[PATCH] ldap connection caching (not ready!!!)
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Oct 18 09:43:01 GMT 2002
Hi Andrew,
here's the first working version of my ldap connection chaching patch
but it's not ready
I send a diff to clean HEAD and to HEAD with vl's rid-allocator patch
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
-------------- next part --------------
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_interface.c HEAD-pdb2/source/passdb/pdb_interface.c
--- HEAD/source/passdb/pdb_interface.c Fri Sep 27 07:40:04 2002
+++ HEAD-pdb2/source/passdb/pdb_interface.c Fri Oct 18 08:49:37 2002
@@ -162,6 +162,34 @@ static NTSTATUS context_add_sam_account(
return context->pdb_methods->add_sam_account(context->pdb_methods, sam_acct);
}
+static NTSTATUS context_allocate_rid_for_gid(struct pdb_context *context, gid_t gid, uint32 *rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ return context->pdb_methods->allocate_rid_for_gid(context->pdb_methods, gid, rid);
+}
+
+static NTSTATUS context_max_used_rid(struct pdb_context *context, uint32 rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ if ((!context) || (!context->pdb_methods)) {
+ DEBUG(0, ("invalid pdb_context specified!\n"));
+ return ret;
+ }
+
+ /** @todo This is where a 're-read on add' should be done */
+ /* We now add a new account to the first database listed.
+ * Should we? */
+
+ return context->pdb_methods->max_used_rid(context->pdb_methods, rid);
+}
+
static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -310,6 +338,8 @@ static NTSTATUS make_pdb_context(struct
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
+ (*context)->pdb_allocate_rid_for_gid = context_allocate_rid_for_gid;
+ (*context)->pdb_max_used_rid = context_max_used_rid;
(*context)->free_fn = free_pdb_context;
@@ -455,6 +485,28 @@ BOOL pdb_add_sam_account(SAM_ACCOUNT *sa
}
return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
+}
+
+BOOL pdb_allocate_rid_for_gid(gid_t gid, uint32 *rid)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->pdb_allocate_rid_for_gid(pdb_context, gid, rid));
+}
+
+BOOL pdb_max_used_rid(uint32 rid)
+{
+ struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+ if (!pdb_context) {
+ return False;
+ }
+
+ return NT_STATUS_IS_OK(pdb_context->pdb_max_used_rid(pdb_context, rid));
}
BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_ldap.c HEAD-pdb2/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c Thu Oct 17 14:32:53 2002
+++ HEAD-pdb2/source/passdb/pdb_ldap.c Fri Oct 18 09:56:24 2002
@@ -64,6 +64,7 @@ struct ldapsam_privates {
LDAPMessage *entry;
int index;
+ time_t last_ping;
/* retrive-once info */
const char *uri;
@@ -76,6 +77,7 @@ struct ldapsam_privates {
char *bind_secret;
};
+#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */
static struct ldapsam_privates *static_ldap_state;
@@ -422,17 +424,144 @@ static BOOL ldapsam_connect_system(struc
return True;
}
+/**********************************************************************
+Connect to LDAP server
+*********************************************************************/
+static NTSTATUS ldapsam_open(struct ldapsam_privates *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) {
+ struct sockaddr_un addr;
+ socklen_t len;
+ int sd;
+ if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
+ getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
+ /* the other end has died. reopen. */
+ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
+ ldap_state->ldap_struct = NULL;
+ ldap_state->last_ping = (time_t)0;
+ } else {
+ ldap_state->last_ping = time(NULL);
+ }
+ }
+
+ if (ldap_state->ldap_struct != NULL) {
+ DEBUG(5,("ldapsam_open: allready connected to the LDAP server\n"));
+ return NT_STATUS_OK;
+ }
+
+ if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ ldap_state->last_ping = time(NULL);
+ DEBUG(4,("The LDAP server is succesful connected\n"));
+
+ return NT_STATUS_OK;
+}
+
+/**********************************************************************
+Disconnect from LDAP server
+*********************************************************************/
+static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (ldap_state->ldap_struct != NULL) {
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ }
+
+ DEBUG(5,("The connection to the LDAP server was closed\n"));
+ /* maybe free the results here --metze */
+
+ return NT_STATUS_OK;
+}
+
+
+static int ldapsam_search(struct ldapsam_privates *ldap_state, char *base, int scope, char *filter, char *attrs[], int attrsonly, LDAPMessage **res)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_search_s(ldap_state->ldap_struct, base, scope, filter, attrs, attrsonly, res);
+}
+
+static int ldapsam_modify(struct ldapsam_privates *ldap_state, char *dn, LDAPMod *attrs[])
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_modify_s(ldap_state->ldap_struct, dn, attrs);
+}
+
+static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_add_s(ldap_state->ldap_struct, dn, attrs);
+}
+
+static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_delete_s(ldap_state->ldap_struct, dn);
+}
+
+static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
+}
+
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
+static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result);
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, (char *)filter, (char **)attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n",
@@ -447,7 +576,7 @@ static int ldapsam_search_one_user (stru
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *user,
+static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, const char *user,
LDAPMessage ** result)
{
pstring filter;
@@ -464,14 +593,14 @@ static int ldapsam_search_one_user_by_na
*/
all_string_sub(filter, "%u", user, sizeof(pstring));
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by uid.
******************************************************************/
static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, int uid,
+ int uid,
LDAPMessage ** result)
{
struct passwd *user;
@@ -490,14 +619,14 @@ static int ldapsam_search_one_user_by_ui
passwd_free(&user);
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by rid.
******************************************************************/
static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, uint32 rid,
+ uint32 rid,
LDAPMessage ** result)
{
pstring filter;
@@ -506,10 +635,10 @@ static int ldapsam_search_one_user_by_ri
/* check if the user rid exsists, if not, try searching on the uid */
snprintf(filter, sizeof(filter) - 1, "rid=%i", rid);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, result);
if (rc != LDAP_SUCCESS)
- rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct,
+ rc = ldapsam_search_one_user_by_uid(ldap_state,
fallback_pdb_user_rid_to_uid(rid),
result);
@@ -621,7 +750,7 @@ Initialize SAM_ACCOUNT from an LDAP quer
*********************************************************************/
static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAP * ldap_struct, LDAPMessage * entry)
+ LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
@@ -643,8 +772,8 @@ static BOOL init_sam_from_ldap (struct l
struct passwd *pw;
uint32 user_rid,
group_rid;
- uint8 smblmpwd[16],
- smbntpwd[16];
+ uint8 smblmpwd[LM_HASH_LEN],
+ smbntpwd[NT_HASH_LEN];
uint16 acct_ctrl,
logon_divs;
uint32 hours_len;
@@ -670,24 +799,34 @@ static BOOL init_sam_from_ldap (struct l
workstations[0] = '\0';
- if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
+ if (sampass == NULL || ldap_state == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
return False;
}
- get_single_attribute(ldap_struct, entry, "uid", username);
+ if (ldap_state->ldap_struct == NULL) {
+ DEBUG(0, ("init_sam_from_ldap: ldap_state->ldap_struct is NULL!\n"));
+ return False;
+ }
+
+ get_single_attribute(ldap_state->ldap_struct, entry, "uid", username);
DEBUG(2, ("Entry found for user: %s\n", username));
pstrcpy(nt_username, username);
pstrcpy(domain, lp_workgroup());
+
+ pdb_set_username(sampass, username, PDB_SET);
- get_single_attribute(ldap_struct, entry, "rid", temp);
+ pdb_set_domain(sampass, domain, PDB_DEFAULT);
+ pdb_set_nt_username(sampass, nt_username, PDB_SET);
+
+ get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp);
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
- if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
group_rid = 0;
} else {
group_rid = (uint32)atol(temp);
@@ -731,42 +870,42 @@ static BOOL init_sam_from_ldap (struct l
}
}
- if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) {
/* leave as default */
} else {
pass_last_set_time = (time_t) atol(temp);
pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) {
/* leave as default */
} else {
logon_time = (time_t) atol(temp);
pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) {
/* leave as default */
} else {
logoff_time = (time_t) atol(temp);
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) {
/* leave as default */
} else {
kickoff_time = (time_t) atol(temp);
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) {
/* leave as default */
} else {
pass_can_change_time = (time_t) atol(temp);
pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) {
/* leave as default */
} else {
pass_must_change_time = (time_t) atol(temp);
@@ -779,8 +918,8 @@ static BOOL init_sam_from_ldap (struct l
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
- if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", fullname)) {
/* leave as default */
} else {
pdb_set_fullname(sampass, fullname, PDB_SET);
@@ -789,7 +928,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_fullname(sampass, fullname, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) {
pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
@@ -799,7 +938,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) {
pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_home(),
username, domain,
@@ -809,7 +948,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_homedir(sampass, homedir, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) {
pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
@@ -819,7 +958,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_logon_script(sampass, logon_script, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) {
pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
@@ -829,13 +968,13 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_profile_path(sampass, profile_path, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) {
/* leave as default */
} else {
pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) {
/* leave as default */;
} else {
pdb_set_workstations(sampass, workstations, PDB_SET);
@@ -847,7 +986,7 @@ static BOOL init_sam_from_ldap (struct l
hours_len = 21;
memset(hours, 0xff, hours_len);
- if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smblmpwd);
@@ -857,7 +996,7 @@ static BOOL init_sam_from_ldap (struct l
ZERO_STRUCT(smblmpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smbntpwd);
@@ -867,7 +1006,7 @@ static BOOL init_sam_from_ldap (struct l
ZERO_STRUCT(smbntpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) {
acct_ctrl |= ACB_NORMAL;
} else {
acct_ctrl = pdb_decode_acct_ctrl(temp);
@@ -881,11 +1020,6 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- pdb_set_username(sampass, username, PDB_SET);
-
- pdb_set_domain(sampass, domain, PDB_DEFAULT);
- pdb_set_nt_username(sampass, nt_username, PDB_SET);
-
pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
@@ -1068,7 +1202,7 @@ static BOOL init_ldap_from_sam (struct l
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid, LDAP *ldap_struct)
+static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid)
{
LDAPMessage *result;
uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER;
@@ -1080,13 +1214,13 @@ static uint32 check_nua_rid_is_avail(str
return 0;
}
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
+ if (ldapsam_search_one_user_by_rid(ldap_state, final_rid, &result) != LDAP_SUCCESS) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
}
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
@@ -1100,14 +1234,14 @@ static uint32 check_nua_rid_is_avail(str
/**********************************************************************
Extract the RID from an LDAP entry
*********************************************************************/
-static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry, LDAP *ldap_struct) {
+static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry) {
uint32 rid;
SAM_ACCOUNT *user = NULL;
if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
return 0;
}
- if (init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (init_sam_from_ldap(ldap_state, user, entry)) {
rid = pdb_get_user_rid(user);
} else {
rid =0;
@@ -1123,7 +1257,7 @@ static uint32 entry_to_user_rid(struct l
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap_struct)
+static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state)
{
int rc;
pstring filter;
@@ -1144,7 +1278,7 @@ static uint32 search_top_nua_rid(struct
#endif
DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0,
&result);
@@ -1158,7 +1292,7 @@ static uint32 search_top_nua_rid(struct
return 0;
}
- count = ldap_count_entries(ldap_struct, result);
+ count = ldap_count_entries(ldap_state->ldap_struct, result);
DEBUG(2, ("search_top_nua_rid: %d entries in the base!\n", count));
if (count == 0) {
@@ -1171,13 +1305,13 @@ static uint32 search_top_nua_rid(struct
}
free(final_filter);
- entry = ldap_first_entry(ldap_struct,result);
+ entry = ldap_first_entry(ldap_state->ldap_struct,result);
- top_rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ top_rid = entry_to_user_rid(ldap_state, entry);
- while ((entry = ldap_next_entry(ldap_struct, entry))) {
+ while ((entry = ldap_next_entry(ldap_state->ldap_struct, entry))) {
- rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ rid = entry_to_user_rid(ldap_state, entry);
if (rid > top_rid) {
top_rid = rid;
}
@@ -1195,24 +1329,14 @@ static uint32 search_top_nua_rid(struct
Connect to LDAP server and find the next available RID.
*********************************************************************/
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) {
- LDAP *ldap_struct;
uint32 next_nua_rid;
uint32 top_nua_rid;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) {
- return 0;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return 0;
- }
-
- top_nua_rid = search_top_nua_rid(ldap_state, ldap_struct);
+ top_nua_rid = search_top_nua_rid(ldap_state);
next_nua_rid = check_nua_rid_is_avail(ldap_state,
- top_nua_rid, ldap_struct);
+ top_nua_rid);
- ldap_unbind(ldap_struct);
return next_nua_rid;
}
@@ -1221,23 +1345,14 @@ Connect to LDAP server for password enum
*********************************************************************/
static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
- return ret;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
- ldap_unbind(ldap_state->ldap_struct);
- return ret;
- }
-
pstrcpy(filter, lp_ldap_filter());
all_string_sub(filter, "%u", "*", sizeof(pstring));
- rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0,
&ldap_state->result);
@@ -1245,10 +1360,8 @@ static NTSTATUS ldapsam_setsampwent(stru
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
@@ -1268,10 +1381,8 @@ End enumeration of the LDAP password lis
static void ldapsam_endsampwent(struct pdb_methods *my_methods)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- if (ldap_state->ldap_struct && ldap_state->result) {
+ if (ldap_state->result) {
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
}
}
@@ -1294,8 +1405,7 @@ static NTSTATUS ldapsam_getsampwent(stru
return ret;
ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->ldap_struct,
- ldap_state->entry);
+ bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
ldap_state->entry);
@@ -1311,41 +1421,29 @@ static NTSTATUS ldapsam_getsampwnam(stru
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this user [%s] count=%d\n", sname,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
return ret;
}
@@ -1357,46 +1455,33 @@ static NTSTATUS ldapsam_getsampwrid(stru
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this rid [%i] count=%d\n", rid,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
@@ -1412,12 +1497,12 @@ Do the actual modification - also change
it it set.
**********************************************************************/
-static NTSTATUS ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op, BOOL pdb_add)
+static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op, BOOL pdb_add)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
- if (!ldap_struct || !newpwd || !dn) {
+ if (!my_methods || !newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -1429,34 +1514,34 @@ static NTSTATUS ldapsam_modify_entry(LDA
{
case LDAP_MOD_ADD:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account");
- if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
+ if((rc = ldapsam_add(ldap_state,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to add user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
break;
case LDAP_MOD_REPLACE:
- if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
+ if((rc = ldapsam_modify(ldap_state,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to modify user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
break;
default:
DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
}
@@ -1472,7 +1557,7 @@ static NTSTATUS ldapsam_modify_entry(LDA
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn);
@@ -1481,12 +1566,12 @@ static NTSTATUS ldapsam_modify_entry(LDA
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ber_flatten returns a value <0\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_free(ber,1);
-
- if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD,
+
+ if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD,
bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
@@ -1509,60 +1594,46 @@ Delete entry from LDAP for username
*********************************************************************/
static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
const char *sname;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *entry;
LDAPMessage *result;
if (!sam_acct) {
DEBUG(0, ("sam_acct was NULL!\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
sname = pdb_get_username(sam_acct);
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind (ldap_struct);
- DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname));
- return ret;
- }
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result);
- if (ldap_count_entries (ldap_struct, result) == 0) {
+ rc = ldapsam_search_one_user_by_name(ldap_state, sname, &result);
+ if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) {
DEBUG (0, ("User doesn't exit!\n"));
ldap_msgfree (result);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry (ldap_struct, result);
- dn = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ dn = ldap_get_dn (ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- rc = ldap_delete_s (ldap_struct, dn);
+ rc = ldapsam_delete(ldap_state, dn);
ldap_memfree (dn);
if (rc != LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option (ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
sname, ldap_err2string (rc), ld_error));
free (ld_error);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
- ldap_unbind (ldap_struct);
return NT_STATUS_OK;
}
@@ -1575,7 +1646,6 @@ static NTSTATUS ldapsam_update_sam_accou
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
LDAPMod **mods;
@@ -1583,8 +1653,7 @@ static NTSTATUS ldapsam_update_sam_accou
if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, False, newpwd)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
if (mods == NULL) {
@@ -1592,33 +1661,23 @@ static NTSTATUS ldapsam_update_sam_accou
return NT_STATUS_OK;
}
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
- }
-
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct,
- pdb_get_username(newpwd), &result);
+ rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
- if (ldap_count_entries(ldap_struct, result) == 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
DEBUG(0, ("No user to modify!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
- dn = ldap_get_dn(ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE, False))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, False);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify user with uid = %s\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
@@ -1627,7 +1686,6 @@ static NTSTATUS ldapsam_update_sam_accou
("successfully modified uid = %s in the LDAP database\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
@@ -1640,7 +1698,6 @@ static NTSTATUS ldapsam_add_sam_account(
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- LDAP *ldap_struct = NULL;
LDAPMessage *result = NULL;
pstring dn;
LDAPMod **mods = NULL;
@@ -1650,35 +1707,26 @@ static NTSTATUS ldapsam_add_sam_account(
const char *username = pdb_get_username(newpwd);
if (!username || !*username) {
DEBUG(0, ("Cannot add user without a username!\n"));
- return ret;
- }
-
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result);
+ rc = ldapsam_search_one_user_by_name (ldap_state, username, &result);
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0,("User already in the base, with samba properties\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, &result);
- num_result = ldap_count_entries(ldap_struct, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, &result);
+ num_result = ldap_count_entries(ldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
ldap_msgfree(result);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
/* Check if we need to update an existing entry */
@@ -1688,8 +1736,8 @@ static NTSTATUS ldapsam_add_sam_account(
DEBUG(3,("User exists without samba properties: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_struct, result);
- tmp = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ tmp = ldap_get_dn (ldap_state->ldap_struct, entry);
slprintf (dn, sizeof (dn) - 1, "%s", tmp);
ldap_memfree (tmp);
} else {
@@ -1708,43 +1756,270 @@ static NTSTATUS ldapsam_add_sam_account(
if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, True, newpwd)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
if (mods == NULL) {
DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op, True))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, True);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
+/**********************************************************************
+Search for the domain info entry
+*********************************************************************/
+static int ldapsam_search_domain_info(struct ldapsam_privates *ldap_state,
+ LDAPMessage ** result)
+{
+ pstring filter;
+ int scope = LDAP_SCOPE_SUBTREE;
+ int rc;
+ char *domain_info_attrs[] = {"domain", "rid", "domainSID", NULL };
+
+ slprintf(filter, sizeof(filter),
+ "(&(objectClass=sambaDomainInfo)(domain=%s))",
+ lp_workgroup());
+
+ DEBUG(2, ("Searching for:[%s]\n", filter));
+
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(), scope, filter,
+ domain_info_attrs, 0, result);
+
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
+ DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
+ }
+
+ return rc;
+}
+
+/**********************************************************************
+Set the new highest RID
+*********************************************************************/
+static NTSTATUS ldapsam_max_used_rid(struct pdb_methods *my_methods, uint32 rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)my_methods->private_data;
+ int rc;
+ LDAPMessage *result = NULL;
+ LDAPMessage *entry = NULL;
+ char *dn;
+ LDAPMod **mods = NULL;
+ pstring old_rid_string;
+ pstring new_rid_string;
+ uint32 new_rid;
+ int attempts = 0;
+
+ while (attempts < 10) {
+ char *ld_error;
+
+ if (ldapsam_search_domain_info(ldap_state, &result)) {
+ return ret;
+ }
+
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ DEBUG(0, ("Got no domain info entries for domain %s\n",
+ lp_workgroup()));
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ if (!entry) {
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ if ((dn = ldap_get_dn(ldap_state->ldap_struct, entry)) == NULL) {
+ DEBUG(0, ("Could not get domain info DN\n"));
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ if (!get_single_attribute(ldap_state->ldap_struct, result, "rid",
+ old_rid_string)) {
+ /* TODO: Add new rid */
+ ldap_memfree(dn);
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ /* This is the core of the whole routine. If we had
+ scheme-style closures, there would be a *lot* less code
+ duplication... */
+ new_rid = (uint32)atol(old_rid_string);
+ if (rid > new_rid) new_rid = rid;
+
+ slprintf(new_rid_string, sizeof(new_rid_string), "%d", new_rid);
+
+ /* Try to make the modification atomically by enforcing the
+ old value in the delete mod. */
+ make_a_mod(&mods, LDAP_MOD_DELETE, "rid", old_rid_string);
+ make_a_mod(&mods, LDAP_MOD_ADD, "rid", new_rid_string);
+
+ if ((rc = ldapsam_modify(ldap_state, dn, mods)) == LDAP_SUCCESS) {
+ ldap_mods_free(mods, 1);
+ ldap_memfree(dn);
+ ldap_msgfree(result);
+ return NT_STATUS_OK;
+ }
+
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ DEBUG(2, ("Failed to modify rid: %s\n", ld_error));
+ SAFE_FREE(ld_error);
+
+ ldap_mods_free(mods, 1);
+ mods = NULL;
+
+ ldap_memfree(dn);
+ dn = NULL;
+
+ ldap_msgfree(result);
+ result = NULL;
+
+ attempts += 1;
+
+ {
+ /* Sleep for a random timeout */
+ unsigned sleeptime = (sys_random()*sys_getpid()*attempts);
+ sleeptime %= 100;
+ msleep(sleeptime);
+ }
+ }
+
+ DEBUG(0, ("Failed to set new RID\n"));
+ return ret;
+}
+
+/**********************************************************************
+Allocate a new RID
+*********************************************************************/
+static NTSTATUS ldapsam_allocate_rid_for_gid(struct pdb_methods *my_methods,
+ gid_t gid, uint32 *rid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)my_methods->private_data;
+ int rc;
+ LDAPMessage *result = NULL;
+ LDAPMessage *entry = NULL;
+ char *dn;
+ LDAPMod **mods = NULL;
+ pstring old_rid_string;
+ pstring new_rid_string;
+ uint32 new_rid;
+ int attempts = 0;
+
+ while (attempts < 10) {
+ char *ld_error;
+
+ if (ldapsam_search_domain_info(ldap_state, &result)) {
+ return ret;
+ }
+
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ DEBUG(0, ("Got no domain info entries for domain %s\n",
+ lp_workgroup()));
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ if (!entry) {
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ if ((dn = ldap_get_dn(ldap_state->ldap_struct, entry)) == NULL) {
+ DEBUG(0, ("Could not get domain info DN\n"));
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ if (!get_single_attribute(ldap_state->ldap_struct, result, "rid",
+ old_rid_string)) {
+ /* TODO: Add new rid */
+ ldap_memfree(dn);
+ ldap_msgfree(result);
+ return ret;
+ }
+
+ /* This is the core of the whole routine. If we had
+ scheme-style closures, there would be a *lot* less code
+ duplication... */
+ new_rid = (uint32)atol(old_rid_string) + 1;
+
+ slprintf(new_rid_string, sizeof(new_rid_string), "%d", new_rid);
+
+ /* Try to make the modification atomically by enforcing the
+ old value in the delete mod. */
+ make_a_mod(&mods, LDAP_MOD_DELETE, "rid", old_rid_string);
+ make_a_mod(&mods, LDAP_MOD_ADD, "rid", new_rid_string);
+
+ if ((rc = ldapsam_modify(ldap_state, dn, mods)) == LDAP_SUCCESS) {
+
+ *rid = new_rid;
+
+ ldap_mods_free(mods, 1);
+ ldap_memfree(dn);
+ ldap_msgfree(result);
+ return NT_STATUS_OK;
+ }
+
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ DEBUG(2, ("Failed to modify rid: %s\n", ld_error));
+ SAFE_FREE(ld_error);
+
+ ldap_mods_free(mods, 1);
+ mods = NULL;
+
+ ldap_memfree(dn);
+ dn = NULL;
+
+ ldap_msgfree(result);
+ result = NULL;
+
+ attempts += 1;
+
+ {
+ /* Sleep for a random timeout */
+ unsigned sleeptime = (sys_random()*sys_getpid()*attempts);
+ sleeptime %= 100;
+ msleep(sleeptime);
+ }
+ }
+
+ DEBUG(0, ("Failed to allocate RID\n"));
+ return ret;
+}
+
static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
- if ((*ldap_state)->ldap_struct) {
- ldap_unbind((*ldap_state)->ldap_struct);
- }
+ ldapsam_close(*ldap_state);
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
+ ldapsam_close(*ldap_state);
+
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
@@ -1763,7 +2038,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *p
}
(*pdb_method)->name = "ldapsam";
-
+
(*pdb_method)->setsampwent = ldapsam_setsampwent;
(*pdb_method)->endsampwent = ldapsam_endsampwent;
(*pdb_method)->getsampwent = ldapsam_getsampwent;
@@ -1772,6 +2047,8 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *p
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
+ (*pdb_method)->allocate_rid_for_gid = ldapsam_allocate_rid_for_gid;
+ (*pdb_method)->max_used_rid = ldapsam_max_used_rid;
/* TODO: Setup private data and free */
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_smbpasswd.c HEAD-pdb2/source/passdb/pdb_smbpasswd.c
--- HEAD/source/passdb/pdb_smbpasswd.c Sun Oct 13 12:11:26 2002
+++ HEAD-pdb2/source/passdb/pdb_smbpasswd.c Fri Oct 18 08:50:01 2002
@@ -1460,6 +1460,19 @@ static NTSTATUS smbpasswd_add_sam_accoun
return NT_STATUS_OK;
}
+static NTSTATUS smbpasswd_allocate_rid_for_gid(struct pdb_methods *my_methods,
+ gid_t gid, uint32 *rid)
+{
+ *rid = pdb_gid_to_group_rid(gid);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS smbpasswd_max_used_rid(struct pdb_methods *my_methods, uint32 rid)
+{
+ DEBUG(0, ("pdb_smbpasswd should not be used for full PDC.\n"));
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass)
{
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
@@ -1522,6 +1535,8 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
+ (*pdb_method)->allocate_rid_for_gid = smbpasswd_allocate_rid_for_gid;
+ (*pdb_method)->max_used_rid = smbpasswd_max_used_rid;
/* Setup private data and free function */
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_tdb.c HEAD-pdb2/source/passdb/pdb_tdb.c
--- HEAD/source/passdb/pdb_tdb.c Sun Oct 13 12:11:26 2002
+++ HEAD-pdb2/source/passdb/pdb_tdb.c Fri Oct 18 08:50:13 2002
@@ -44,6 +44,7 @@ static int tdbsam_debug_level = DBGC_ALL
#define TDB_FORMAT_STRING "ddddddBBBBBBBBBBBBddBBwdwdBdd"
#define USERPREFIX "USER_"
#define RIDPREFIX "RID_"
+#define RIDCOUNTER "RIDCOUNTER"
struct tdbsam_privates {
TDB_CONTEXT *passwd_tdb;
@@ -896,6 +897,71 @@ static NTSTATUS tdbsam_add_sam_account (
return NT_STATUS_UNSUCCESSFUL;
}
+/***************************************************************************
+Set the new highest RID
+****************************************************************************/
+static NTSTATUS tdbsam_max_used_rid(struct pdb_methods *my_methods, uint32 rid)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct tdbsam_privates *tdb_state =
+ (struct tdbsam_privates *)my_methods->private_data;
+ TDB_CONTEXT *pwd_tdb;
+ BOOL tdb_ret;
+
+ /* open the account TDB passwd*/
+ pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT,
+ O_RDWR | O_CREAT, 0600);
+ if (!pwd_tdb)
+ {
+ DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n",
+ tdb_state->tdbsam_location));
+ return nt_status;
+ }
+
+ tdb_ret = tdb_new_uint32_max(pwd_tdb, RIDCOUNTER, rid+1);
+ if (tdb_ret)
+ nt_status = NT_STATUS_OK;
+
+ tdb_close(pwd_tdb);
+ return nt_status;
+}
+
+/***************************************************************************
+Allocate a new RID
+****************************************************************************/
+static NTSTATUS tdbsam_allocate_rid_for_gid(struct pdb_methods *my_methods,
+ gid_t gid, uint32 *rid)
+{
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct tdbsam_privates *tdb_state =
+ (struct tdbsam_privates *)my_methods->private_data;
+ TDB_CONTEXT *pwd_tdb;
+ BOOL tdb_ret;
+
+ if (rid==NULL) {
+ DEBUG(0,("tdbsam_allocate_rid: rid is NULL\n"));
+ return nt_status;
+ }
+
+ /* open the account TDB passwd*/
+ pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT,
+ O_RDWR | O_CREAT, 0600);
+ if (!pwd_tdb)
+ {
+ DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n",
+ tdb_state->tdbsam_location));
+ return nt_status;
+ }
+
+ *rid = 1000; /* Initial value, one less than first used */
+ tdb_ret = tdb_change_uint32_atomic(pwd_tdb, RIDCOUNTER, rid, 1);
+ if (tdb_ret)
+ nt_status = NT_STATUS_OK;
+
+ tdb_close(pwd_tdb);
+ return nt_status;
+}
+
static void free_private_data(void **vp)
{
struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
@@ -933,6 +999,8 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pd
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
+ (*pdb_method)->allocate_rid_for_gid = tdbsam_allocate_rid_for_gid;
+ (*pdb_method)->max_used_rid = tdbsam_max_used_rid;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_unix.c HEAD-pdb2/source/passdb/pdb_unix.c
--- HEAD/source/passdb/pdb_unix.c Fri Sep 27 07:40:04 2002
+++ HEAD-pdb2/source/passdb/pdb_unix.c Fri Oct 18 08:50:25 2002
@@ -96,6 +96,19 @@ static NTSTATUS unixsam_add_sam_account
return NT_STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS unixsam_allocate_rid_for_gid(struct pdb_methods *my_methods,
+ gid_t gid, uint32 *rid)
+{
+ *rid = pdb_gid_to_group_rid(gid);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS unixsam_max_used_rid(struct pdb_methods *my_methods, uint32 rid)
+{
+ DEBUG(1,("pdb_unix should not be used for full PDC.\n"));
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
/***************************************************************************
Updates a SAM_ACCOUNT
@@ -154,6 +167,8 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *p
(*pdb_method)->add_sam_account = unixsam_add_sam_account;
(*pdb_method)->update_sam_account = unixsam_update_sam_account;
(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
+ (*pdb_method)->allocate_rid_for_gid = unixsam_allocate_rid_for_gid;
+ (*pdb_method)->max_used_rid = unixsam_max_used_rid;
/* There's not very much to initialise here */
return NT_STATUS_OK;
-------------- next part --------------
diff -Npur --exclude=CVS --exclude=*.bak --exclude=*.o --exclude=*.po --exclude=.#* HEAD/source/passdb/pdb_ldap.c HEAD-pdb/source/passdb/pdb_ldap.c
--- HEAD/source/passdb/pdb_ldap.c Thu Oct 17 14:32:53 2002
+++ HEAD-pdb/source/passdb/pdb_ldap.c Fri Oct 18 07:40:38 2002
@@ -64,6 +64,7 @@ struct ldapsam_privates {
LDAPMessage *entry;
int index;
+ time_t last_ping;
/* retrive-once info */
const char *uri;
@@ -76,6 +77,7 @@ struct ldapsam_privates {
char *bind_secret;
};
+#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */
static struct ldapsam_privates *static_ldap_state;
@@ -422,17 +424,144 @@ static BOOL ldapsam_connect_system(struc
return True;
}
+/**********************************************************************
+Connect to LDAP server
+*********************************************************************/
+static NTSTATUS ldapsam_open(struct ldapsam_privates *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) {
+ struct sockaddr_un addr;
+ socklen_t len;
+ int sd;
+ if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
+ getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
+ /* the other end has died. reopen. */
+ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
+ ldap_state->ldap_struct = NULL;
+ ldap_state->last_ping = (time_t)0;
+ } else {
+ ldap_state->last_ping = time(NULL);
+ }
+ }
+
+ if (ldap_state->ldap_struct != NULL) {
+ DEBUG(5,("ldapsam_open: allready connected to the LDAP server\n"));
+ return NT_STATUS_OK;
+ }
+
+ if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ ldap_state->last_ping = time(NULL);
+ DEBUG(4,("The LDAP server is succesful connected\n"));
+
+ return NT_STATUS_OK;
+}
+
+/**********************************************************************
+Disconnect from LDAP server
+*********************************************************************/
+static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (ldap_state->ldap_struct != NULL) {
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ }
+
+ DEBUG(5,("The connection to the LDAP server was closed\n"));
+ /* maybe free the results here --metze */
+
+ return NT_STATUS_OK;
+}
+
+
+static int ldapsam_search(struct ldapsam_privates *ldap_state, char *base, int scope, char *filter, char *attrs[], int attrsonly, LDAPMessage **res)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_search_s(ldap_state->ldap_struct, base, scope, filter, attrs, attrsonly, res);
+}
+
+static int ldapsam_modify(struct ldapsam_privates *ldap_state, char *dn, LDAPMod *attrs[])
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_modify_s(ldap_state->ldap_struct, dn, attrs);
+}
+
+static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_add_s(ldap_state->ldap_struct, dn, attrs);
+}
+
+static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_delete_s(ldap_state->ldap_struct, dn);
+}
+
+static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
+{
+ if (!ldap_state)
+ return (-1);
+
+ if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
+ DEBUG(0,("Connection to LDAP Server failed!\n"));
+ return LDAP_SERVER_DOWN;
+ }
+
+ return ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
+}
+
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
+static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result);
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, (char *)filter, (char **)attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n",
@@ -447,7 +576,7 @@ static int ldapsam_search_one_user (stru
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *user,
+static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, const char *user,
LDAPMessage ** result)
{
pstring filter;
@@ -464,14 +593,14 @@ static int ldapsam_search_one_user_by_na
*/
all_string_sub(filter, "%u", user, sizeof(pstring));
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by uid.
******************************************************************/
static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, int uid,
+ int uid,
LDAPMessage ** result)
{
struct passwd *user;
@@ -490,14 +619,14 @@ static int ldapsam_search_one_user_by_ui
passwd_free(&user);
- return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ return ldapsam_search_one_user(ldap_state, filter, result);
}
/*******************************************************************
run the search by rid.
******************************************************************/
static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state,
- LDAP * ldap_struct, uint32 rid,
+ uint32 rid,
LDAPMessage ** result)
{
pstring filter;
@@ -506,10 +635,10 @@ static int ldapsam_search_one_user_by_ri
/* check if the user rid exsists, if not, try searching on the uid */
snprintf(filter, sizeof(filter) - 1, "rid=%i", rid);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, result);
if (rc != LDAP_SUCCESS)
- rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct,
+ rc = ldapsam_search_one_user_by_uid(ldap_state,
fallback_pdb_user_rid_to_uid(rid),
result);
@@ -621,7 +750,7 @@ Initialize SAM_ACCOUNT from an LDAP quer
*********************************************************************/
static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAP * ldap_struct, LDAPMessage * entry)
+ LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
@@ -643,8 +772,8 @@ static BOOL init_sam_from_ldap (struct l
struct passwd *pw;
uint32 user_rid,
group_rid;
- uint8 smblmpwd[16],
- smbntpwd[16];
+ uint8 smblmpwd[LM_HASH_LEN],
+ smbntpwd[NT_HASH_LEN];
uint16 acct_ctrl,
logon_divs;
uint32 hours_len;
@@ -670,24 +799,34 @@ static BOOL init_sam_from_ldap (struct l
workstations[0] = '\0';
- if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
+ if (sampass == NULL || ldap_state == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
return False;
}
- get_single_attribute(ldap_struct, entry, "uid", username);
+ if (ldap_state->ldap_struct == NULL) {
+ DEBUG(0, ("init_sam_from_ldap: ldap_state->ldap_struct is NULL!\n"));
+ return False;
+ }
+
+ get_single_attribute(ldap_state->ldap_struct, entry, "uid", username);
DEBUG(2, ("Entry found for user: %s\n", username));
pstrcpy(nt_username, username);
pstrcpy(domain, lp_workgroup());
+
+ pdb_set_username(sampass, username, PDB_SET);
- get_single_attribute(ldap_struct, entry, "rid", temp);
+ pdb_set_domain(sampass, domain, PDB_DEFAULT);
+ pdb_set_nt_username(sampass, nt_username, PDB_SET);
+
+ get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp);
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
- if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
group_rid = 0;
} else {
group_rid = (uint32)atol(temp);
@@ -731,42 +870,42 @@ static BOOL init_sam_from_ldap (struct l
}
}
- if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) {
/* leave as default */
} else {
pass_last_set_time = (time_t) atol(temp);
pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) {
/* leave as default */
} else {
logon_time = (time_t) atol(temp);
pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) {
/* leave as default */
} else {
logoff_time = (time_t) atol(temp);
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) {
/* leave as default */
} else {
kickoff_time = (time_t) atol(temp);
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) {
/* leave as default */
} else {
pass_can_change_time = (time_t) atol(temp);
pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) {
/* leave as default */
} else {
pass_must_change_time = (time_t) atol(temp);
@@ -779,8 +918,8 @@ static BOOL init_sam_from_ldap (struct l
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
- if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", fullname)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", fullname)) {
/* leave as default */
} else {
pdb_set_fullname(sampass, fullname, PDB_SET);
@@ -789,7 +928,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_fullname(sampass, fullname, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) {
pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
@@ -799,7 +938,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) {
pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_home(),
username, domain,
@@ -809,7 +948,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_homedir(sampass, homedir, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) {
pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
@@ -819,7 +958,7 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_logon_script(sampass, logon_script, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) {
pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
@@ -829,13 +968,13 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_profile_path(sampass, profile_path, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) {
/* leave as default */
} else {
pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
}
- if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) {
/* leave as default */;
} else {
pdb_set_workstations(sampass, workstations, PDB_SET);
@@ -847,7 +986,7 @@ static BOOL init_sam_from_ldap (struct l
hours_len = 21;
memset(hours, 0xff, hours_len);
- if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smblmpwd);
@@ -857,7 +996,7 @@ static BOOL init_sam_from_ldap (struct l
ZERO_STRUCT(smblmpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smbntpwd);
@@ -867,7 +1006,7 @@ static BOOL init_sam_from_ldap (struct l
ZERO_STRUCT(smbntpwd);
}
- if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
+ if (!get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) {
acct_ctrl |= ACB_NORMAL;
} else {
acct_ctrl = pdb_decode_acct_ctrl(temp);
@@ -881,11 +1020,6 @@ static BOOL init_sam_from_ldap (struct l
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- pdb_set_username(sampass, username, PDB_SET);
-
- pdb_set_domain(sampass, domain, PDB_DEFAULT);
- pdb_set_nt_username(sampass, nt_username, PDB_SET);
-
pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
@@ -1068,7 +1202,7 @@ static BOOL init_ldap_from_sam (struct l
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid, LDAP *ldap_struct)
+static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid)
{
LDAPMessage *result;
uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER;
@@ -1080,13 +1214,13 @@ static uint32 check_nua_rid_is_avail(str
return 0;
}
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
+ if (ldapsam_search_one_user_by_rid(ldap_state, final_rid, &result) != LDAP_SUCCESS) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
}
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
@@ -1100,14 +1234,14 @@ static uint32 check_nua_rid_is_avail(str
/**********************************************************************
Extract the RID from an LDAP entry
*********************************************************************/
-static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry, LDAP *ldap_struct) {
+static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry) {
uint32 rid;
SAM_ACCOUNT *user = NULL;
if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
return 0;
}
- if (init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (init_sam_from_ldap(ldap_state, user, entry)) {
rid = pdb_get_user_rid(user);
} else {
rid =0;
@@ -1123,7 +1257,7 @@ static uint32 entry_to_user_rid(struct l
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap_struct)
+static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state)
{
int rc;
pstring filter;
@@ -1144,7 +1278,7 @@ static uint32 search_top_nua_rid(struct
#endif
DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
- rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0,
&result);
@@ -1158,7 +1292,7 @@ static uint32 search_top_nua_rid(struct
return 0;
}
- count = ldap_count_entries(ldap_struct, result);
+ count = ldap_count_entries(ldap_state->ldap_struct, result);
DEBUG(2, ("search_top_nua_rid: %d entries in the base!\n", count));
if (count == 0) {
@@ -1171,13 +1305,13 @@ static uint32 search_top_nua_rid(struct
}
free(final_filter);
- entry = ldap_first_entry(ldap_struct,result);
+ entry = ldap_first_entry(ldap_state->ldap_struct,result);
- top_rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ top_rid = entry_to_user_rid(ldap_state, entry);
- while ((entry = ldap_next_entry(ldap_struct, entry))) {
+ while ((entry = ldap_next_entry(ldap_state->ldap_struct, entry))) {
- rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+ rid = entry_to_user_rid(ldap_state, entry);
if (rid > top_rid) {
top_rid = rid;
}
@@ -1195,24 +1329,14 @@ static uint32 search_top_nua_rid(struct
Connect to LDAP server and find the next available RID.
*********************************************************************/
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) {
- LDAP *ldap_struct;
uint32 next_nua_rid;
uint32 top_nua_rid;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) {
- return 0;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return 0;
- }
-
- top_nua_rid = search_top_nua_rid(ldap_state, ldap_struct);
+ top_nua_rid = search_top_nua_rid(ldap_state);
next_nua_rid = check_nua_rid_is_avail(ldap_state,
- top_nua_rid, ldap_struct);
+ top_nua_rid);
- ldap_unbind(ldap_struct);
return next_nua_rid;
}
@@ -1221,23 +1345,14 @@ Connect to LDAP server for password enum
*********************************************************************/
static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
- return ret;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
- ldap_unbind(ldap_state->ldap_struct);
- return ret;
- }
-
pstrcpy(filter, lp_ldap_filter());
all_string_sub(filter, "%u", "*", sizeof(pstring));
- rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
+ rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0,
&ldap_state->result);
@@ -1245,10 +1360,8 @@ static NTSTATUS ldapsam_setsampwent(stru
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
@@ -1268,10 +1381,8 @@ End enumeration of the LDAP password lis
static void ldapsam_endsampwent(struct pdb_methods *my_methods)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- if (ldap_state->ldap_struct && ldap_state->result) {
+ if (ldap_state->result) {
ldap_msgfree(ldap_state->result);
- ldap_unbind(ldap_state->ldap_struct);
- ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
}
}
@@ -1294,8 +1405,7 @@ static NTSTATUS ldapsam_getsampwent(stru
return ret;
ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->ldap_struct,
- ldap_state->entry);
+ bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
ldap_state->entry);
@@ -1311,41 +1421,29 @@ static NTSTATUS ldapsam_getsampwnam(stru
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this user [%s] count=%d\n", sname,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
return ret;
}
@@ -1357,46 +1455,33 @@ static NTSTATUS ldapsam_getsampwrid(stru
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind(ldap_struct);
- return ret;
- }
- if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) != LDAP_SUCCESS) {
- ldap_unbind(ldap_struct);
- return ret;
+ if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this rid [%i] count=%d\n", rid,
- ldap_count_entries(ldap_struct, result)));
- ldap_unbind(ldap_struct);
- return ret;
+ ldap_count_entries(ldap_state->ldap_struct, result)));
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
}
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
@@ -1412,12 +1497,12 @@ Do the actual modification - also change
it it set.
**********************************************************************/
-static NTSTATUS ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op, BOOL pdb_add)
+static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op, BOOL pdb_add)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
- if (!ldap_struct || !newpwd || !dn) {
+ if (!my_methods || !newpwd || !dn) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -1429,34 +1514,34 @@ static NTSTATUS ldapsam_modify_entry(LDA
{
case LDAP_MOD_ADD:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account");
- if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
+ if((rc = ldapsam_add(ldap_state,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to add user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
break;
case LDAP_MOD_REPLACE:
- if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
+ if((rc = ldapsam_modify(ldap_state,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to modify user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
break;
default:
DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
}
@@ -1472,7 +1557,7 @@ static NTSTATUS ldapsam_modify_entry(LDA
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn);
@@ -1481,12 +1566,12 @@ static NTSTATUS ldapsam_modify_entry(LDA
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ber_flatten returns a value <0\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ber_free(ber,1);
-
- if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD,
+
+ if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD,
bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
@@ -1509,60 +1594,46 @@ Delete entry from LDAP for username
*********************************************************************/
static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct)
{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
const char *sname;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *entry;
LDAPMessage *result;
if (!sam_acct) {
DEBUG(0, ("sam_acct was NULL!\n"));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
sname = pdb_get_username(sam_acct);
- if (!ldapsam_open_connection(ldap_state, &ldap_struct))
- return ret;
-
DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
- ldap_unbind (ldap_struct);
- DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname));
- return ret;
- }
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result);
- if (ldap_count_entries (ldap_struct, result) == 0) {
+ rc = ldapsam_search_one_user_by_name(ldap_state, sname, &result);
+ if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) {
DEBUG (0, ("User doesn't exit!\n"));
ldap_msgfree (result);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry (ldap_struct, result);
- dn = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ dn = ldap_get_dn (ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- rc = ldap_delete_s (ldap_struct, dn);
+ rc = ldapsam_delete(ldap_state, dn);
ldap_memfree (dn);
if (rc != LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option (ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
sname, ldap_err2string (rc), ld_error));
free (ld_error);
- ldap_unbind (ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
- ldap_unbind (ldap_struct);
return NT_STATUS_OK;
}
@@ -1575,7 +1646,6 @@ static NTSTATUS ldapsam_update_sam_accou
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
char *dn;
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
LDAPMod **mods;
@@ -1583,8 +1653,7 @@ static NTSTATUS ldapsam_update_sam_accou
if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, False, newpwd)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
if (mods == NULL) {
@@ -1592,33 +1661,23 @@ static NTSTATUS ldapsam_update_sam_accou
return NT_STATUS_OK;
}
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
- }
+ rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
- rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct,
- pdb_get_username(newpwd), &result);
-
- if (ldap_count_entries(ldap_struct, result) == 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
DEBUG(0, ("No user to modify!\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_struct, result);
- dn = ldap_get_dn(ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->ldap_struct, entry);
ldap_msgfree(result);
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE, False))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, False);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify user with uid = %s\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
@@ -1627,7 +1686,6 @@ static NTSTATUS ldapsam_update_sam_accou
("successfully modified uid = %s in the LDAP database\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
@@ -1640,7 +1698,6 @@ static NTSTATUS ldapsam_add_sam_account(
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
- LDAP *ldap_struct = NULL;
LDAPMessage *result = NULL;
pstring dn;
LDAPMod **mods = NULL;
@@ -1650,35 +1707,26 @@ static NTSTATUS ldapsam_add_sam_account(
const char *username = pdb_get_username(newpwd);
if (!username || !*username) {
DEBUG(0, ("Cannot add user without a username!\n"));
- return ret;
- }
-
- if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
- return ret;
-
- if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
- rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result);
+ rc = ldapsam_search_one_user_by_name (ldap_state, username, &result);
- if (ldap_count_entries(ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
DEBUG(0,("User already in the base, with samba properties\n"));
ldap_msgfree(result);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
ldap_msgfree(result);
slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
- rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, &result);
- num_result = ldap_count_entries(ldap_struct, result);
+ rc = ldapsam_search_one_user(ldap_state, filter, &result);
+ num_result = ldap_count_entries(ldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
ldap_msgfree(result);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
/* Check if we need to update an existing entry */
@@ -1688,8 +1736,8 @@ static NTSTATUS ldapsam_add_sam_account(
DEBUG(3,("User exists without samba properties: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_struct, result);
- tmp = ldap_get_dn (ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->ldap_struct, result);
+ tmp = ldap_get_dn (ldap_state->ldap_struct, entry);
slprintf (dn, sizeof (dn) - 1, "%s", tmp);
ldap_memfree (tmp);
} else {
@@ -1708,28 +1756,26 @@ static NTSTATUS ldapsam_add_sam_account(
if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, True, newpwd)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
if (mods == NULL) {
DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
- return ret;
+ return NT_STATUS_UNSUCCESSFUL;
}
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op, True))) {
+ ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, True);
+ if (NT_STATUS_IS_ERR(ret)) {
DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
pdb_get_username(newpwd),dn));
ldap_mods_free(mods,1);
- ldap_unbind(ldap_struct);
return ret;
}
DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
- ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
@@ -1737,14 +1783,14 @@ static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
- if ((*ldap_state)->ldap_struct) {
- ldap_unbind((*ldap_state)->ldap_struct);
- }
+ ldapsam_close(*ldap_state);
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
+ ldapsam_close(*ldap_state);
+
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
@@ -1763,7 +1809,7 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *p
}
(*pdb_method)->name = "ldapsam";
-
+
(*pdb_method)->setsampwent = ldapsam_setsampwent;
(*pdb_method)->endsampwent = ldapsam_endsampwent;
(*pdb_method)->getsampwent = ldapsam_getsampwent;
More information about the samba-technical
mailing list