions, 168 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 7135c0be79..8710e77f3d 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -2,20 +2,20 @@
Unix SMB/CIFS mplementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Gerald Carter 2001-2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+
*/
#ifndef _SMBLDAP_H
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index b3b5fa7582..4833b96c5f 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -6,20 +6,20 @@
Copyright (C) Shahms King 2001
Copyright (C) Andrew Bartlett 2002-2003
Copyright (C) Stefan (metze) Metzmacher 2002-2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+
*/
#include "includes.h"
@@ -217,13 +217,13 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key )
{
int i = 0;
-
+
while ( table[i].attrib != LDAP_ATTR_LIST_END ) {
if ( table[i].attrib == key )
return table[i].name;
i++;
}
-
+
return NULL;
}
@@ -236,7 +236,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
{
const char **names;
int i = 0;
-
+
while ( table[i].attrib != LDAP_ATTR_LIST_END )
i++;
i++;
@@ -253,7 +253,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
i++;
}
names[i] = NULL;
-
+
return names;
}
@@ -266,25 +266,25 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
int max_len)
{
char **values;
-
+
if ( !attribute )
return False;
-
+
value[0] = '\0';
if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
DEBUG (10, ("smbldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute));
-
+
return False;
}
-
+
if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len, False) == (size_t)-1) {
DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n",
attribute, values[0]));
ldap_value_free(values);
return False;
}
-
+
ldap_value_free(values);
#ifdef DEBUG_PASSWORDS
DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", attribute, value));
@@ -533,7 +533,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
for (; mods[i]->mod_values[j] != NULL; j++);
}
mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2);
-
+
if (mods[i]->mod_values == NULL) {
smb_panic("smbldap_set_mod: out of memory!");
/* notreached. */
@@ -543,8 +543,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
smb_panic("smbldap_set_mod: String conversion failure!");
/* notreached. */
}
-
-
+
mods[i]->mod_values[j] = SMB_STRDUP(utf8_value);
TALLOC_FREE(utf8_value);
SMB_ASSERT(mods[i]->mod_values[j] != NULL);
@@ -580,9 +579,9 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
}
/* all of our string attributes are case insensitive */
-
+
if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) {
-
+
/* Believe it or not, but LDAP will deny a delete and
an add at the same time if the values are the
same... */
@@ -601,7 +600,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
/* This will also allow modifying single valued attributes
* in Novell NDS. In NDS you have to first remove attribute and then
* you could add new value */
-
+
DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval));
smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
}
@@ -659,7 +658,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
{
struct smbldap_state *tmp_ldap_state;
struct smbldap_state_lookup *t;
-
+
if ((tmp_ldap_state = smbldap_find_state(ld))) {
SMB_ASSERT(tmp_ldap_state == smbldap_state);
return;
@@ -667,7 +666,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
t = SMB_XMALLOC_P(struct smbldap_state_lookup);
ZERO_STRUCTP(t);
-
+
DLIST_ADD_END(smbldap_state_lookup_list, t, struct smbldap_state_lookup *);
t->ld = ld;
t->smbldap_state = smbldap_state;
@@ -682,11 +681,11 @@ int smb_ldap_start_tls(LDAP *ldap_struct, int version)
#ifdef LDAP_OPT_X_TLS
int rc;
#endif
-
+
if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
return LDAP_SUCCESS;
}
-
+
#ifdef LDAP_OPT_X_TLS
if (version != LDAP_VERSION3) {
DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
@@ -716,9 +715,9 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
int rc;
DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri));
-
+
#ifdef HAVE_LDAP_INITIALIZE
-
+
rc = ldap_initialize(ldap_struct, uri);
if (rc) {
DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
@@ -740,9 +739,9 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
if ( strnequal( uri, "URL:", 4 ) ) {
uri += 4;
}
-
+
sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port);
-
+
if (port == 0) {
if (strequal(protocol, "ldap")) {
port = LDAP_PORT;
@@ -752,12 +751,12 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
}
}
-
+
if ((*ldap_struct = ldap_init(host, port)) == NULL) {
DEBUG(0, ("ldap_init failed !\n"));
return LDAP_OPERATIONS_ERROR;
}
-
+
if (strequal(protocol, "ldaps")) {
#ifdef LDAP_OPT_X_TLS
int tls = LDAP_OPT_X_TLS_HARD;
@@ -765,7 +764,7 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
{
DEBUG(0, ("Failed to setup a TLS session\n"));
}
-
+
DEBUG(3,("LDAPS option set...!\n"));
#else
DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
@@ -811,7 +810,7 @@ int smb_ldap_upgrade_conn(LDAP *ldap_struct, int *new_version)
{
int version;
int rc;
-
+
/* assume the worst */
*new_version = LDAP_VERSION2;
@@ -831,7 +830,7 @@ int smb_ldap_upgrade_conn(LDAP *ldap_struct, int *new_version)
if (rc) {
return rc;
}
-
+
*new_version = LDAP_VERSION3;
return LDAP_SUCCESS;
}
@@ -894,7 +893,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state)
if (rc) {
return rc;
}
-
+
DEBUG(2, ("smbldap_open_connection: connection opened\n"));
return rc;
}
@@ -909,11 +908,11 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
int *methodp, int freeit, void *arg)
{
struct smbldap_state *ldap_state = arg;
-
+
/** @TODO Should we be doing something to check what servers we rebind to?
Could we get a referral to a machine that we don't want to give our
username and password to? */
-
+
if (freeit) {
SAFE_FREE(*whop);
if (*credp) {
@@ -942,7 +941,7 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
}
GetTimeOfDay(&ldap_state->last_rebind);
-
+
return 0;
}
#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
@@ -1017,7 +1016,6 @@ static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
return rebindproc_with_state(ldap_struct, whop, credp,
method, freeit, ldap_state);
-
}
# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
@@ -1058,7 +1056,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
(OpenLDAP) doesnt' seem to support it */
-
+
DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
ldap_state->uri, ldap_state->bind_dn));
@@ -1194,17 +1192,17 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state)
{
if (!ldap_state)
return NT_STATUS_INVALID_PARAMETER;
-
+
if (ldap_state->ldap_struct != NULL) {
ldap_unbind(ldap_state->ldap_struct);
ldap_state->ldap_struct = NULL;
}
smbldap_delete_state(ldap_state);
-
+
DEBUG(5,("The connection to the LDAP server was closed\n"));
/* maybe free the results here --metze */
-
+
return NT_STATUS_OK;
}
@@ -1298,7 +1296,7 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state,
size_t converted_size;
SMB_ASSERT(ldap_state);
-
+
DEBUG(5,("smbldap_search_ext: base => [%s], filter => [%s], "
"scope => [%d]\n", base, filter, scope));
@@ -1525,7 +1523,7 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at
}
}
}
-
+
TALLOC_FREE(utf8_dn);
return rc;
}
@@ -1537,7 +1535,7 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs
char *utf8_dn;
time_t endtime = time(NULL)+lp_ldap_timeout();
size_t converted_size;
-
+
SMB_ASSERT(ldap_state);
DEBUG(5,("smbldap_add: dn => [%s]\n", dn ));
@@ -1569,7 +1567,7 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs
}
}
}
-
+
TALLOC_FREE(utf8_dn);
return rc;
}
@@ -1581,7 +1579,7 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn)
char *utf8_dn;
time_t endtime = time(NULL)+lp_ldap_timeout();
size_t converted_size;
-
+
SMB_ASSERT(ldap_state);
DEBUG(5,("smbldap_delete: dn => [%s]\n", dn ));
@@ -1613,7 +1611,7 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn)
}
}
}
-
+
TALLOC_FREE(utf8_dn);
return rc;
}
@@ -1626,7 +1624,7 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state,
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
time_t endtime = time(NULL)+lp_ldap_timeout();
-
+
if (!ldap_state)
return (-1);
@@ -1655,7 +1653,7 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state,
}
}
}
-
+
return rc;
}
@@ -1683,7 +1681,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx,
DEBUG(10,("ldap connection not connected...\n"));
return;
}
-
+
if ((state->last_use+SMBLDAP_IDLE_TIME) > now.tv_sec) {
DEBUG(10,("ldap connection not idle...\n"));
@@ -1694,7 +1692,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx,
private_data);
return;
}
-
+
DEBUG(7,("ldap connection idle...closing connection\n"));
smbldap_close(state);
}
@@ -1706,7 +1704,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx,
void smbldap_free_struct(struct smbldap_state **ldap_state)
{
smbldap_close(*ldap_state);
-
+
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3e5764a598..102fc83d0f 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -6,17 +6,17 @@
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
Copyright (C) Guenther Deschner 2005
Copyright (C) Gerald Carter 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -198,7 +198,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
if (!server || !*server) {
return False;
}
-
+
DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
server, ads->server.realm));
@@ -209,7 +209,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
}
/* this copes with inet_ntoa brokenness */
-
+
srv = SMB_STRDUP(server);
ZERO_STRUCT( cldap_reply );
@@ -411,7 +411,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
SAFE_FREE(sitename);
return NT_STATUS_OK;
}
-
+
/* keep track of failures */
add_failed_connection_entry( realm, server, NT_STATUS_UNSUCCESSFUL );
}
@@ -652,7 +652,7 @@ got_connection:
#endif
/* If the caller() requested no LDAP bind, then we are done */
-
+
if (ads->auth.flags & ADS_AUTH_NO_BIND) {
status = ADS_SUCCESS;
goto out;
@@ -663,7 +663,7 @@ got_connection:
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto out;
}
-
+
/* Otherwise setup the TCP LDAP session */
ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
@@ -690,14 +690,14 @@ got_connection:
}
/* fill in the current time and offsets */
-
+
status = ads_current_time( ads );
if ( !ADS_ERR_OK(status) ) {
goto out;
}
/* Now do the bind */
-
+
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL));
goto out;
@@ -781,7 +781,7 @@ static struct berval **ads_dup_values(TALLOC_CTX *ctx,
{
struct berval **values;
int i;
-
+
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
@@ -826,7 +826,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals)
char **values;
int i;
size_t converted_size;
-
+
if (!in_vals) return NULL;
for (i=0; in_vals[i]; i++)
; /* count values */
@@ -901,7 +901,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads,
goto done;
}
}
-
+
/* Paged results only available on ldap v3 or later */
ldap_get_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (version < LDAP_VERSION3) {
@@ -976,7 +976,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads,
handle them and paged results at the same time. Using them
together results in the result record containing the server
page control being removed from the result list (tridge/jmcd)
-
+
leaving this in despite the control that says don't generate
referrals, in case the server doesn't support it (jmcd)
*/
@@ -1031,7 +1031,7 @@ done:
if (ext_bv) {
ber_bvfree(ext_bv);
}
-
+
/* if/when we decide to utf8-encode attrs, take out this next line */
TALLOC_FREE(search_attrs);
@@ -1159,7 +1159,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
&res, &count, &cookie);
if (!ADS_ERR_OK(status)) break;
-
+
ads_process_results(ads, res, fn, data_area);
ads_msgfree(ads, res);
}
@@ -1347,7 +1347,7 @@ char *ads_parent_dn(const char *dn)
DEBUG(1, ("asprintf failed!\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
+
status = ads_search(ads, res, expr, attrs);
SAFE_FREE(expr);
return status;
@@ -1362,12 +1362,12 @@ ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx)
{
#define ADS_MODLIST_ALLOC_SIZE 10
LDAPMod **mods;
-
+
if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
/* -1 is safety to make sure we don't go over the end.
need to reset it to NULL before doing ldap modify */
mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
-
+
return (ADS_MODLIST)mods;
}
@@ -1408,7 +1408,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
modlist[curmod+ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
*mods = (ADS_MODLIST)modlist;
}
-
+
if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod)))
return ADS_ERROR(LDAP_NO_MEMORY);
modlist[curmod]->mod_type = talloc_strdup(ctx, name);
@@ -1541,7 +1541,7 @@ ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods)
DEBUG(1, ("ads_gen_add: push_utf8_talloc failed!"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
+
/* find the end of the list, marked by NULL or -1 */
for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++);
/* make sure the end of the list is NULL */
@@ -1567,7 +1567,7 @@ ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn)
DEBUG(1, ("ads_del_dn: push_utf8_talloc failed!"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
+
ret = ldap_delete_s(ads->ldap.ld, utf8_dn);
TALLOC_FREE(utf8_dn);
return ADS_ERROR(ret);
@@ -1593,7 +1593,7 @@ char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit)
/* samba4 might not yet respond to a wellknownobject-query */
return ret ? ret : SMB_STRDUP("cn=Computers");
}
-
+
if (strequal(org_unit, "Computers")) {
return SMB_STRDUP("cn=Computers");
}
@@ -1668,7 +1668,7 @@ char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid)
for (i=1; i < new_ln; i++) {
char *s = NULL;
-
+
if (asprintf(&s, "%s,%s", ret, wkn_dn_exp[i]) == -1) {
SAFE_FREE(ret);
goto out;
@@ -1895,7 +1895,7 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
}
/* add short name spn */
-
+
if ( (psp1 = talloc_asprintf(ctx, "%s/%s", spn, machine_name)) == NULL ) {
talloc_destroy(ctx);
ads_msgfree(ads, res);
@@ -1904,13 +1904,13 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
strupper_m(psp1);
strlower_m(&psp1[strlen(spn)]);
servicePrincipalName[0] = psp1;
-
+
DEBUG(5,("ads_add_service_principal_name: INFO: Adding %s to host %s\n",
psp1, machine_name));
/* add fully qualified spn */
-
+
if ( (psp2 = talloc_asprintf(ctx, "%s/%s", spn, my_fqdn)) == NULL ) {
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
@@ -1926,18 +1926,18 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
}
-
+
ret = ads_add_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
goto out;
}
-
+
if ( (dn_string = ads_get_dn(ads, ctx, res)) == NULL ) {
ret = ADS_ERROR(LDAP_NO_MEMORY);
goto out;
}
-
+
ret = ads_gen_mod(ads, dn_string, mods);
if (!ADS_ERR_OK(ret)) {
DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
@@ -1974,7 +1974,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
uint32 acct_control = ( UF_WORKSTATION_TRUST_ACCOUNT |\
UF_DONT_EXPIRE_PASSWD |\
UF_ACCOUNTDISABLE );
-
+
if (!(ctx = talloc_init("ads_add_machine_acct")))
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -1991,7 +1991,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
if ( !new_dn || !samAccountName ) {
goto done;
}
-
+
#ifndef ENCTYPE_ARCFOUR_HMAC
acct_control |= UF_USE_DES_KEY_ONLY;
#endif
@@ -2003,7 +2003,7 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
if (!(mods = ads_init_mods(ctx))) {
goto done;
}
-
+
ads_mod_str(ctx, &mods, "cn", machine_name);
ads_mod_str(ctx, &mods, "sAMAccountName", samAccountName);
ads_mod_strlist(ctx, &mods, "objectClass", objectClass);
@@ -2015,7 +2015,7 @@ done:
SAFE_FREE(machine_escaped);
ads_msgfree(ads, res);
talloc_destroy(ctx);
-
+
return ret;
}
@@ -2254,7 +2254,7 @@ static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *da
msg = ads_next_entry(ads, msg)) {
char *utf8_field;
BerElement *b;
-
+
for (utf8_field=ldap_first_attribute(ads->ldap.ld,
(LDAPMessage *)msg,&b);
utf8_field;
@@ -2373,7 +2373,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
values = ldap_get_values(ads->ldap.ld, msg, field);
if (!values)
return NULL;
-
+
if (values[0] && pull_utf8_talloc(mem_ctx, &ux_string, values[0],
&converted_size))
{
@@ -2455,7 +2455,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
size_t num_new_strings;
unsigned long int range_start;
unsigned long int range_end;
-
+
/* we might have been given the whole lot anyway */
if ((strings = ads_pull_strings(ads, mem_ctx, msg, field, num_strings))) {
*more_strings = False;
@@ -2481,7 +2481,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
*more_strings = False;
return NULL;
}
-
+
if (sscanf(&range_attr[strlen(expected_range_attrib)], "%lu-%lu",
&range_start, &range_end) == 2) {
*more_strings = True;
@@ -2508,7 +2508,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
}
new_strings = ads_pull_strings(ads, mem_ctx, msg, range_attr, &num_new_strings);
-
+
if (*more_strings && ((*num_strings + num_new_strings) != (range_end + 1))) {
DEBUG(1, ("ads_pull_strings_range: Range attribute (%s) tells us we have %lu "
"strings in this bunch, but we only got %lu - aborting range retreival\n",
@@ -2521,13 +2521,13 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *,
*num_strings + num_new_strings);
-
+
if (strings == NULL) {
ldap_memfree(range_attr);
*more_strings = False;
return NULL;
}
-
+
if (new_strings && num_new_strings) {
memcpy(&strings[*num_strings], new_strings,
sizeof(*new_strings) * num_new_strings);
@@ -2540,7 +2540,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
"%s;range=%d-*",
field,
(int)*num_strings);
-
+
if (!*next_attribute) {
DEBUG(1, ("talloc_asprintf for next attribute failed!\n"));
ldap_memfree(range_attr);
@@ -2595,7 +2595,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
values = ldap_get_values(ads->ldap.ld, msg, "objectGUID");
if (!values)
return False;
-
+
if (values[0]) {
memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT));
smb_uuid_unpack(flat_guid, guid);
@@ -2665,7 +2665,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
count++;
}
}
-
+
ldap_value_free_len(values);
return count;
}
@@ -2700,7 +2700,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
ret = false;
}
}
-
+
ldap_value_free_len(values);
return ret;
}
@@ -2829,7 +2829,7 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads)
}
/* but save the time and offset in the original ADS_STRUCT */
-
+
ads->config.current_time = ads_parse_time(timestr);
if (ads->config.current_time != 0) {
@@ -2860,7 +2860,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val)
ADS_STATUS status;
LDAPMessage *res;
ADS_STRUCT *ads_s = ads;
-
+
*val = DS_DOMAIN_FUNCTION_2000;
/* establish a new ldap tcp session if necessary */
@@ -2880,7 +2880,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val)
/* If the attribute does not exist assume it is a Windows 2000
functional domain */
-
+
status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
if (!ADS_ERR_OK(status)) {
if ( status.err.rc == LDAP_NO_SUCH_ATTRIBUTE ) {
@@ -2894,7 +2894,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val)
}
DEBUG(3,("ads_domain_func_level: %d\n", *val));
-
+
ads_msgfree(ads, res);
done:
@@ -2926,7 +2926,7 @@ ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, DOM_SID *sid)
return ADS_ERROR_SYSTEM(ENOENT);
}
ads_msgfree(ads, res);
-
+
return ADS_SUCCESS;
}
@@ -3301,26 +3301,26 @@ char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine
ADS_STATUS status;
int count = 0;
char *name = NULL;
-
+
status = ads_find_machine_acct(ads, &res, global_myname());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
global_myname()));
goto out;
}
-
+
if ( (count = ads_count_replies(ads, res)) != 1 ) {
DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count));
goto out;
}
-
+
if ( (name = ads_pull_string(ads, ctx, res, "dNSHostName")) == NULL ) {
DEBUG(0,("ads_get_dnshostname: No dNSHostName attribute!\n"));
}
out:
ads_msgfree(ads, res);
-
+
return name;
}
@@ -3365,26 +3365,26 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach
ADS_STATUS status;
int count = 0;
char *name = NULL;
-
+
status = ads_find_machine_acct(ads, &res, global_myname());
if (!ADS_ERR_OK(status)) {
DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
global_myname()));
goto out;
}
-
+
if ( (count = ads_count_replies(ads, res)) != 1 ) {
DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count));
goto out;
}
-
+
if ( (name = ads_pull_string(ads, ctx, res, "sAMAccountName")) == NULL ) {
DEBUG(0,("ads_get_dnshostname: No sAMAccountName attribute!\n"));
}
out:
ads_msgfree(ads, res);
-
+
return name;
}
@@ -3700,7 +3700,7 @@ ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
status = ads_do_search_all(ads, ads->config.bind_path,
LDAP_SCOPE_SUBTREE,
filter, attrs, &res);
-
+
if (!ADS_ERR_OK(status)) {
goto out;
}
@@ -3828,7 +3828,6 @@ const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
done:
ads_msgfree(ads, res);
return result;
-
}
/**
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index c853258a34..0bebcc7c2c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -7,20 +7,20 @@
Copyright (C) Andrew Bartlett 2002-2003
Copyright (C) Stefan (metze) Metzmacher 2002-2003
Copyright (C) Simo Sorce 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-
+
*/
/* TODO:
@@ -98,10 +98,10 @@ static const char* get_userattr_key2string( int schema_ver, int key )
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_key2string( attrib_map_v22, key );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_key2string( attrib_map_v30, key );
-
+
default:
DEBUG(0,("get_userattr_key2string: unknown schema version specified\n"));
break;
@@ -118,14 +118,14 @@ const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver )
switch ( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx, attrib_map_v30 );
default:
DEBUG(0,("get_userattr_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
@@ -140,7 +140,7 @@ static const char** get_userattr_delete_list( TALLOC_CTX *mem_ctx,
case SCHEMAVER_SAMBAACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v22 );
-
+
case SCHEMAVER_SAMBASAMACCOUNT:
return get_attr_list( mem_ctx,
attrib_map_to_delete_v30 );
@@ -148,7 +148,7 @@ static const char** get_userattr_delete_list( TALLOC_CTX *mem_ctx,
DEBUG(0,("get_userattr_delete_list: unknown schema version specified!\n"));
break;
}
-
+
return NULL;
}
@@ -162,7 +162,7 @@ static const char* get_objclass_filter( int schema_ver )
{
fstring objclass_filter;
char *result;
-
+
switch( schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );
@@ -175,7 +175,7 @@ static const char* get_objclass_filter( int schema_ver )
objclass_filter[0] = '\0';
break;
}
-
+
result = talloc_strdup(talloc_tos(), objclass_filter);
SMB_ASSERT(result != NULL);
return result;
@@ -448,7 +448,7 @@ static int ldapsam_delete_entry(struct ldapsam_privates *priv,
}
/* Ok, delete only the SAM attributes */
-
+
for (name = ldap_first_attribute(priv2ld(priv), entry, &ptr);
name != NULL;
name = ldap_next_attribute(priv2ld(priv), entry, ptr)) {
@@ -1501,7 +1501,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, struct samu
int count;
const char ** attr_list;
int rc;
-
+
attr_list = get_userattr_list( user, ldap_state->schema_ver );
append_attr(user, &attr_list,
get_userattr_key2string(ldap_state->schema_ver,
@@ -1513,9 +1513,9 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, struct samu
if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
-
+
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count));
ldap_msgfree(result);
@@ -1572,12 +1572,12 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
return rc;
break;
}
-
+
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
-
+
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list );
@@ -1608,7 +1608,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu
return NT_STATUS_NO_SUCH_USER;
count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
-
+
if (count < 1) {
DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] "
"count=%d\n", sid_string_dbg(sid), count));
@@ -1652,11 +1652,11 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
-
+
if (!newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (!mods) {
DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));
/* may be password change below however */
@@ -1684,12 +1684,12 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
ldap_op));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (rc!=LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
}
-
+
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
@@ -1749,7 +1749,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
TALLOC_FREE(utf8_password);
return NT_STATUS_UNSUCCESSFUL;
}
-
+
TALLOC_FREE(utf8_dn);
TALLOC_FREE(utf8_password);
ber_free(ber, 1);
@@ -1846,7 +1846,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods,
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
rc = ldapsam_delete_entry(
priv, mem_ctx, entry,
priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ?
@@ -1932,7 +1932,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
TALLOC_FREE(dn);
return NT_STATUS_OK;
}
-
+
ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);
if (mods != NULL) {
@@ -2670,7 +2670,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
ret = NT_STATUS_NO_MEMORY;
goto done;
}
-
+
filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
if (filter == NULL) {
SAFE_FREE(escape_memberuid);
@@ -2775,7 +2775,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
}
ret = NT_STATUS_OK;
-
+
done:
if (values)
@@ -3268,7 +3268,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
rc = ldapsam_delete_entry(priv, mem_ctx, entry, LDAP_OBJ_GROUPMAP,
get_attr_list(mem_ctx,
groupmap_attr_list_to_delete));
-
+
if ((rc == LDAP_NAMING_VIOLATION) ||
(rc == LDAP_NOT_ALLOWED_ON_RDN) ||
(rc == LDAP_OBJECT_CLASS_VIOLATION)) {
@@ -3376,11 +3376,11 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
while (!bret) {
if (!ldap_state->entry)
return ret;
-
+
ldap_state->index++;
bret = init_group_from_ldap(ldap_state, map,
ldap_state->entry);
-
+
ldap_state->entry =
ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
@@ -3874,7 +3874,7 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
}
*value = (uint32)atol(vals[0]);
-
+
ntstatus = NT_STATUS_OK;
out:
@@ -3889,7 +3889,7 @@ out:
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
-
+
- if there is a valid cache entry, return that
- if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
@@ -3928,16 +3928,16 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
if (!account_policy_get_default(policy_index, value)) {
return ntstatus;
}
-
+
/* update_ldap: */
-
+
ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ntstatus;
}
-
+
update_cache:
-
+
if (!cache_account_policy_set(policy_index, *value)) {
DEBUG(0,("ldapsam_get_account_policy: failed to update local "
"tdb as a cache\n"));
@@ -4467,7 +4467,7 @@ static bool ldapuser2displayentry(struct ldap_search_state *state,
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
@@ -4623,7 +4623,7 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
DEBUG(0, ("talloc failed\n"));
return False;
}
-
+
vals = ldap_get_values(ld, entry, "sambaSid");
if ((vals == NULL) || (vals[0] == NULL)) {
DEBUG(0, ("\"objectSid\" not found\n"));
@@ -4652,7 +4652,7 @@ static bool ldapgroup2displayentry(struct ldap_search_state *state,
return False;
}
break;
-
+
default:
DEBUG(0,("unkown group type: %d\n", group_type));
return False;
@@ -4980,7 +4980,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
uid_t uid = -1;
NTSTATUS ret;
int rc;
-
+
if (((acb_info & ACB_NORMAL) && name[strlen(name)-1] == '$') ||
acb_info & ACB_WSTRUST ||
acb_info & ACB_SVRTRUST ||
@@ -5006,7 +5006,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
DEBUG (0, ("ldapsam_create_user: More than one user with name [%s] ?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix account.
@@ -5035,7 +5035,7 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
if (num_result == 0) {
add_posix = True;
}
-
+
/* Create the basic samu structure and generate the mods for the ldap commit */
if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {
DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n"));
@@ -5181,7 +5181,7 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX *
int rc;
DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct)));
-
+
filter = talloc_asprintf(tmp_ctx,
"(&(uid=%s)"
"(objectClass=%s)"
@@ -5263,7 +5263,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DOM_SID group_sid;
gid_t gid = -1;
int rc;
-
+
groupname = escape_ldap_string_alloc(name);
filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
groupname, LDAP_OBJ_POSIXGROUP);
@@ -5282,7 +5282,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG (0, ("ldapsam_create_group: There exists more than one group with name [%s]: bailing out!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (num_result == 1) {
char *tmp;
/* check if it is just a posix group.
@@ -5306,7 +5306,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG (1, ("ldapsam_create_group: Couldn't retrieve the gidNumber for [%s]?!?!\n", name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
gid = strtoul(tmp, NULL, 10);
dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry);
@@ -5322,7 +5322,7 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
DEBUG(3,("ldapsam_create_user: Creating new posix group\n"));
is_new_entry = True;
-
+
/* lets allocate a new groupid for this group */
if (!winbind_allocate_gid(&gid)) {
DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n"));
@@ -5519,7 +5519,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
default:
return NT_STATUS_UNSUCCESSFUL;
}
-
+
/* get member sid */
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
@@ -5566,7 +5566,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
/* check if we are trying to remove the member from his primary group */
char *gidstr;
gid_t user_gid, group_gid;
-
+
gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx);
if (!gidstr) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n"));
@@ -5574,7 +5574,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
}
user_gid = strtoul(gidstr, NULL, 10);
-
+
if (!sid_to_gid(&group_sid, &group_gid)) {
DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -5649,7 +5649,7 @@ static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods,
}
return NT_STATUS_UNSUCCESSFUL;
}
-
+
return NT_STATUS_OK;
}