-/*
+/*
Unix SMB/CIFS implementation.
LDAP protocol helper functions for SAMBA
Copyright (C) Jean François Micouleau 1998
/* TODO:
* persistent connections: if using NSS LDAP, many connections are made
* however, using only one within Samba would be nice
-*
+*
* Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK
*
* Other LDAP based login attributes: accountExpires, etc.
/**********************************************************************
Get the attribute name given a user schame version.
**********************************************************************/
-
+
static const char* get_userattr_key2string( int schema_ver, int key )
{
switch ( schema_ver ) {
/*******************************************************************
- Generate the LDAP search filter for the objectclass based on the
+ Generate the LDAP search filter for the objectclass based on the
version of the schema we are using.
******************************************************************/
/* very basic sanity check */
if (*seq_num <= 0) {
- DEBUG(3,("ldapsam_get_seq_num: invalid sequence number: %d\n",
+ DEBUG(3,("ldapsam_get_seq_num: invalid sequence number: %d\n",
(int)*seq_num));
goto done;
}
}
if (IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
- DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
+ DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n",
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_USER_SID),
get_userattr_key2string(ldap_state->schema_ver,
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
dom_sid_str_buf(user_sid, &sid_str));
break;
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver,
+ get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PRIMARY_GROUP_SID),
dom_sid_str_buf(group_sid, &sid_str));
break;
if (need_update(sampass, PDB_FULLNAME))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME),
pdb_get_fullname(sampass));
if (need_update(sampass, PDB_ACCTDESC))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC),
pdb_get_acct_desc(sampass));
if (need_update(sampass, PDB_WORKSTATIONS))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
pdb_get_workstations(sampass));
if (need_update(sampass, PDB_MUNGEDDIAL))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL),
pdb_get_munged_dial(sampass));
if (need_update(sampass, PDB_SMBHOME))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
pdb_get_homedir(sampass));
if (need_update(sampass, PDB_DRIVE))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
pdb_get_dir_drive(sampass));
if (need_update(sampass, PDB_LOGONSCRIPT))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT),
pdb_get_logon_script(sampass));
if (need_update(sampass, PDB_PROFILE))
smbldap_make_mod(smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
if (asprintf(&temp, "%li", (long int)pdb_get_logon_time(sampass)) < 0) {
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
pwstr);
} else {
smbldap_make_mod(
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
NULL);
}
}
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
pwstr);
} else {
smbldap_make_mod(
smbldap_get_ldap(
ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
NULL);
}
}
smbldap_make_mod(
smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY),
pwstr);
SAFE_FREE(pwstr);
}
smbldap_make_mod(
smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
temp);
SAFE_FREE(temp);
}
smbldap_make_mod(
smbldap_get_ldap(ldap_state->smbldap_state),
existing, mods,
- get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
+ get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN));
/* password lockout cache:
attr_list);
TALLOC_FREE( attr_list );
- if ( rc != LDAP_SUCCESS )
+ if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
count = ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
return ret;
}
-static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
+static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
const struct dom_sid *sid, LDAPMessage **result)
{
int rc = -1;
result, attr_list);
TALLOC_FREE(tmp_ctx);
- if ( rc != LDAP_SUCCESS )
+ if ( rc != LDAP_SUCCESS )
return rc;
break;
}
int count;
int rc;
- rc = ldapsam_get_ldap_user_by_sid(ldap_state,
- sid, &result);
+ rc = ldapsam_get_ldap_user_by_sid(ldap_state,
+ sid, &result);
if (rc != LDAP_SUCCESS)
return NT_STATUS_NO_SUCH_USER;
my_methods, PDB_CHANGED);
smbldap_talloc_autofree_ldapmsg(user, result);
return NT_STATUS_OK;
-}
+}
/********************************************************************
- Do the actual modification - also change a plaintext passord if
+ Do the actual modification - also change a plaintext passord if
it it set.
**********************************************************************/
-static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
+static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
struct samu *newpwd, char *dn,
- LDAPMod **mods, int ldap_op,
+ LDAPMod **mods, int ldap_op,
bool (*need_update)(const struct samu *, enum pdb_elements))
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
ber_free(ber, 1);
if (!ldap_state->is_nds_ldap) {
- rc = smbldap_extended_operation(ldap_state->smbldap_state,
+ rc = smbldap_extended_operation(ldap_state->smbldap_state,
LDAP_EXOP_MODIFY_PASSWD,
- bv, NULL, NULL, &retoid,
+ bv, NULL, NULL, &retoid,
&retdata);
} else {
rc = pdb_nds_set_password(ldap_state->smbldap_state, dn,
DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd)));
#ifdef DEBUG_PASSWORD
DEBUG(100,("ldapsam_modify_entry: LDAP Password changed to %s\n",pdb_get_plaintext_passwd(newpwd)));
-#endif
+#endif
if (retdata)
ber_bvfree(retdata);
if (retoid)
if (ldap_count_entries(smbldap_get_ldap(ldap_state->smbldap_state),
result) != 0) {
- DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n",
+ DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n",
username));
goto fn_exit;
}
LDAP_ATTR_GIDNUMBER),
ctx);
if (!temp) {
- DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
+ DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n",
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER)));
TALLOC_FREE(ctx);
return false;
break;
case SID_NAME_ALIAS:
- if (!sid_check_is_in_our_sam(&map->sid)
- && !sid_check_is_in_builtin(&map->sid) )
+ if (!sid_check_is_in_our_sam(&map->sid)
+ && !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
dom_sid_str_buf(&map->sid, &buf)));
return ntstatus;
}
-/* wrapper around ldapsam_get_account_policy_from_ldap(), handles tdb as cache
+/* wrapper around ldapsam_get_account_policy_from_ldap(), handles tdb as cache
- if user hasn't decided to use account policies inside LDAP just reuse the
old tdb values
- if there is a valid cache entry, return that
- - if there is an LDAP entry, update cache and return
+ - if there is an LDAP entry, update cache and return
- otherwise set to default, update cache and return
Guenther
if ((state->acct_flags != 0) &&
((state->acct_flags & acct_flags) == 0))
- return False;
+ return False;
result->acct_flags = acct_flags;
result->account_name = "";
case SID_NAME_DOM_GRP:
case SID_NAME_ALIAS:
- if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)
- && !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
+ if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)
+ && !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid))
{
struct dom_sid_buf buf;
DEBUG(0, ("%s is not in our domain\n",
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
} else {
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- }
+ }
ldap_mods_free(mods, true);
smbldap_talloc_autofree_ldapmod(tmp_ctx, mods);
- if (is_new_entry) {
+ if (is_new_entry) {
rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
#if 0
if (rc == LDAP_OBJECT_CLASS_VIOLATION) {
#endif
} else {
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
- }
+ }
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_create_group: failed to create a new group [%s] (dn = %s)\n", name ,dn));
Housekeeping
*********************************************************************/
-static void free_private_data(void **vp)
+static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
}
/*********************************************************************
- Intitalise the parts of the pdb_methods structure that are common to
+ Intitalise the parts of the pdb_methods structure that are common to
all pdb_ldap modes
*********************************************************************/
projects / thirdparty / samba.git / commitdiff
