From f24d88cf9da46680d52b42b92bd484e7b09ce99b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 13:46:45 +0000 Subject: r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1) --- source3/lib/smbldap_util.c | 203 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 source3/lib/smbldap_util.c (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c new file mode 100644 index 0000000000..46ea5b7bfc --- /dev/null +++ b/source3/lib/smbldap_util.c @@ -0,0 +1,203 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Jean François Micouleau 1998 + Copyright (C) Gerald Carter 2001-2003 + Copyright (C) Shahms King 2001 + Copyright (C) Andrew Bartlett 2002-2003 + Copyright (C) Stefan (metze) Metzmacher 2002-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "smbldap.h" + +/********************************************************************** + Add the sambaDomain to LDAP, so we don't have to search for this stuff + again. This is a once-add operation for now. + + TODO: Add other attributes, and allow modification. +*********************************************************************/ +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) +{ + fstring sid_string; + fstring algorithmic_rid_base_string; + pstring filter, dn; + LDAPMod **mods = NULL; + int rc; + int ldap_op; + LDAPMessage *result = NULL; + int num_result; + const char **attr_list; + uid_t u_low, u_high; + gid_t g_low, g_high; + uint32 rid_low, rid_high; + + slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, LDAP_OBJ_DOMINFO); + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Check if we need to add an entry */ + DEBUG(3,("Adding new domain\n")); + ldap_op = LDAP_MOD_ADD; + + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + /* Free original search */ + ldap_msgfree(result); + + /* make the changes - the entry *must* not already have samba attributes */ + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. + It may choose to make it up */ + + sid_to_string(sid_string, get_global_sam_sid()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); + + slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + algorithmic_rid_base_string); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. + TODO: fix all the places where the line between idmap and normal operations + needed by smbd gets fuzzy --jerry 2003-08-11 */ + + if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) + && get_free_rid_range(&rid_low, &rid_high) ) + { + fstring rid_str; + + fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), + rid_str); + + fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); + DEBUG(10,("setting next available group rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + rid_str); + + } + + + switch(ldap_op) + { + case LDAP_MOD_ADD: + rc = smbldap_add(ldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state, dn, mods); + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); + return NT_STATUS_INVALID_PARAMETER; + } + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", + ldap_op == LDAP_MOD_ADD ? "add" : "modify", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + ldap_mods_free(mods, True); + return NT_STATUS_OK; +} + +/********************************************************************** +Search for the domain info entry +*********************************************************************/ +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + BOOL try_add) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + pstring filter; + int rc; + const char **attr_list; + int count; + + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_DOMINFO, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + DEBUG(2, ("Searching for:[%s]\n", filter)); + + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); + ldap_msgfree(*result); + *result = NULL; + if ( try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) ) { + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + } + else { + DEBUG(0, ("Adding domain info for %s failed with %s\n", + domain_name, nt_errstr(ret))); + return ret; + } + } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + count, domain_name)); + ldap_msgfree(*result); + *result = NULL; + return ret; + } else { + return NT_STATUS_OK; + } + + return ret; +} + -- cgit From d303b0203b4b8a2e4146851c6ee03d1ee4c6a392 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 7 Jul 2005 13:42:09 +0000 Subject: r8205: try to improve readability of smbldap_search_domain_info() Guenther (This used to be commit ca9acd149a36ca36a9a4e2a35b97cae610b3b5ed) --- source3/lib/smbldap_util.c | 51 ++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 18 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 46ea5b7bfc..98abe7f0d7 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -155,7 +155,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, LDAPMessage ** result, const char *domain_name, BOOL try_add) { - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; pstring filter; int rc; const char **attr_list; @@ -168,7 +168,6 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, DEBUG(2, ("Searching for:[%s]\n", filter)); - attr_list = get_attr_list( dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); free_attr_list( attr_list ); @@ -176,28 +175,44 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, if (rc != LDAP_SUCCESS) { DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); - } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + goto failed; + } + + count = ldap_count_entries(ldap_state->ldap_struct, *result); + + if (count == 1) + return NT_STATUS_OK; + + ldap_msgfree(*result); + *result = NULL; + + if (count < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); - ldap_msgfree(*result); - *result = NULL; - if ( try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) ) { - return smbldap_search_domain_info(ldap_state, result, domain_name, False); - } - else { + + if (!try_add) + goto failed; + + status = add_new_domain_info(ldap_state, domain_name); + if (NT_STATUS_IS_OK(status)) { DEBUG(0, ("Adding domain info for %s failed with %s\n", - domain_name, nt_errstr(ret))); - return ret; + domain_name, nt_errstr(status))); + goto failed; } - } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + + } + + if (count > 1 ) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", count, domain_name)); - ldap_msgfree(*result); - *result = NULL; - return ret; - } else { - return NT_STATUS_OK; + goto failed; } + +failed: + return status; - return ret; } -- cgit From 22268d79265d79b8d86d1152a7bfe2ebc8988905 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 7 Jul 2005 14:19:51 +0000 Subject: r8207: Fix my NT_STATUS_IS_OK mismatch. Guenther (This used to be commit 053e892e07936f6b71a6bb5e31be09c1d2a2c837) --- source3/lib/smbldap_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 98abe7f0d7..798cb3fff7 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -194,7 +194,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, goto failed; status = add_new_domain_info(ldap_state, domain_name); - if (NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Adding domain info for %s failed with %s\n", domain_name, nt_errstr(status))); goto failed; -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/lib/smbldap_util.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 798cb3fff7..4679b86487 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -26,6 +26,65 @@ #include "includes.h" #include "smbldap.h" +/********************************************************************** + Add the account-policies below the sambaDomain object to LDAP, +*********************************************************************/ +static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, + const char *domain_name) +{ + NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; + int i, rc; + uint32 policy_default; + const char *policy_attr = NULL; + pstring dn; + LDAPMod **mods = NULL; + + DEBUG(3,("Adding new account policies for domain\n")); + + pstr_sprintf(dn, "%s=%s,%s", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + for (i=1; decode_account_policy_name(i) != NULL; i++) { + + pstring val; + + policy_attr = get_account_policy_attr(i); + if (!policy_attr) { + DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n")); + continue; + } + + if (!account_policy_get_default(i, &policy_default)) { + DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); + return ntstatus; + } + + DEBUG(10,("add_new_domain_account_policies: adding \"%s\" with value: %d\n", policy_attr, policy_default)); + + pstr_sprintf(val, "%d", policy_default); + + smbldap_set_mod( &mods, LDAP_MOD_REPLACE, policy_attr, val); + + rc = smbldap_modify(ldap_state, dn, mods); + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to add account policies to dn= %s with: %s\n\t%s\n", + dn, ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + ldap_mods_free(mods, True); + return ntstatus; + } + } + + ldap_mods_free(mods, True); + + return NT_STATUS_OK; +} + /********************************************************************** Add the sambaDomain to LDAP, so we don't have to search for this stuff again. This is a once-add operation for now. @@ -200,6 +259,13 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, goto failed; } + status = add_new_domain_account_policies(ldap_state, domain_name); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Adding domain account policies for %s failed with %s\n", + domain_name, nt_errstr(status))); + goto failed; + } + return smbldap_search_domain_info(ldap_state, result, domain_name, False); } -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/lib/smbldap_util.c | 92 ++++++++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 52 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 4679b86487..7b4cf4d079 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -99,21 +99,17 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, pstring filter, dn; LDAPMod **mods = NULL; int rc; - int ldap_op; LDAPMessage *result = NULL; int num_result; const char **attr_list; - uid_t u_low, u_high; - gid_t g_low, g_high; - uint32 rid_low, rid_high; slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), domain_name, LDAP_OBJ_DOMINFO); - attr_list = get_attr_list( dominfo_attr_list ); + attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - free_attr_list( attr_list ); + talloc_free( attr_list ); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; @@ -122,80 +118,72 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, num_result = ldap_count_entries(ldap_state->ldap_struct, result); if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + DEBUG (0, ("More than domain with that name exists: bailing " + "out!\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } /* Check if we need to add an entry */ DEBUG(3,("Adding new domain\n")); - ldap_op = LDAP_MOD_ADD; - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); + pstr_sprintf(dn, "%s=%s,%s", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); /* Free original search */ ldap_msgfree(result); - /* make the changes - the entry *must* not already have samba attributes */ - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); + /* make the changes - the entry *must* not already have samba + * attributes */ - /* If we don't have an entry, then ask secrets.tdb for what it thinks. + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, + LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. It may choose to make it up */ sid_to_string(sid_string, get_global_sam_sid()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); - - slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, + LDAP_ATTR_DOM_SID), + sid_string); + + slprintf(algorithmic_rid_base_string, + sizeof(algorithmic_rid_base_string) - 1, "%i", + algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, + LDAP_ATTR_ALGORITHMIC_RID_BASE), algorithmic_rid_base_string); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. - TODO: fix all the places where the line between idmap and normal operations - needed by smbd gets fuzzy --jerry 2003-08-11 */ + /* add the sambaNextUserRid attributes. */ - if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) - && get_free_rid_range(&rid_low, &rid_high) ) { + uint32 rid = BASE_RID; fstring rid_str; - fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + fstr_sprintf( rid_str, "%i", rid ); DEBUG(10,("setting next available user rid [%s]\n", rid_str)); smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), - rid_str); - - fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); - DEBUG(10,("setting next available group rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + get_attr_key2string(dominfo_attr_list, + LDAP_ATTR_NEXT_USERRID), rid_str); - } - switch(ldap_op) - { - case LDAP_MOD_ADD: - rc = smbldap_add(ldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state, dn, mods); - break; - default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); - return NT_STATUS_INVALID_PARAMETER; - } - + rc = smbldap_add(ldap_state, dn, mods); + if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", - ldap_op == LDAP_MOD_ADD ? "add" : "modify", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to add domain dn= %s with: %s\n\t%s\n", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); ldap_mods_free(mods, True); @@ -227,9 +215,9 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, DEBUG(2, ("Searching for:[%s]\n", filter)); - attr_list = get_attr_list( dominfo_attr_list ); + attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - free_attr_list( attr_list ); + talloc_free( attr_list ); if (rc != LDAP_SUCCESS) { DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); -- cgit From fb5362c069b5b6548478b2217a0519c56d856705 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 17:59:58 +0000 Subject: r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) --- source3/lib/smbldap_util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 7b4cf4d079..64e2a5eae4 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -109,7 +109,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - talloc_free( attr_list ); + TALLOC_FREE( attr_list ); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; @@ -217,7 +217,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - talloc_free( attr_list ); + TALLOC_FREE( attr_list ); if (rc != LDAP_SUCCESS) { DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); -- cgit From 984fe8c9af5063d4a381ac7b2bb31d2bcbe29fac Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Feb 2006 22:04:07 +0000 Subject: r13682: Actually give a developer a prayer of finding out where random error messages are coming from. Yes I'm pissed as I'm working on a live issue right now... Jeremy. (This used to be commit 07d1037e17d782ce10dc6f4d15dcd686730c0b92) --- source3/lib/smbldap_util.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 64e2a5eae4..aff4eff6f6 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -29,6 +29,7 @@ /********************************************************************** Add the account-policies below the sambaDomain object to LDAP, *********************************************************************/ + static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, const char *domain_name) { @@ -39,7 +40,7 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state pstring dn; LDAPMod **mods = NULL; - DEBUG(3,("Adding new account policies for domain\n")); + DEBUG(3,("add_new_domain_account_policies: Adding new account policies for domain\n")); pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), @@ -71,7 +72,7 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to add account policies to dn= %s with: %s\n\t%s\n", + DEBUG(1,("add_new_domain_account_policies: failed to add account policies to dn= %s with: %s\n\t%s\n", dn, ldap_err2string(rc), ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); @@ -91,6 +92,7 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state TODO: Add other attributes, and allow modification. *********************************************************************/ + static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, const char *domain_name) { @@ -118,14 +120,14 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, num_result = ldap_count_entries(ldap_state->ldap_struct, result); if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing " + DEBUG (0, ("add_new_domain_info: More than domain with that name exists: bailing " "out!\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } /* Check if we need to add an entry */ - DEBUG(3,("Adding new domain\n")); + DEBUG(3,("add_new_domain_info: Adding new domain\n")); pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), @@ -167,7 +169,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, fstring rid_str; fstr_sprintf( rid_str, "%i", rid ); - DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + DEBUG(10,("add_new_domain_info: setting next available user rid [%s]\n", rid_str)); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), @@ -181,7 +183,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to add domain dn= %s with: %s\n\t%s\n", + DEBUG(1,("add_new_domain_info: failed to add domain dn= %s with: %s\n\t%s\n", dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); @@ -190,7 +192,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, return NT_STATUS_UNSUCCESSFUL; } - DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + DEBUG(2,("add_new_domain_info: added: domain = %s in the LDAP database\n", domain_name)); ldap_mods_free(mods, True); return NT_STATUS_OK; } @@ -198,6 +200,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, /********************************************************************** Search for the domain info entry *********************************************************************/ + NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, LDAPMessage ** result, const char *domain_name, BOOL try_add) @@ -213,15 +216,15 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), domain_name); - DEBUG(2, ("Searching for:[%s]\n", filter)); + DEBUG(2, ("smbldap_search_domain_info: Searching for:[%s]\n", filter)); attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); TALLOC_FREE( attr_list ); if (rc != LDAP_SUCCESS) { - DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); - DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + DEBUG(2,("smbldap_search_domain_info: Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("smbldap_search_domain_info: Query was: %s, %s\n", lp_ldap_suffix(), filter)); goto failed; } @@ -235,21 +238,21 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, if (count < 1) { - DEBUG(3, ("Got no domain info entries for domain\n")); + DEBUG(3, ("smbldap_search_domain_info: Got no domain info entries for domain\n")); if (!try_add) goto failed; status = add_new_domain_info(ldap_state, domain_name); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Adding domain info for %s failed with %s\n", + DEBUG(0, ("smbldap_search_domain_info: Adding domain info for %s failed with %s\n", domain_name, nt_errstr(status))); goto failed; } status = add_new_domain_account_policies(ldap_state, domain_name); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Adding domain account policies for %s failed with %s\n", + DEBUG(0, ("smbldap_search_domain_info: Adding domain account policies for %s failed with %s\n", domain_name, nt_errstr(status))); goto failed; } @@ -260,13 +263,11 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, if (count > 1 ) { - DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + DEBUG(0, ("smbldap_search_domain_info: Got too many (%d) domain info entries for domain %s\n", count, domain_name)); goto failed; } failed: return status; - } - -- cgit From e9e6af59510242fbc78fd2100026d8dc79f18773 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 1 Mar 2007 00:49:28 +0000 Subject: r21606: Implement escaping function for ldap RDN values Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322) --- source3/lib/smbldap_util.c | 47 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 5 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index aff4eff6f6..11b27bf98f 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -39,12 +39,21 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state const char *policy_attr = NULL; pstring dn; LDAPMod **mods = NULL; + char *escape_domain_name; DEBUG(3,("add_new_domain_account_policies: Adding new account policies for domain\n")); - + + escape_domain_name = escape_rdn_val_string_alloc(domain_name); + if (!escape_domain_name) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); + escape_domain_name, lp_ldap_suffix()); + + SAFE_FREE(escape_domain_name); for (i=1; decode_account_policy_name(i) != NULL; i++) { @@ -104,10 +113,20 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, LDAPMessage *result = NULL; int num_result; const char **attr_list; + char *escape_domain_name; + + /* escape for filter */ + escape_domain_name = escape_ldap_string_alloc(domain_name); + if (!escape_domain_name) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, LDAP_OBJ_DOMINFO); + escape_domain_name, LDAP_OBJ_DOMINFO); + + SAFE_FREE(escape_domain_name); attr_list = get_attr_list( NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); @@ -129,9 +148,18 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, /* Check if we need to add an entry */ DEBUG(3,("add_new_domain_info: Adding new domain\n")); + /* this time escape for DN */ + escape_domain_name = escape_rdn_val_string_alloc(domain_name); + if (!escape_domain_name) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); + escape_domain_name, lp_ldap_suffix()); + + SAFE_FREE(escape_domain_name); /* Free original search */ ldap_msgfree(result); @@ -210,11 +238,20 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, int rc; const char **attr_list; int count; + char *escape_domain_name; + + escape_domain_name = escape_ldap_string_alloc(domain_name); + if (!escape_domain_name) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_DOMINFO, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); + escape_domain_name); + + SAFE_FREE(escape_domain_name); DEBUG(2, ("smbldap_search_domain_info: Searching for:[%s]\n", filter)); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/smbldap_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 11b27bf98f..edcbd72354 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -9,7 +9,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/smbldap_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index edcbd72354..b30a6d5916 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -18,8 +18,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/smbldap_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index b30a6d5916..8ea9d42a29 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -230,7 +230,7 @@ Search for the domain info entry NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, LDAPMessage ** result, const char *domain_name, - BOOL try_add) + bool try_add) { NTSTATUS status = NT_STATUS_UNSUCCESSFUL; pstring filter; -- cgit From 68be9a820059ee96dd26c527efd7c14e679d3f2c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Nov 2007 14:19:52 -0800 Subject: More pstring removal. This one was tricky. I had to add one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. (This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d) --- source3/lib/smbldap_util.c | 93 +++++++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 34 deletions(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 8ea9d42a29..42861ae111 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -36,7 +36,7 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state int i, rc; uint32 policy_default; const char *policy_attr = NULL; - pstring dn; + char *dn = NULL; LDAPMod **mods = NULL; char *escape_domain_name; @@ -48,15 +48,17 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state return NT_STATUS_NO_MEMORY; } - pstr_sprintf(dn, "%s=%s,%s", + if (asprintf(&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - escape_domain_name, lp_ldap_suffix()); + escape_domain_name, lp_ldap_suffix()) < 0) { + SAFE_FREE(escape_domain_name); + return NT_STATUS_NO_MEMORY; + } SAFE_FREE(escape_domain_name); for (i=1; decode_account_policy_name(i) != NULL; i++) { - - pstring val; + char *val = NULL; policy_attr = get_account_policy_attr(i); if (!policy_attr) { @@ -66,17 +68,23 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state if (!account_policy_get_default(i, &policy_default)) { DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); + SAFE_FREE(dn); return ntstatus; } DEBUG(10,("add_new_domain_account_policies: adding \"%s\" with value: %d\n", policy_attr, policy_default)); - pstr_sprintf(val, "%d", policy_default); + if (asprintf(&val, "%d", policy_default) < 0) { + SAFE_FREE(dn); + return NT_STATUS_NO_MEMORY; + } smbldap_set_mod( &mods, LDAP_MOD_REPLACE, policy_attr, val); rc = smbldap_modify(ldap_state, dn, mods); + SAFE_FREE(val); + if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -84,11 +92,13 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state dn, ldap_err2string(rc), ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + SAFE_FREE(dn); ldap_mods_free(mods, True); return ntstatus; } } + SAFE_FREE(dn); ldap_mods_free(mods, True); return NT_STATUS_OK; @@ -101,12 +111,13 @@ static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state TODO: Add other attributes, and allow modification. *********************************************************************/ -static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, - const char *domain_name) +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) { fstring sid_string; fstring algorithmic_rid_base_string; - pstring filter, dn; + char *filter = NULL; + char *dn = NULL; LDAPMod **mods = NULL; int rc; LDAPMessage *result = NULL; @@ -121,29 +132,33 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, return NT_STATUS_NO_MEMORY; } - slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - escape_domain_name, LDAP_OBJ_DOMINFO); + if (asprintf(&filter, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + escape_domain_name, LDAP_OBJ_DOMINFO) < 0) { + SAFE_FREE(escape_domain_name); + return NT_STATUS_NO_MEMORY; + } SAFE_FREE(escape_domain_name); - attr_list = get_attr_list( NULL, dominfo_attr_list ); + attr_list = get_attr_list(NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); TALLOC_FREE( attr_list ); + SAFE_FREE(filter); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; } num_result = ldap_count_entries(ldap_state->ldap_struct, result); - + if (num_result > 1) { DEBUG (0, ("add_new_domain_info: More than domain with that name exists: bailing " "out!\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } - + /* Check if we need to add an entry */ DEBUG(3,("add_new_domain_info: Adding new domain\n")); @@ -154,9 +169,12 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, return NT_STATUS_NO_MEMORY; } - pstr_sprintf(dn, "%s=%s,%s", + if (asprintf(&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - escape_domain_name, lp_ldap_suffix()); + escape_domain_name, lp_ldap_suffix()) < 0) { + SAFE_FREE(escape_domain_name); + return NT_STATUS_NO_MEMORY; + } SAFE_FREE(escape_domain_name); @@ -168,7 +186,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, - LDAP_ATTR_DOMAIN), + LDAP_ATTR_DOMAIN), domain_name); /* If we don't have an entry, then ask secrets.tdb for what it thinks. @@ -185,21 +203,21 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, algorithmic_rid_base()); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, - LDAP_ATTR_ALGORITHMIC_RID_BASE), + LDAP_ATTR_ALGORITHMIC_RID_BASE), algorithmic_rid_base_string); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - + /* add the sambaNextUserRid attributes. */ - + { uint32 rid = BASE_RID; fstring rid_str; - + fstr_sprintf( rid_str, "%i", rid ); DEBUG(10,("add_new_domain_info: setting next available user rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, - LDAP_ATTR_NEXT_USERRID), + LDAP_ATTR_NEXT_USERRID), rid_str); } @@ -214,13 +232,14 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); - + SAFE_FREE(dn); ldap_mods_free(mods, True); return NT_STATUS_UNSUCCESSFUL; } DEBUG(2,("add_new_domain_info: added: domain = %s in the LDAP database\n", domain_name)); ldap_mods_free(mods, True); + SAFE_FREE(dn); return NT_STATUS_OK; } @@ -233,22 +252,25 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, bool try_add) { NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - pstring filter; + char *filter = NULL; int rc; const char **attr_list; int count; char *escape_domain_name; - + escape_domain_name = escape_ldap_string_alloc(domain_name); if (!escape_domain_name) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", + if (asprintf(&filter, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_DOMINFO, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - escape_domain_name); + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + escape_domain_name) < 0) { + SAFE_FREE(escape_domain_name); + return NT_STATUS_NO_MEMORY; + } SAFE_FREE(escape_domain_name); @@ -264,14 +286,17 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, goto failed; } + SAFE_FREE(filter); + count = ldap_count_entries(ldap_state->ldap_struct, *result); - if (count == 1) + if (count == 1) { return NT_STATUS_OK; + } ldap_msgfree(*result); *result = NULL; - + if (count < 1) { DEBUG(3, ("smbldap_search_domain_info: Got no domain info entries for domain\n")); @@ -285,7 +310,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, domain_name, nt_errstr(status))); goto failed; } - + status = add_new_domain_account_policies(ldap_state, domain_name); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("smbldap_search_domain_info: Adding domain account policies for %s failed with %s\n", @@ -294,7 +319,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, } return smbldap_search_domain_info(ldap_state, result, domain_name, False); - + } if (count > 1 ) { -- cgit From 2e07c2ade89f4ff281c61f74cb88e09990cf5f46 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 22:47:30 +0100 Subject: s/sid_to_string/sid_to_fstring/ least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546) --- source3/lib/smbldap_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap_util.c') diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c index 42861ae111..66aef6ba66 100644 --- a/source3/lib/smbldap_util.c +++ b/source3/lib/smbldap_util.c @@ -192,7 +192,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, /* If we don't have an entry, then ask secrets.tdb for what it thinks. It may choose to make it up */ - sid_to_string(sid_string, get_global_sam_sid()); + sid_to_fstring(sid_string, get_global_sam_sid()); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), -- cgit