From c624a704be96488f0aee27930cbd4c8d99df464b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2009 22:03:52 +0200
Subject: Make escape_ldap_string take a talloc context

---
 source3/passdb/pdb_ldap.c | 45 ++++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3579325769..173298561f 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -336,7 +336,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 					  const char **attr)
 {
 	char *filter = NULL;
-	char *escape_user = escape_ldap_string_alloc(user);
+	char *escape_user = escape_ldap_string(talloc_tos(), user);
 	int ret = -1;
 
 	if (!escape_user) {
@@ -350,7 +350,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 	filter = talloc_asprintf(talloc_tos(), "(&%s%s)", "(uid=%u)",
 		get_objclass_filter(ldap_state->schema_ver));
 	if (!filter) {
-		SAFE_FREE(escape_user);
+		TALLOC_FREE(escape_user);
 		return LDAP_NO_MEMORY;
 	}
 	/*
@@ -360,7 +360,7 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state,
 
 	filter = talloc_all_string_sub(talloc_tos(),
 				filter, "%u", escape_user);
-	SAFE_FREE(escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		return LDAP_NO_MEMORY;
 	}
@@ -2120,18 +2120,18 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
 	/* does the entry already exist but without a samba attributes?
 	   we need to return the samba attributes here */
 
-	escape_user = escape_ldap_string_alloc( username );
+	escape_user = escape_ldap_string(talloc_tos(), username);
 	filter = talloc_strdup(attr_list, "(uid=%u)");
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
 	filter = talloc_all_string_sub(attr_list, filter, "%u", escape_user);
+	TALLOC_FREE(escape_user);
 	if (!filter) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fn_exit;
 	}
-	SAFE_FREE(escape_user);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state,
 				   filter, attr_list, &result);
@@ -2278,7 +2278,6 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, struct s
   fn_exit:
 
 	TALLOC_FREE(ctx);
-	SAFE_FREE(escape_user);
 	if (result) {
 		ldap_msgfree(result);
 	}
@@ -2528,7 +2527,7 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 				 const char *name)
 {
 	char *filter = NULL;
-	char *escape_name = escape_ldap_string_alloc(name);
+	char *escape_name = escape_ldap_string(talloc_tos(), name);
 	NTSTATUS status;
 
 	if (!escape_name) {
@@ -2540,11 +2539,11 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name,
 		get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN),
 		escape_name) < 0) {
-		SAFE_FREE(escape_name);
+		TALLOC_FREE(escape_name);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	status = ldapsam_getgroup(methods, filter, map);
 	SAFE_FREE(filter);
 	return status;
@@ -2665,20 +2664,19 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 		for (memberuid = values; *memberuid != NULL; memberuid += 1) {
 			char *escape_memberuid;
 
-			escape_memberuid = escape_ldap_string_alloc(*memberuid);
+			escape_memberuid = escape_ldap_string(talloc_tos(),
+							      *memberuid);
 			if (escape_memberuid == NULL) {
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
 
 			filter = talloc_asprintf_append_buffer(filter, "(uid=%s)", escape_memberuid);
+			TALLOC_FREE(escape_memberuid);
 			if (filter == NULL) {
-				SAFE_FREE(escape_memberuid);
 				ret = NT_STATUS_NO_MEMORY;
 				goto done;
 			}
-
-			SAFE_FREE(escape_memberuid);
 		}
 
 		filter = talloc_asprintf_append_buffer(filter, "))");
@@ -2812,7 +2810,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	escape_name = escape_ldap_string_alloc(pdb_get_username(user));
+	escape_name = escape_ldap_string(talloc_tos(), pdb_get_username(user));
 	if (escape_name == NULL)
 		return NT_STATUS_NO_MEMORY;
 
@@ -2950,7 +2948,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
  done:
 
-	SAFE_FREE(escape_name);
+	TALLOC_FREE(escape_name);
 	return ret;
 }
 
@@ -4185,14 +4183,14 @@ static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
 		goto done;
 	}
 
-	escaped = escape_ldap_string_alloc(username);
+	escaped = escape_ldap_string(talloc_tos(), username);
 	if (escaped == NULL) goto done;
 
 	result = talloc_string_sub(mem_ctx, filter, "%u", username);
 
  done:
 	SAFE_FREE(filter);
-	SAFE_FREE(escaped);
+	TALLOC_FREE(escaped);
 
 	return result;
 }
@@ -4994,10 +4992,10 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
 		is_machine = True;
 	}
 
-	username = escape_ldap_string_alloc(name);
+	username = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))",
 				 username, LDAP_OBJ_POSIXACCOUNT);
-	SAFE_FREE(username);
+	TALLOC_FREE(username);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5270,10 +5268,10 @@ static NTSTATUS ldapsam_create_dom_group(struct pdb_methods *my_methods,
 	gid_t gid = -1;
 	int rc;
 
-	groupname = escape_ldap_string_alloc(name);
+	groupname = escape_ldap_string(talloc_tos(), name);
 	filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))",
 				 groupname, LDAP_OBJ_POSIXGROUP);
-	SAFE_FREE(groupname);
+	TALLOC_FREE(groupname);
 
 	rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result);
 	if (rc != LDAP_SUCCESS) {
@@ -5702,7 +5700,8 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	escape_username = escape_ldap_string_alloc(pdb_get_username(sampass));
+	escape_username = escape_ldap_string(talloc_tos(),
+					     pdb_get_username(sampass));
 	if (escape_username== NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -5715,7 +5714,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 				 LDAP_OBJ_POSIXACCOUNT,
 				 LDAP_OBJ_SAMBASAMACCOUNT);
 
-	SAFE_FREE(escape_username);
+	TALLOC_FREE(escape_username);
 
 	if (filter == NULL) {
 		return NT_STATUS_NO_MEMORY;
-- 
cgit 


From d8556bbf1394439d0880983c7dff67dd8dda66b0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sun, 5 Jul 2009 14:39:16 +0200
Subject: Quieten events and tldap debug messages

---
 source3/passdb/pdb_ads.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index eec63728ca..82bc1677f0 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2111,7 +2111,7 @@ static void s3_tldap_debug(void *context, enum tldap_debug_level level,
 		samba_level = 2;
 		break;
 	case TLDAP_DEBUG_TRACE:
-		samba_level = 10;
+		samba_level = 11;
 		break;
 
 	};
-- 
cgit 


From afc6f607d5c8ba995b55464525edc8bf8f7a040c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2009 15:58:10 +0200
Subject: Return 0 domains from enum_trusteddoms

---
 source3/passdb/pdb_ads.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 82bc1677f0..ddfeb8ed80 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -2022,7 +2022,9 @@ static NTSTATUS pdb_ads_enum_trusteddoms(struct pdb_methods *m,
 					 uint32 *num_domains,
 					 struct trustdom_info ***domains)
 {
-	return NT_STATUS_NOT_IMPLEMENTED;
+	*num_domains = 0;
+	*domains = NULL;
+	return NT_STATUS_OK;
 }
 
 static void pdb_ads_init_methods(struct pdb_methods *m)
-- 
cgit 


From 05fbe0c7f763fbe8c1c48eb82ebdfe04bfa034ea Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 12 Jun 2009 15:20:48 +0200
Subject: libds: merge the UF<->ACB flag mapping functions.

Guenther
---
 source3/passdb/pdb_ads.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index ddfeb8ed80..4f7c210915 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -250,7 +250,7 @@ static NTSTATUS pdb_ads_init_sam_from_priv(struct pdb_methods *m,
 		DEBUG(10, ("Could not pull userAccountControl\n"));
 		goto fail;
 	}
-	pdb_set_acct_ctrl(sam, ads_uf2acb(n), PDB_SET);
+	pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET);
 
 	if (tldap_get_single_valueblob(entry, "unicodePwd", &blob)) {
 		if (blob.length != NT_HASH_LEN) {
@@ -310,7 +310,7 @@ static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state,
 
 	ret &= tldap_make_mod_fmt(
 		existing, mem_ctx, pnum_mods, pmods, "userAccountControl",
-		"%d", ads_acb2uf(pdb_get_acct_ctrl(sam)));
+		"%d", ds_acb2uf(pdb_get_acct_ctrl(sam)));
 
 	ret &= tldap_make_mod_fmt(
 		existing, mem_ctx, pnum_mods, pmods, "homeDirectory",
@@ -1682,7 +1682,7 @@ static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m,
 			DEBUG(10, ("no samAccountType"));
 			continue;
 		}
-		lsa_attrs[i] = ads_atype_map(attr);
+		lsa_attrs[i] = ds_atype_map(attr);
 		num_mapped += 1;
 	}
 
-- 
cgit 


From e4fca7466d3bc064587638560572813e62df00d8 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 13 Jul 2009 21:56:31 +0200
Subject: s3-pdb_ads: set correct pdb field with the value from
 'accountExpires' attribute.

Guenther
---
 source3/passdb/pdb_ads.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 4f7c210915..66fdff181f 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -203,7 +203,7 @@ static NTSTATUS pdb_ads_init_sam_from_priv(struct pdb_methods *m,
 		pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
 	}
 	if (pdb_ads_pull_time(entry, "accountExpires", &tmp_time)) {
-		pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET);
+		pdb_set_kickoff_time(sam, tmp_time, PDB_SET);
 	}
 
 	str = tldap_talloc_single_attribute(entry, "displayName",
-- 
cgit 


From 9f15ef11bdf75dbc1a1af3c2bc35b1d653216f62 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 13 Jul 2009 23:53:49 +0200
Subject: s3-account_policy: add pdb_policy_type enum.

Guenther
---
 source3/passdb/passdb.c        | 16 ++++++++--------
 source3/passdb/pdb_ads.c       | 10 ++++++----
 source3/passdb/pdb_get_set.c   |  6 +++---
 source3/passdb/pdb_interface.c | 16 ++++++++--------
 source3/passdb/pdb_ldap.c      | 40 +++++++++++++++++++++-------------------
 5 files changed, 46 insertions(+), 42 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 4ed04e4e7a..0678181669 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1439,7 +1439,7 @@ static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 bu
 	}
 
 	/* Change from V1 is addition of password history field. */
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen) {
 		uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
 		if (!pw_hist) {
@@ -1674,7 +1674,7 @@ static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 bu
 		}
 	}
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen) {
 		uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
 		if (!pw_hist) {
@@ -1879,7 +1879,7 @@ static uint32 init_buffer_from_samu_v3 (uint8 **buf, struct samu *sampass, bool
 		nt_pw_len = 0;
 	}
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	nt_pw_hist =  pdb_get_pw_history(sampass, &nt_pw_hist_len);
 	if (pwHistLen && nt_pw_hist && nt_pw_hist_len) {
 		nt_pw_hist_len *= PW_HISTORY_ENTRY_LEN;
@@ -2085,7 +2085,7 @@ bool pdb_copy_sam_account(struct samu *dst, struct samu *src )
 }
 
 /*********************************************************************
- Update the bad password count checking the AP_RESET_COUNT_TIME 
+ Update the bad password count checking the PDB_POLICY_RESET_COUNT_TIME
 *********************************************************************/
 
 bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
@@ -2102,7 +2102,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 	}
 
 	become_root();
-	res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime);
+	res = pdb_get_account_policy(PDB_POLICY_RESET_COUNT_TIME, &resettime);
 	unbecome_root();
 
 	if (!res) {
@@ -2131,7 +2131,7 @@ bool pdb_update_bad_password_count(struct samu *sampass, bool *updated)
 }
 
 /*********************************************************************
- Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION 
+ Update the ACB_AUTOLOCK flag checking the PDB_POLICY_LOCK_ACCOUNT_DURATION
 *********************************************************************/
 
 bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
@@ -2147,7 +2147,7 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated)
 	}
 
 	become_root();
-	res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration);
+	res = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, &duration);
 	unbecome_root();
 
 	if (!res) {
@@ -2199,7 +2199,7 @@ bool pdb_increment_bad_password_count(struct samu *sampass)
 
 	/* Retrieve the account lockout policy */
 	become_root();
-	ret = pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
+	ret = pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &account_policy_lockout);
 	unbecome_root();
 	if ( !ret ) {
 		DEBUG(0, ("pdb_increment_bad_password_count: pdb_get_account_policy failed.\n"));
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 66fdff181f..70d550042b 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -1706,16 +1706,18 @@ static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m,
 }
 
 static NTSTATUS pdb_ads_get_account_policy(struct pdb_methods *m,
-					   int policy_index, uint32 *value)
+					   enum pdb_policy_type type,
+					   uint32_t *value)
 {
-	return account_policy_get(policy_index, value)
+	return account_policy_get(type, value)
 		? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
 static NTSTATUS pdb_ads_set_account_policy(struct pdb_methods *m,
-					   int policy_index, uint32 value)
+					   enum pdb_policy_type type,
+					   uint32_t value)
 {
-	return account_policy_set(policy_index, value)
+	return account_policy_set(type, value)
 		? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index f55b77f675..30775e49fe 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -88,7 +88,7 @@ time_t pdb_get_pass_can_change_time(const struct samu *sampass)
 	    pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)
 		return sampass->pass_can_change_time;
 
-	if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow))
+	if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &allow))
 		allow = 0;
 
 	/* in normal cases, just calculate it from policy */
@@ -112,7 +112,7 @@ time_t pdb_get_pass_must_change_time(const struct samu *sampass)
 	if (sampass->acct_ctrl & ACB_PWNOEXP)
 		return get_time_t_max();
 
-	if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire)
+	if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire)
 	    || expire == (uint32)-1 || expire == 0) 
 		return get_time_t_max();
 
@@ -1013,7 +1013,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
 		uchar *pwhistory;
 		uint32 pwHistLen;
-		pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+		pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 		if (pwHistLen != 0){
 			uint32 current_history_len;
 			/* We need to make sure we don't have a race condition here - the
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 465a6bf595..5d0b625da5 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -994,25 +994,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
 }
 #endif
 
-bool pdb_get_account_policy(int policy_index, uint32 *value)
+bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
 	NTSTATUS status;
 
 	become_root();
-	status = pdb->get_account_policy(pdb, policy_index, value);
+	status = pdb->get_account_policy(pdb, type, value);
 	unbecome_root();
 
 	return NT_STATUS_IS_OK(status);	
 }
 
-bool pdb_set_account_policy(int policy_index, uint32 value)
+bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
 	NTSTATUS status;
 
 	become_root();
-	status = pdb->set_account_policy(pdb, policy_index, value);
+	status = pdb->set_account_policy(pdb, type, value);
 	unbecome_root();
 
 	return NT_STATUS_IS_OK(status);
@@ -1174,14 +1174,14 @@ static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
 {
-	return account_policy_get(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return account_policy_get(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
-static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
+static NTSTATUS pdb_default_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
 {
-	return account_policy_set(policy_index, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	return account_policy_set(type, value) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
 }
 
 static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq_num)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 173298561f..11554a76ac 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -902,7 +902,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
 
 	pwHistLen = 0;
 
-	pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 	if (pwHistLen > 0){
 		uint8 *pwhist = NULL;
 		int i;
@@ -1327,7 +1327,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		if (need_update(sampass, PDB_PWHISTORY)) {
 			char *pwstr = NULL;
 			uint32 pwHistLen = 0;
-			pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+			pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
 
 			pwstr = SMB_MALLOC_ARRAY(char, 1024);
 			if (!pwstr) {
@@ -1404,7 +1404,7 @@ static bool init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 		uint16 badcount = pdb_get_bad_password_count(sampass);
 		time_t badtime = pdb_get_bad_password_time(sampass);
 		uint32 pol;
-		pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol);
+		pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol);
 
 		DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n",
 			(unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime));
@@ -3762,7 +3762,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
-						   int policy_index,
+						   enum pdb_policy_type type,
 						   uint32 value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3780,7 +3780,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (policy_attr == NULL) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid "
 			 "policy\n"));
@@ -3800,7 +3800,7 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 		return ntstatus;
 	}
 
-	if (!cache_account_policy_set(policy_index, value)) {
+	if (!cache_account_policy_set(type, value)) {
 		DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to "
 			 "update local tdb cache\n"));
 		return ntstatus;
@@ -3810,14 +3810,15 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 value)
+					   enum pdb_policy_type type,
+					   uint32_t value)
 {
-	return ldapsam_set_account_policy_in_ldap(methods, policy_index,
+	return ldapsam_set_account_policy_in_ldap(methods, type,
 						  value);
 }
 
 static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods,
-						     int policy_index,
+						     enum pdb_policy_type type,
 						     uint32 *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
@@ -3839,10 +3840,10 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	policy_attr = get_account_policy_attr(policy_index);
+	policy_attr = get_account_policy_attr(type);
 	if (!policy_attr) {
 		DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid "
-			 "policy index: %d\n", policy_index));
+			 "policy index: %d\n", type));
 		return ntstatus;
 	}
 
@@ -3896,17 +3897,18 @@ out:
    Guenther
 */
 static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
-					   int policy_index, uint32 *value)
+					   enum pdb_policy_type type,
+					   uint32_t *value)
 {
 	NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
 
-	if (cache_account_policy_get(policy_index, value)) {
+	if (cache_account_policy_get(type, value)) {
 		DEBUG(11,("ldapsam_get_account_policy: got valid value from "
 			  "cache\n"));
 		return NT_STATUS_OK;
 	}
 
-	ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index,
+	ntstatus = ldapsam_get_account_policy_from_ldap(methods, type,
 							value);
 	if (NT_STATUS_IS_OK(ntstatus)) {
 		goto update_cache;
@@ -3917,27 +3919,27 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods,
 
 #if 0
 	/* should we automagically migrate old tdb value here ? */
-	if (account_policy_get(policy_index, value))
+	if (account_policy_get(type, value))
 		goto update_ldap;
 
 	DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying "
-		  "default\n", policy_index));
+		  "default\n", type));
 #endif
 
-	if (!account_policy_get_default(policy_index, value)) {
+	if (!account_policy_get_default(type, value)) {
 		return ntstatus;
 	}
 
 /* update_ldap: */
 
- 	ntstatus = ldapsam_set_account_policy(methods, policy_index, *value);
+	ntstatus = ldapsam_set_account_policy(methods, type, *value);
 	if (!NT_STATUS_IS_OK(ntstatus)) {
 		return ntstatus;
 	}
 
  update_cache:
 
-	if (!cache_account_policy_set(policy_index, *value)) {
+	if (!cache_account_policy_set(type, *value)) {
 		DEBUG(0,("ldapsam_get_account_policy: failed to update local "
 			 "tdb as a cache\n"));
 		return NT_STATUS_UNSUCCESSFUL;
-- 
cgit 


From d05054133009526bd9dd08a226747e5cfeef8fc7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 14 Jul 2009 23:12:59 +0200
Subject: Fix bug 5886

Ok, that's a very long-standing one. I finally got around to install a recent
OpenLDAP and test the different variants of setting a NULL password etc.

Thanks all for your patience!

Volker
---
 source3/passdb/pdb_ldap.c | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 11554a76ac..1b1e22f2c8 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1701,6 +1701,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		char *utf8_password;
 		char *utf8_dn;
 		size_t converted_size;
+		int ret;
 
 		if (!ldap_state->is_nds_ldap) {
 
@@ -1732,14 +1733,31 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
 		}
 
 		if ((ber_printf (ber, "{") < 0) ||
-		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
-		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
-		    (ber_printf (ber, "n}") < 0)) {
-			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
-                       ber_free(ber,1);
-                       TALLOC_FREE(utf8_dn);
-                       TALLOC_FREE(utf8_password);
-                       return NT_STATUS_UNSUCCESSFUL;
+		    (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+				 utf8_dn) < 0)) {
+			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+				 "value <0\n"));
+			ber_free(ber,1);
+			TALLOC_FREE(utf8_dn);
+			TALLOC_FREE(utf8_password);
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		if ((utf8_password != NULL) && (*utf8_password != '\0')) {
+			ret = ber_printf(ber, "ts}",
+					 LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+					 utf8_password);
+		} else {
+			ret = ber_printf(ber, "}");
+		}
+
+		if (ret < 0) {
+			DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+				 "value <0\n"));
+			ber_free(ber,1);
+			TALLOC_FREE(utf8_dn);
+			TALLOC_FREE(utf8_password);
+			return NT_STATUS_UNSUCCESSFUL;
 		}
 
 	        if ((rc = ber_flatten (ber, &bv))<0) {
-- 
cgit 


From 4b6401ab2cce8319abe0f8176bb460d51bd4a390 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 14 Jul 2009 23:36:41 +0200
Subject: s3-passdb: fix wbc build warning.

Guenther
---
 source3/passdb/pdb_wbc_sam.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index ec54d553d1..2161d2ff5c 100644
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -167,12 +167,12 @@ done:
 	return result;
 }
 
-static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)
+static NTSTATUS pdb_wbc_sam_get_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t *value)
 {
 	return NT_STATUS_UNSUCCESSFUL;
 }
 
-static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value)
+static NTSTATUS pdb_wbc_sam_set_account_policy(struct pdb_methods *methods, enum pdb_policy_type type, uint32_t value)
 {
 	return NT_STATUS_UNSUCCESSFUL;
 }
-- 
cgit 


From 0259a303f4cd69b2db0b059335421f8d0dbc74f5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 17 Jul 2009 21:50:33 -0700
Subject: Fix Coverity CIDs 887, 888. Don't pass NULL's to functions that deref
 them. Jeremy.

---
 source3/passdb/pdb_wbc_sam.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index 2161d2ff5c..df80411a7a 100644
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -316,13 +316,12 @@ static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map
 				 const char *name)
 {
 	NTSTATUS result = NT_STATUS_OK;
-	char *user_name = NULL;
-	char *domain = NULL;
+	const char *domain = "";
 	DOM_SID sid;
 	gid_t gid;
 	enum lsa_SidType name_type;
 
-	if (!winbind_lookup_name(domain, user_name, &sid, &name_type)) {
+	if (!winbind_lookup_name(domain, name, &sid, &name_type)) {
 		result = NT_STATUS_NO_SUCH_GROUP;
 		goto done;
 	}
@@ -340,7 +339,7 @@ static NTSTATUS pdb_wbc_sam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map
 		goto done;
 	}
 
-	if (!_make_group_map(methods, domain, user_name, name_type, gid, &sid, map)) {
+	if (!_make_group_map(methods, domain, name, name_type, gid, &sid, map)) {
 		result = NT_STATUS_NO_SUCH_GROUP;
 		goto done;
 	}
-- 
cgit