From 6fe08f60ca3ee70deb4769025860267cff4f6f4d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Mar 2003 09:38:47 +0000 Subject: Put group mapping into LDAP. Volker (This used to be commit f0f1518fc450834725902e9cdf33fb8d35f99360) --- source3/passdb/pdb_ldap.c | 502 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 501 insertions(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 46e0994379..d512a4fda3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -786,8 +786,11 @@ static void make_a_mod (LDAPMod *** modlist, int modop, const char *attribute, c if (attribute == NULL || *attribute == '\0') return; - if (value == NULL || *value == '\0') +#if 0 + /* Why do we need this??? -- vl */ + if (value == NULL || *value == '\0') return; +#endif if (mods == NULL) { @@ -1987,6 +1990,495 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } +static const char *group_attr[] = {"gid", "ntSid", "ntGroupType", + "gidNumber", + "displayName", "description", + NULL }; + +static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state, + const char *filter, + LDAPMessage ** result) +{ + int scope = LDAP_SCOPE_SUBTREE; + int rc; + + DEBUG(2, ("ldapsam_search_one_group: searching for:[%s]\n", filter)); + + rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, + filter, group_attr, 0, result); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("ldapsam_search_one_group: " + "Problem during the LDAP search: %s\n", + ldap_err2string(rc))); + DEBUG(3, ("ldapsam_search_one_group: Query was: %s, %s\n", + lp_ldap_suffix(), filter)); + } + + return rc; +} + +static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, + GROUP_MAP *map, LDAPMessage *entry) +{ + pstring temp; + + if (ldap_state == NULL || map == NULL || entry == NULL || + ldap_state->ldap_struct == NULL) { + DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n")); + return False; + } + + if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", + temp)) { + DEBUG(0, ("Mandatory attribute gidNumber not found\n")); + return False; + } + DEBUG(2, ("Entry found for group: %s\n", temp)); + + map->gid = (uint32)atol(temp); + + if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", + temp)) { + DEBUG(0, ("Mandatory attribute ntSid not found\n")); + return False; + } + string_to_sid(&map->sid, temp); + + if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntGroupType", + temp)) { + DEBUG(0, ("Mandatory attribute ntGroupType not found\n")); + return False; + } + map->sid_name_use = (uint32)atol(temp); + + if ((map->sid_name_use < SID_NAME_USER) || + (map->sid_name_use > SID_NAME_UNKNOWN)) { + DEBUG(0, ("Unknown Group type: %d\n", map->sid_name_use)); + return False; + } + + if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", + temp)) { + DEBUG(3, ("Attribute displayName not found\n")); + temp[0] = '\0'; + } + fstrcpy(map->nt_name, temp); + + if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", + temp)) { + DEBUG(3, ("Attribute description not found\n")); + temp[0] = '\0'; + } + fstrcpy(map->comment, temp); + + map->systemaccount = 0; + init_privilege(&map->priv_set); + + return True; +} + +static BOOL init_ldap_from_group(struct ldapsam_privates *ldap_state, + LDAPMod ***mods, int ldap_op, + const GROUP_MAP *map) +{ + pstring tmp; + + if (mods == NULL || map == NULL) { + DEBUG(0, ("init_ldap_from_group: NULL parameters found!\n")); + return False; + } + + *mods = NULL; + + sid_to_string(tmp, &map->sid); + make_a_mod(mods, ldap_op, "ntSid", tmp); + + snprintf(tmp, sizeof(tmp)-1, "%i", map->sid_name_use); + make_a_mod(mods, ldap_op, "ntGroupType", tmp); + + make_a_mod(mods, ldap_op, "displayName", map->nt_name); + make_a_mod(mods, ldap_op, "description", map->comment); + + return True; +} + +static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods, + const char *filter, + GROUP_MAP *map) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; + LDAPMessage *result; + LDAPMessage *entry; + int count; + + if (ldapsam_search_one_group(ldap_state, filter, &result) + != LDAP_SUCCESS) { + return NT_STATUS_NO_SUCH_GROUP; + } + + count = ldap_count_entries(ldap_state->ldap_struct, result); + + if (count < 1) { + DEBUG(4, ("Did not find group for filter %s\n", filter)); + return NT_STATUS_NO_SUCH_GROUP; + } + + if (count > 1) { + DEBUG(1, ("Duplicate entries for filter %s: count=%d\n", + filter, count)); + return NT_STATUS_NO_SUCH_GROUP; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, result); + + if (!entry) { + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!init_group_from_ldap(ldap_state, map, entry)) { + DEBUG(1, ("init_group_from_ldap failed for group filter %s\n", + filter)); + ldap_msgfree(result); + return NT_STATUS_NO_SUCH_GROUP; + } + + ldap_msgfree(result); + return NT_STATUS_OK; +} + +static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid, BOOL with_priv) +{ + pstring filter; + + snprintf(filter, sizeof(filter)-1, + "(&(objectClass=sambaGroupMapping)(ntSid=%s))", + sid_string_static(&sid)); + + return ldapsam_getgroup(methods, filter, map); +} + +static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid, BOOL with_priv) +{ + pstring filter; + + snprintf(filter, sizeof(filter)-1, + "(&(objectClass=sambaGroupMapping)(gidNumber=%d))", + gid); + + return ldapsam_getgroup(methods, filter, map); +} + +static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + char *name, BOOL with_priv) +{ + pstring filter; + + /* TODO: Escaping of name? */ + + snprintf(filter, sizeof(filter)-1, + "(&(objectClass=sambaGroupMapping)(displayName=%s))", + name); + + return ldapsam_getgroup(methods, filter, map); +} + +static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, + gid_t gid, + LDAPMessage **result) +{ + pstring filter; + + snprintf(filter, sizeof(filter)-1, + "(&(objectClass=posixGroup)(gidNumber=%i))", gid); + + return ldapsam_search_one_group(ldap_state, filter, result); +} + +static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; + LDAPMessage *result = NULL; + LDAPMod **mods = NULL; + + char *tmp; + pstring dn; + LDAPMessage *entry; + + GROUP_MAP dummy; + + int rc; + + if (NT_STATUS_IS_OK(ldapsam_getgrgid(methods, &dummy, + map->gid, False))) { + DEBUG(0, ("Group %i already exists in LDAP\n", map->gid)); + return NT_STATUS_UNSUCCESSFUL; + } + + rc = ldapsam_search_one_group_by_gid(ldap_state, map->gid, &result); + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (ldap_count_entries(ldap_state->ldap_struct, result) != 1) { + DEBUG(2, ("Group %i must exist exactly once in LDAP\n", + map->gid)); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, result); + tmp = ldap_get_dn(ldap_state->ldap_struct, entry); + pstrcpy(dn, tmp); + ldap_memfree(tmp); + ldap_msgfree(result); + + if (!init_ldap_from_group(ldap_state, &mods, LDAP_MOD_ADD, map)) { + DEBUG(0, ("init_ldap_from_group failed!\n")); + ldap_mods_free(mods, 1); + return NT_STATUS_UNSUCCESSFUL; + } + + if (mods == NULL) { + DEBUG(0, ("mods is empty\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + make_a_mod(&mods, LDAP_MOD_ADD, "objectClass", + "sambaGroupMapping"); + + rc = ldapsam_modify(ldap_state, dn, mods); + ldap_mods_free(mods, 1); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("failed to modify group %i\n", map->gid)); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2, ("successfully modified group %i in LDAP\n", map->gid)); + return NT_STATUS_OK; +} + +static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; + int rc; + char *dn; + LDAPMessage *result; + LDAPMessage *entry; + LDAPMod **mods; + + if (!init_ldap_from_group(ldap_state, &mods, LDAP_MOD_REPLACE, map)) { + DEBUG(0, ("init_ldap_from_group failed\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (mods == NULL) { + DEBUG(4, ("mods is empty: nothing to do\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + rc = ldapsam_search_one_group_by_gid(ldap_state, map->gid, &result); + + if (rc != LDAP_SUCCESS) { + ldap_mods_free(mods, 1); + return NT_STATUS_UNSUCCESSFUL; + } + + if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) { + DEBUG(0, ("No group to modify!\n")); + ldap_msgfree(result); + ldap_mods_free(mods, 1); + return NT_STATUS_UNSUCCESSFUL; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, result); + dn = ldap_get_dn(ldap_state->ldap_struct, entry); + ldap_msgfree(result); + + rc = ldapsam_modify(ldap_state, dn, mods); + + ldap_mods_free(mods, 1); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("failed to modify group %i\n", map->gid)); + } + + DEBUG(2, ("successfully modified group %i in LDAP\n", map->gid)); + return NT_STATUS_OK; +} + +static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; + pstring sidstring, filter; + int rc; + char *dn; + LDAPMessage *result; + LDAPMessage *entry; + LDAPMod **mods; + + sid_to_string(sidstring, &sid); + snprintf(filter, sizeof(filter)-1, + "(&(objectClass=sambaGroupMapping)(ntSid=%s))", sidstring); + + rc = ldapsam_search_one_group(ldap_state, filter, &result); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (ldap_count_entries(ldap_state->ldap_struct, result) != 1) { + DEBUG(0, ("Group must exist exactly once\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, result); + dn = ldap_get_dn(ldap_state->ldap_struct, entry); + ldap_msgfree(result); + + mods = NULL; + make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", "sambaGroupMapping"); + make_a_mod(&mods, LDAP_MOD_DELETE, "ntSid", NULL); + make_a_mod(&mods, LDAP_MOD_DELETE, "ntGroupType", NULL); + make_a_mod(&mods, LDAP_MOD_DELETE, "description", NULL); + make_a_mod(&mods, LDAP_MOD_DELETE, "displayName", NULL); + + rc = ldapsam_modify(ldap_state, dn, mods); + + ldap_mods_free(mods, 1); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("failed to delete group %s\n", sidstring)); + } + + DEBUG(2, ("successfully delete group mapping %s in LDAP\n", + sidstring)); + return NT_STATUS_OK; +} + +static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, + BOOL update) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)my_methods->private_data; + const char *filter = "(objectClass=sambaGroupMapping)"; + int rc; + + rc = ldapsam_search(ldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, + group_attr, 0, &ldap_state->result); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc))); + DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + ldap_msgfree(ldap_state->result); + ldap_state->result = NULL; + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n", + ldap_count_entries(ldap_state->ldap_struct, + ldap_state->result))); + + ldap_state->entry = ldap_first_entry(ldap_state->ldap_struct, + ldap_state->result); + ldap_state->index = 0; + + return NT_STATUS_OK; +} + +static void ldapsam_endsamgrent(struct pdb_methods *my_methods) +{ + return ldapsam_endsampwent(my_methods); +} + +static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods, + GROUP_MAP *map) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; + BOOL bret = False; + + /* The rebind proc needs this *HACK*. We are not multithreaded, so + this will work, but it's not nice. */ + static_ldap_state = ldap_state; + + while (!bret) { + if (!ldap_state->entry) + return ret; + + ldap_state->index++; + bret = init_group_from_ldap(ldap_state, map, ldap_state->entry); + + ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct, + ldap_state->entry); + } + + return NT_STATUS_OK; +} + +static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) +{ + GROUP_MAP map; + GROUP_MAP *mapt; + int entries = 0; + NTSTATUS nt_status; + + *num_entries = 0; + *rmap = NULL; + + if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) { + DEBUG(0, ("Unable to open passdb\n")); + return NT_STATUS_ACCESS_DENIED; + } + + while (NT_STATUS_IS_OK(nt_status = ldapsam_getsamgrent(methods, &map))) { + if (sid_name_use != SID_NAME_UNKNOWN && + sid_name_use != map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); + continue; + } + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { + DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); + continue; + } + + mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); + if (!mapt) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + SAFE_FREE(*rmap); + return NT_STATUS_UNSUCCESSFUL; + } + else + (*rmap) = mapt; + + mapt[entries] = map; + + entries += 1; + + } + ldapsam_endsamgrent(methods); + + *num_entries = entries; + + return NT_STATUS_OK; +} + NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; @@ -2007,6 +2499,14 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co (*pdb_method)->update_sam_account = ldapsam_update_sam_account; (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; + (*pdb_method)->getgrsid = ldapsam_getgrsid; + (*pdb_method)->getgrgid = ldapsam_getgrgid; + (*pdb_method)->getgrnam = ldapsam_getgrnam; + (*pdb_method)->add_group_mapping_entry = ldapsam_add_group_mapping_entry; + (*pdb_method)->update_group_mapping_entry = ldapsam_update_group_mapping_entry; + (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; + (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; + /* TODO: Setup private data and free */ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct ldapsam_privates)); -- cgit From 91d55a509a80a63d3a2302c10d1fe5300e424ae7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Mar 2003 14:56:50 +0000 Subject: If we fail, return an error code :-) Volker (This used to be commit a5218499eb3f0a62cd663a06157591fbb0dfcbef) --- source3/passdb/pdb_ldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index d512a4fda3..24d3b6f448 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2361,6 +2361,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, if (rc != LDAP_SUCCESS) { DEBUG(0, ("failed to delete group %s\n", sidstring)); + return NT_STATUS_UNSUCCESSFUL; } DEBUG(2, ("successfully delete group mapping %s in LDAP\n", -- cgit From 97575a9ba7d772e6533297d958deb082c8b09d8e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Mar 2003 14:58:20 +0000 Subject: Hey -- there is an error code NT_STATUS_CANNOT_DELETE :-) (This used to be commit aa9b8382d38346cb3e94ddf2e7caf6d663034579) --- source3/passdb/pdb_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 24d3b6f448..7b54a1d6e3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2361,7 +2361,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, if (rc != LDAP_SUCCESS) { DEBUG(0, ("failed to delete group %s\n", sidstring)); - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_CANNOT_DELETE; } DEBUG(2, ("successfully delete group mapping %s in LDAP\n", -- cgit From 45df237d13316a1ec2074aec5023973b7681d860 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Mar 2003 18:17:12 +0000 Subject: Add paramter 'ldap del only sam attr'. This patch is heavily based on a patch by SuSE. Thanks to Guenther Deschner for providing it. Volker (This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454) --- source3/passdb/pdb_ldap.c | 156 ++++++++++++++++++++++++++++------------------ 1 file changed, 97 insertions(+), 59 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 7b54a1d6e3..2571ecd33a 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -847,6 +847,84 @@ static void make_a_mod (LDAPMod *** modlist, int modop, const char *attribute, c *modlist = mods; } +/******************************************************************* + Delete complete object or objectclass and attrs from + object found in search_result depending on lp_ldap_del_only_sam +******************************************************************/ +static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state, + LDAPMessage *result, + const char *objectclass, + const char **attrs) +{ + int rc; + LDAPMessage *entry; + LDAPMod **mods = NULL; + char *name, *dn; + BerElement *ptr = NULL; + + rc = ldap_count_entries(ldap_state->ldap_struct, result); + + if (rc != 1) { + DEBUG(0, ("Entry must exist exactly once!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, result); + dn = ldap_get_dn(ldap_state->ldap_struct, entry); + + if (!lp_ldap_del_only_sam()) { + NTSTATUS ret = NT_STATUS_OK; + rc = ldapsam_delete(ldap_state, dn); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("Could not delete object %s\n", dn)); + ret = NT_STATUS_UNSUCCESSFUL; + } + ldap_memfree(dn); + return ret; + } + + /* Ok, delete only the SAM attributes */ + + for (name = ldap_first_attribute(ldap_state->ldap_struct, entry, &ptr); + name != NULL; + name = ldap_next_attribute(ldap_state->ldap_struct, entry, ptr)) { + + const char **attrib; + + /* We are only allowed to delete the attributes that + really exist. */ + + for (attrib = attrs; *attrib != NULL; attrib++) { + if (StrCaseCmp(*attrib, name) == 0) { + DEBUG(10, ("deleting attribute %s\n", name)); + make_a_mod(&mods, LDAP_MOD_DELETE, name, NULL); + } + } + + ldap_memfree(name); + } + + if (ptr != NULL) { + ber_free(ptr, 0); + } + + make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass); + + rc = ldapsam_modify(ldap_state, dn, mods); + ldap_mods_free(mods, 1); + + if (rc != LDAP_SUCCESS) { + DEBUG(0, ("could not delete attributes for %s, error: %s\n", + dn, ldap_err2string(rc))); + ldap_memfree(dn); + return NT_STATUS_UNSUCCESSFUL; + } + + ldap_memfree(dn); + return NT_STATUS_OK; +} + /* New Interface is being implemented here */ /********************************************************************** @@ -1772,9 +1850,13 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; const char *sname; int rc; - char *dn; - LDAPMessage *entry; LDAPMessage *result; + NTSTATUS ret; + const char *sam_user_attrs[] = + { "lmPassword", "ntPassword", "pwdLastSet", "logonTime", "logoffTime", + "kickoffTime", "pwdCanChange", "pwdMustChange", "acctFlags", + "displayName", "smbHome", "homeDrive", "scriptPath", "profilePath", + "userWorkstations", "primaryGroupID", "domain", "rid", NULL }; if (!sam_acct) { DEBUG(0, ("sam_acct was NULL!\n")); @@ -1790,30 +1872,10 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A return NT_STATUS_NO_SUCH_USER; } - if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) { - DEBUG (0, ("User doesn't exit!\n")); - ldap_msgfree (result); - return NT_STATUS_NO_SUCH_USER; - } - - entry = ldap_first_entry (ldap_state->ldap_struct, result); - dn = ldap_get_dn (ldap_state->ldap_struct, entry); + ret = ldapsam_delete_entry(ldap_state, result, "sambaAccount", + sam_user_attrs); ldap_msgfree(result); - - rc = ldapsam_delete(ldap_state, dn); - - ldap_memfree (dn); - if (rc != LDAP_SUCCESS) { - char *ld_error; - ldap_get_option (ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n", - sname, ldap_err2string (rc), ld_error)); - free (ld_error); - return NT_STATUS_CANNOT_DELETE; - } - - DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname)); - return NT_STATUS_OK; + return ret; } /********************************************************************** @@ -2322,12 +2384,13 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; pstring sidstring, filter; - int rc; - char *dn; LDAPMessage *result; - LDAPMessage *entry; - LDAPMod **mods; + int rc; + NTSTATUS ret; + const char *sam_group_attrs[] = { "ntSid", "ntGroupType", + "description", "displayName", + NULL }; sid_to_string(sidstring, &sid); snprintf(filter, sizeof(filter)-1, "(&(objectClass=sambaGroupMapping)(ntSid=%s))", sidstring); @@ -2335,38 +2398,13 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, rc = ldapsam_search_one_group(ldap_state, filter, &result); if (rc != LDAP_SUCCESS) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (ldap_count_entries(ldap_state->ldap_struct, result) != 1) { - DEBUG(0, ("Group must exist exactly once\n")); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - entry = ldap_first_entry(ldap_state->ldap_struct, result); - dn = ldap_get_dn(ldap_state->ldap_struct, entry); - ldap_msgfree(result); - - mods = NULL; - make_a_mod(&mods, LDAP_MOD_DELETE, "objectClass", "sambaGroupMapping"); - make_a_mod(&mods, LDAP_MOD_DELETE, "ntSid", NULL); - make_a_mod(&mods, LDAP_MOD_DELETE, "ntGroupType", NULL); - make_a_mod(&mods, LDAP_MOD_DELETE, "description", NULL); - make_a_mod(&mods, LDAP_MOD_DELETE, "displayName", NULL); - - rc = ldapsam_modify(ldap_state, dn, mods); - - ldap_mods_free(mods, 1); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("failed to delete group %s\n", sidstring)); - return NT_STATUS_CANNOT_DELETE; + return NT_STATUS_NO_SUCH_GROUP; } - DEBUG(2, ("successfully delete group mapping %s in LDAP\n", - sidstring)); - return NT_STATUS_OK; + ret = ldapsam_delete_entry(ldap_state, result, "sambaGroupMapping", + sam_group_attrs); + ldap_msgfree(result); + return ret; } static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, -- cgit From 47ea3a2bf242a446f658f1573ec5d3ea533333f0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Mar 2003 18:45:19 +0000 Subject: Put in the new modules system. It's now used by passdb and rpc. I will put a doc about it in dev-doc later today. (This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a) --- source3/passdb/pdb_guest.c | 6 +++++ source3/passdb/pdb_interface.c | 50 +++++++++++++----------------------------- source3/passdb/pdb_ldap.c | 20 ++++------------- source3/passdb/pdb_nisplus.c | 10 ++------- source3/passdb/pdb_smbpasswd.c | 7 ++++++ source3/passdb/pdb_tdb.c | 19 +++------------- source3/passdb/pdb_unix.c | 5 +++++ 7 files changed, 42 insertions(+), 75 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 3f0f06d18d..f5a15057e0 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -121,3 +121,9 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c /* There's not very much to initialise here */ return NT_STATUS_OK; } + +int pdb_guest_init(void) +{ + return smb_register_passdb("guest", pdb_init_guestsam, PASSDB_INTERFACE_VERSION); +} + diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 48a039b3de..9819df75ec 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -24,39 +24,14 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -/** List of various built-in passdb modules */ -static const struct { - const char *name; - /* Function to create a member of the pdb_methods list */ - pdb_init_function init; -} builtin_pdb_init_functions[] = { - { "smbpasswd", pdb_init_smbpasswd }, - { "smbpasswd_nua", pdb_init_smbpasswd_nua }, - { "tdbsam", pdb_init_tdbsam }, - { "tdbsam_nua", pdb_init_tdbsam_nua }, - { "ldapsam", pdb_init_ldapsam }, - { "ldapsam_nua", pdb_init_ldapsam_nua }, - { "unixsam", pdb_init_unixsam }, - { "guest", pdb_init_guestsam }, - { "nisplussam", pdb_init_nisplussam }, - { NULL, NULL} -}; - -static struct pdb_init_function_entry *backends; -static void lazy_initialize_passdb(void); - -static void lazy_initialize_passdb() -{ - int i; - static BOOL initialised = False; - - if(!initialised) { - initialised = True; +static struct pdb_init_function_entry *backends = NULL; - for(i = 0; builtin_pdb_init_functions[i].name; i++) { - smb_register_passdb(builtin_pdb_init_functions[i].name, builtin_pdb_init_functions[i].init, PASSDB_INTERFACE_VERSION); - } - } +static void lazy_initialize_passdb(void) +{ + static BOOL initialized = FALSE; + if(initialized)return; + static_init_pdb; + initialized = TRUE; } BOOL smb_register_passdb(const char *name, pdb_init_function init, int version) @@ -451,13 +426,18 @@ static NTSTATUS make_pdb_methods_name(struct pdb_methods **methods, struct pdb_c entry = pdb_find_backend_entry(module_name); /* Try to find a module that contains this module */ - if(!entry) { - smb_probe_module("passdb", module_name); - entry = pdb_find_backend_entry(module_name); + if (!entry) { + DEBUG(2,("No builtin backend found, trying to load plugin\n")); + if(smb_probe_module("passdb", module_name) && !(entry = pdb_find_backend_entry(module_name))) { + DEBUG(0,("Plugin is available, but doesn't register passdb backend %s\n", module_name)); + SAFE_FREE(module_name); + return NT_STATUS_UNSUCCESSFUL; + } } /* No such backend found */ if(!entry) { + DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); SAFE_FREE(module_name); return NT_STATUS_INVALID_PARAMETER; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 2571ecd33a..98ddc72ed1 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -28,7 +28,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB -#ifdef HAVE_LDAP /* TODO: * persistent connections: if using NSS LDAP, many connections are made * however, using only one within Samba would be nice @@ -2611,20 +2610,9 @@ NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method return NT_STATUS_OK; } - -#else - -NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +int pdb_ldap_init(void) { - DEBUG(0, ("ldap not detected at configure time, ldapsam not availalble!\n")); - return NT_STATUS_UNSUCCESSFUL; + smb_register_passdb("ldapsam", pdb_init_ldapsam, PASSDB_INTERFACE_VERSION); + smb_register_passdb("ldapsam_nua", pdb_init_ldapsam_nua, PASSDB_INTERFACE_VERSION); + return TRUE; } - -NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - DEBUG(0, ("ldap not dectected at configure time, ldapsam_nua not available!\n")); - return NT_STATUS_UNSUCCESSFUL; -} - - -#endif diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 0a42c36ea0..73d65af1c6 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -24,8 +24,6 @@ #include "includes.h" -#ifdef WITH_NISPLUS_SAM - #ifdef BROKEN_NISPLUS_INCLUDE_FILES /* @@ -1555,11 +1553,7 @@ NTSTATUS pdb_init_nisplussam (PDB_CONTEXT * pdb_context, return NT_STATUS_OK; } -#else -NTSTATUS pdb_init_nisplussam (PDB_CONTEXT * c, PDB_METHODS ** m, - const char *l) +int pdb_nisplus_init(void) { - DEBUG (0, ("nisplus sam not compiled in!\n")); - return NT_STATUS_UNSUCCESSFUL; + return smb_register_passdb("nisplussam", pdb_init_nisplussam, PASSDB_INTERFACE_VERSION); } -#endif /* WITH_NISPLUS_SAM */ diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index b5a2bbbfe7..bcbeb74808 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1579,3 +1579,10 @@ NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth return NT_STATUS_OK; } + +int pdb_smbpasswd_init(void) +{ + smb_register_passdb("smbpasswd", pdb_init_smbpasswd, PASSDB_INTERFACE_VERSION); + smb_register_passdb("smbpasswd_nua", pdb_init_smbpasswd_nua, PASSDB_INTERFACE_VERSION); + return TRUE; +} diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index c48c9567b1..da6fcf70fc 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -37,8 +37,6 @@ static int tdbsam_debug_level = DBGC_ALL; #endif -#ifdef WITH_TDB_SAM - #define PDB_VERSION "20010830" #define PASSDB_FILE_NAME "passdb.tdb" #define TDB_FORMAT_STRING "ddddddBBBBBBBBBBBBddBBwdwdBdd" @@ -988,20 +986,9 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, return NT_STATUS_OK; } - -#else - -NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +int pdb_tdbsam_init(void) { - DEBUG(0, ("tdbsam not compiled in!\n")); - return NT_STATUS_UNSUCCESSFUL; + smb_register_passdb("tdbsam", pdb_init_tdbsam, PASSDB_INTERFACE_VERSION); + smb_register_passdb("tdbsam_nua", pdb_init_tdbsam_nua, PASSDB_INTERFACE_VERSION); } -NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - DEBUG(0, ("tdbsam_nua not compiled in!\n")); - return NT_STATUS_UNSUCCESSFUL; -} - - -#endif diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 07acd08a4e..dcdf5cf50b 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -123,3 +123,8 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co /* There's not very much to initialise here */ return NT_STATUS_OK; } + +int pdb_unix_init(void) +{ + return smb_register_passdb("unixsam", pdb_init_unixsam, PASSDB_INTERFACE_VERSION); +} -- cgit