データ構造 | |
struct | ldap_search_state |
関数 | |
static LDAP * | priv2ld (struct ldapsam_privates *priv) |
static const char * | get_userattr_key2string (int schema_ver, int key) |
const char ** | get_userattr_list (TALLOC_CTX *mem_ctx, int schema_ver) |
static const char ** | get_userattr_delete_list (TALLOC_CTX *mem_ctx, int schema_ver) |
static const char * | get_objclass_filter (int schema_ver) |
static NTSTATUS | ldapsam_get_seq_num (struct pdb_methods *my_methods, time_t *seq_num) |
int | ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, const char *user, LDAPMessage **result, const char **attr) |
static int | ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state, uint32 rid, LDAPMessage **result, const char **attr) |
static int | ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state, const DOM_SID *sid, LDAPMessage **result, const char **attr) |
static int | ldapsam_delete_entry (struct ldapsam_privates *priv, TALLOC_CTX *mem_ctx, LDAPMessage *entry, const char *objectclass, const char **attrs) |
static time_t | ldapsam_get_entry_timestamp (struct ldapsam_privates *ldap_state, LDAPMessage *entry) |
static BOOL | init_sam_from_ldap (struct ldapsam_privates *ldap_state, struct samu *sampass, LDAPMessage *entry) |
static BOOL | init_ldap_from_sam (struct ldapsam_privates *ldap_state, LDAPMessage *existing, LDAPMod ***mods, struct samu *sampass, BOOL(*need_update)(const struct samu *, enum pdb_elements)) |
static NTSTATUS | ldapsam_setsampwent (struct pdb_methods *my_methods, BOOL update, uint32 acb_mask) |
static void | ldapsam_endsampwent (struct pdb_methods *my_methods) |
static NTSTATUS | ldapsam_getsampwent (struct pdb_methods *my_methods, struct samu *user) |
static void | append_attr (TALLOC_CTX *mem_ctx, const char ***attr_list, const char *new_attr) |
static NTSTATUS | ldapsam_getsampwnam (struct pdb_methods *my_methods, struct samu *user, const char *sname) |
static int | ldapsam_get_ldap_user_by_sid (struct ldapsam_privates *ldap_state, const DOM_SID *sid, LDAPMessage **result) |
static NTSTATUS | ldapsam_getsampwsid (struct pdb_methods *my_methods, struct samu *user, const DOM_SID *sid) |
static NTSTATUS | ldapsam_modify_entry (struct pdb_methods *my_methods, struct samu *newpwd, char *dn, LDAPMod **mods, int ldap_op, BOOL(*need_update)(const struct samu *, enum pdb_elements)) |
static NTSTATUS | ldapsam_delete_sam_account (struct pdb_methods *my_methods, struct samu *sam_acct) |
static BOOL | element_is_changed (const struct samu *sampass, enum pdb_elements element) |
static NTSTATUS | ldapsam_update_sam_account (struct pdb_methods *my_methods, struct samu *newpwd) |
static NTSTATUS | ldapsam_rename_sam_account (struct pdb_methods *my_methods, struct samu *old_acct, const char *newname) |
static BOOL | element_is_set_or_changed (const struct samu *sampass, enum pdb_elements element) |
static NTSTATUS | ldapsam_add_sam_account (struct pdb_methods *my_methods, struct samu *newpwd) |
static int | ldapsam_search_one_group (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage **result) |
static BOOL | init_group_from_ldap (struct ldapsam_privates *ldap_state, GROUP_MAP *map, LDAPMessage *entry) |
static NTSTATUS | ldapsam_getgroup (struct pdb_methods *methods, const char *filter, GROUP_MAP *map) |
static NTSTATUS | ldapsam_getgrsid (struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid) |
static NTSTATUS | ldapsam_getgrgid (struct pdb_methods *methods, GROUP_MAP *map, gid_t gid) |
static NTSTATUS | ldapsam_getgrnam (struct pdb_methods *methods, GROUP_MAP *map, const char *name) |
static BOOL | ldapsam_extract_rid_from_entry (LDAP *ldap_struct, LDAPMessage *entry, const DOM_SID *domain_sid, uint32 *rid) |
static NTSTATUS | ldapsam_enum_group_members (struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *group, uint32 **pp_member_rids, size_t *p_num_members) |
static NTSTATUS | ldapsam_enum_group_memberships (struct pdb_methods *methods, TALLOC_CTX *mem_ctx, struct samu *user, DOM_SID **pp_sids, gid_t **pp_gids, size_t *p_num_groups) |
static NTSTATUS | ldapsam_map_posixgroup (TALLOC_CTX *mem_ctx, struct ldapsam_privates *ldap_state, GROUP_MAP *map) |
static NTSTATUS | ldapsam_add_group_mapping_entry (struct pdb_methods *methods, GROUP_MAP *map) |
static NTSTATUS | ldapsam_update_group_mapping_entry (struct pdb_methods *methods, GROUP_MAP *map) |
static NTSTATUS | ldapsam_delete_group_mapping_entry (struct pdb_methods *methods, DOM_SID sid) |
static NTSTATUS | ldapsam_setsamgrent (struct pdb_methods *my_methods, BOOL update) |
static void | ldapsam_endsamgrent (struct pdb_methods *my_methods) |
static NTSTATUS | ldapsam_getsamgrent (struct pdb_methods *my_methods, GROUP_MAP *map) |
static NTSTATUS | ldapsam_enum_group_mapping (struct pdb_methods *methods, const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) |
static NTSTATUS | ldapsam_modify_aliasmem (struct pdb_methods *methods, const DOM_SID *alias, const DOM_SID *member, int modop) |
static NTSTATUS | ldapsam_add_aliasmem (struct pdb_methods *methods, const DOM_SID *alias, const DOM_SID *member) |
static NTSTATUS | ldapsam_del_aliasmem (struct pdb_methods *methods, const DOM_SID *alias, const DOM_SID *member) |
static NTSTATUS | ldapsam_enum_aliasmem (struct pdb_methods *methods, const DOM_SID *alias, DOM_SID **pp_members, size_t *p_num_members) |
static NTSTATUS | ldapsam_alias_memberships (struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, const DOM_SID *members, size_t num_members, uint32 **pp_alias_rids, size_t *p_num_alias_rids) |
static NTSTATUS | ldapsam_set_account_policy_in_ldap (struct pdb_methods *methods, int policy_index, uint32 value) |
static NTSTATUS | ldapsam_set_account_policy (struct pdb_methods *methods, int policy_index, uint32 value) |
static NTSTATUS | ldapsam_get_account_policy_from_ldap (struct pdb_methods *methods, int policy_index, uint32 *value) |
static NTSTATUS | ldapsam_get_account_policy (struct pdb_methods *methods, int policy_index, uint32 *value) |
static NTSTATUS | ldapsam_lookup_rids (struct pdb_methods *methods, const DOM_SID *domain_sid, int num_rids, uint32 *rids, const char **names, enum lsa_SidType *attrs) |
static char * | get_ldap_filter (TALLOC_CTX *mem_ctx, const char *username) |
const char ** | talloc_attrs (TALLOC_CTX *mem_ctx,...) |
static BOOL | ldapsam_search_firstpage (struct pdb_search *search) |
static BOOL | ldapsam_search_nextpage (struct pdb_search *search) |
static BOOL | ldapsam_search_next_entry (struct pdb_search *search, struct samr_displayentry *entry) |
static void | ldapsam_search_end (struct pdb_search *search) |
static BOOL | ldapuser2displayentry (struct ldap_search_state *state, TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry, struct samr_displayentry *result) |
static BOOL | ldapsam_search_users (struct pdb_methods *methods, struct pdb_search *search, uint32 acct_flags) |
static BOOL | ldapgroup2displayentry (struct ldap_search_state *state, TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry, struct samr_displayentry *result) |
static BOOL | ldapsam_search_grouptype (struct pdb_methods *methods, struct pdb_search *search, const DOM_SID *sid, enum lsa_SidType type) |
static BOOL | ldapsam_search_groups (struct pdb_methods *methods, struct pdb_search *search) |
static BOOL | ldapsam_search_aliases (struct pdb_methods *methods, struct pdb_search *search, const DOM_SID *sid) |
static BOOL | ldapsam_rid_algorithm (struct pdb_methods *methods) |
static NTSTATUS | ldapsam_get_new_rid (struct ldapsam_privates *priv, uint32 *rid) |
static NTSTATUS | ldapsam_new_rid_internal (struct pdb_methods *methods, uint32 *rid) |
static BOOL | ldapsam_new_rid (struct pdb_methods *methods, uint32 *rid) |
static BOOL | ldapsam_sid_to_id (struct pdb_methods *methods, const DOM_SID *sid, union unid_t *id, enum lsa_SidType *type) |
static NTSTATUS | ldapsam_create_user (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, const char *name, uint32 acb_info, uint32 *rid) |
static NTSTATUS | ldapsam_delete_user (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, struct samu *sam_acct) |
static NTSTATUS | ldapsam_create_dom_group (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, const char *name, uint32 *rid) |
static NTSTATUS | ldapsam_delete_dom_group (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 rid) |
static NTSTATUS | ldapsam_change_groupmem (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 group_rid, uint32 member_rid, int modop) |
static NTSTATUS | ldapsam_add_groupmem (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 group_rid, uint32 member_rid) |
static NTSTATUS | ldapsam_del_groupmem (struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 group_rid, uint32 member_rid) |
static NTSTATUS | ldapsam_set_primary_group (struct pdb_methods *my_methods, TALLOC_CTX *mem_ctx, struct samu *sampass) |
static void | free_private_data (void **vp) |
static NTSTATUS | pdb_init_ldapsam_common (struct pdb_methods **pdb_method, const char *location) |
NTSTATUS | pdb_init_ldapsam_compat (struct pdb_methods **pdb_method, const char *location) |
NTSTATUS | pdb_init_ldapsam (struct pdb_methods **pdb_method, const char *location) |
NTSTATUS | pdb_ldap_init (void) |
static LDAP* priv2ld | ( | struct ldapsam_privates * | priv | ) | [static] |
pdb_ldap.c の 87 行で定義されています。
参照先 smbldap_state::ldap_struct・ldapsam_privates::smbldap_state.
参照元 init_sam_from_ldap()・ldapsam_change_groupmem()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_delete_dom_group()・ldapsam_delete_entry()・ldapsam_delete_group_mapping_entry()・ldapsam_delete_sam_account()・ldapsam_delete_user()・ldapsam_get_account_policy_from_ldap()・ldapsam_get_new_rid()・ldapsam_getgroup()・ldapsam_getsampwent()・ldapsam_set_primary_group().
00088 { 00089 return priv->smbldap_state->ldap_struct; 00090 }
static const char* get_userattr_key2string | ( | int | schema_ver, | |
int | key | |||
) | [static] |
pdb_ldap.c の 96 行で定義されています。
参照先 attrib_map_v22・attrib_map_v30・get_attr_key2string().
参照元 init_ldap_from_sam()・init_sam_from_ldap()・ldapsam_add_sam_account()・ldapsam_get_entry_timestamp()・ldapsam_get_ldap_user_by_sid()・ldapsam_getsampwnam()・ldapsam_search_suffix_by_sid()・pdb_init_ldapsam().
00097 { 00098 switch ( schema_ver ) { 00099 case SCHEMAVER_SAMBAACCOUNT: 00100 return get_attr_key2string( attrib_map_v22, key ); 00101 00102 case SCHEMAVER_SAMBASAMACCOUNT: 00103 return get_attr_key2string( attrib_map_v30, key ); 00104 00105 default: 00106 DEBUG(0,("get_userattr_key2string: unknown schema version specified\n")); 00107 break; 00108 } 00109 return NULL; 00110 }
const char** get_userattr_list | ( | TALLOC_CTX * | mem_ctx, | |
int | schema_ver | |||
) |
pdb_ldap.c の 116 行で定義されています。
参照先 attrib_map_v22・attrib_map_v30・get_attr_list().
参照元 ldapsam_add_sam_account()・ldapsam_get_ldap_user_by_sid()・ldapsam_getsampwnam()・ldapsam_setsampwent()・ldapsam_update_sam_account()・pdb_nds_update_login_attempts().
00117 { 00118 switch ( schema_ver ) { 00119 case SCHEMAVER_SAMBAACCOUNT: 00120 return get_attr_list( mem_ctx, attrib_map_v22 ); 00121 00122 case SCHEMAVER_SAMBASAMACCOUNT: 00123 return get_attr_list( mem_ctx, attrib_map_v30 ); 00124 default: 00125 DEBUG(0,("get_userattr_list: unknown schema version specified!\n")); 00126 break; 00127 } 00128 00129 return NULL; 00130 }
static const char** get_userattr_delete_list | ( | TALLOC_CTX * | mem_ctx, | |
int | schema_ver | |||
) | [static] |
pdb_ldap.c の 136 行で定義されています。
参照先 attrib_map_to_delete_v22・attrib_map_to_delete_v30・get_attr_list().
参照元 ldapsam_delete_sam_account().
00138 { 00139 switch ( schema_ver ) { 00140 case SCHEMAVER_SAMBAACCOUNT: 00141 return get_attr_list( mem_ctx, 00142 attrib_map_to_delete_v22 ); 00143 00144 case SCHEMAVER_SAMBASAMACCOUNT: 00145 return get_attr_list( mem_ctx, 00146 attrib_map_to_delete_v30 ); 00147 default: 00148 DEBUG(0,("get_userattr_delete_list: unknown schema version specified!\n")); 00149 break; 00150 } 00151 00152 return NULL; 00153 }
static const char* get_objclass_filter | ( | int | schema_ver | ) | [static] |
pdb_ldap.c の 161 行で定義されています。
参照先 fstr_sprintf().
参照元 ldapsam_search_suffix_by_name()・ldapsam_search_suffix_by_rid()・ldapsam_search_suffix_by_sid()・ldapsam_setsampwent().
00162 { 00163 static fstring objclass_filter; 00164 00165 switch( schema_ver ) { 00166 case SCHEMAVER_SAMBAACCOUNT: 00167 fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT ); 00168 break; 00169 case SCHEMAVER_SAMBASAMACCOUNT: 00170 fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBASAMACCOUNT ); 00171 break; 00172 default: 00173 DEBUG(0,("get_objclass_filter: Invalid schema version specified!\n")); 00174 break; 00175 } 00176 00177 return objclass_filter; 00178 }
static NTSTATUS ldapsam_get_seq_num | ( | struct pdb_methods * | my_methods, | |
time_t * | seq_num | |||
) | [static] |
pdb_ldap.c の 184 行で定義されています。
参照先 ldapsam_privates::entry・generalized_to_unix_time()・smbldap_state::ldap_struct・LDAP_SUCCESS・lp_parm_bool()・lp_parm_int()・next_token()・ntstatus・pdb_methods::private_data・pstr_sprintf()・smbldap_has_naming_context()・smbldap_search()・ldapsam_privates::smbldap_state・talloc_init()・talloc_strdup()・values.
参照元 pdb_init_ldapsam_common().
00185 { 00186 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 00187 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; 00188 LDAPMessage *msg = NULL; 00189 LDAPMessage *entry = NULL; 00190 TALLOC_CTX *mem_ctx; 00191 char **values = NULL; 00192 int rc, num_result, num_values, rid; 00193 pstring suffix; 00194 fstring tok; 00195 const char *p; 00196 const char **attrs; 00197 00198 /* Unfortunatly there is no proper way to detect syncrepl-support in 00199 * smbldap_connect_system(). The syncrepl OIDs are submitted for publication 00200 * but do not show up in the root-DSE yet. Neither we can query the 00201 * subschema-context for the syncProviderSubentry or syncConsumerSubentry 00202 * objectclass. Currently we require lp_ldap_suffix() to show up as 00203 * namingContext. - Guenther 00204 */ 00205 00206 if (!lp_parm_bool(-1, "ldapsam", "syncrepl_seqnum", False)) { 00207 return ntstatus; 00208 } 00209 00210 if (!seq_num) { 00211 DEBUG(3,("ldapsam_get_seq_num: no sequence_number\n")); 00212 return ntstatus; 00213 } 00214 00215 if (!smbldap_has_naming_context(ldap_state->smbldap_state->ldap_struct, lp_ldap_suffix())) { 00216 DEBUG(3,("ldapsam_get_seq_num: DIT not configured to hold %s " 00217 "as top-level namingContext\n", lp_ldap_suffix())); 00218 return ntstatus; 00219 } 00220 00221 mem_ctx = talloc_init("ldapsam_get_seq_num"); 00222 00223 if (mem_ctx == NULL) 00224 return NT_STATUS_NO_MEMORY; 00225 00226 if ((attrs = TALLOC_ARRAY(mem_ctx, const char *, 2)) == NULL) { 00227 ntstatus = NT_STATUS_NO_MEMORY; 00228 goto done; 00229 } 00230 00231 /* if we got a syncrepl-rid (up to three digits long) we speak with a consumer */ 00232 rid = lp_parm_int(-1, "ldapsam", "syncrepl_rid", -1); 00233 if (rid > 0) { 00234 00235 /* consumer syncreplCookie: */ 00236 /* csn=20050126161620Z#0000001#00#00000 */ 00237 attrs[0] = talloc_strdup(mem_ctx, "syncreplCookie"); 00238 attrs[1] = NULL; 00239 pstr_sprintf( suffix, "cn=syncrepl%d,%s", rid, lp_ldap_suffix()); 00240 00241 } else { 00242 00243 /* provider contextCSN */ 00244 /* 20050126161620Z#000009#00#000000 */ 00245 attrs[0] = talloc_strdup(mem_ctx, "contextCSN"); 00246 attrs[1] = NULL; 00247 pstr_sprintf( suffix, "cn=ldapsync,%s", lp_ldap_suffix()); 00248 00249 } 00250 00251 rc = smbldap_search(ldap_state->smbldap_state, suffix, 00252 LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0, &msg); 00253 00254 if (rc != LDAP_SUCCESS) { 00255 goto done; 00256 } 00257 00258 num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg); 00259 if (num_result != 1) { 00260 DEBUG(3,("ldapsam_get_seq_num: Expected one entry, got %d\n", num_result)); 00261 goto done; 00262 } 00263 00264 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg); 00265 if (entry == NULL) { 00266 DEBUG(3,("ldapsam_get_seq_num: Could not retrieve entry\n")); 00267 goto done; 00268 } 00269 00270 values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, attrs[0]); 00271 if (values == NULL) { 00272 DEBUG(3,("ldapsam_get_seq_num: no values\n")); 00273 goto done; 00274 } 00275 00276 num_values = ldap_count_values(values); 00277 if (num_values == 0) { 00278 DEBUG(3,("ldapsam_get_seq_num: not a single value\n")); 00279 goto done; 00280 } 00281 00282 p = values[0]; 00283 if (!next_token(&p, tok, "#", sizeof(tok))) { 00284 DEBUG(0,("ldapsam_get_seq_num: failed to parse sequence number\n")); 00285 goto done; 00286 } 00287 00288 p = tok; 00289 if (!strncmp(p, "csn=", strlen("csn="))) 00290 p += strlen("csn="); 00291 00292 DEBUG(10,("ldapsam_get_seq_num: got %s: %s\n", attrs[0], p)); 00293 00294 *seq_num = generalized_to_unix_time(p); 00295 00296 /* very basic sanity check */ 00297 if (*seq_num <= 0) { 00298 DEBUG(3,("ldapsam_get_seq_num: invalid sequence number: %d\n", 00299 (int)*seq_num)); 00300 goto done; 00301 } 00302 00303 ntstatus = NT_STATUS_OK; 00304 00305 done: 00306 if (values != NULL) 00307 ldap_value_free(values); 00308 if (msg != NULL) 00309 ldap_msgfree(msg); 00310 if (mem_ctx) 00311 talloc_destroy(mem_ctx); 00312 00313 return ntstatus; 00314 }
int ldapsam_search_suffix_by_name | ( | struct ldapsam_privates * | ldap_state, | |
const char * | user, | |||
LDAPMessage ** | result, | |||
const char ** | attr | |||
) |
pdb_ldap.c の 320 行で定義されています。
参照先 all_string_sub()・escape_ldap_string_alloc()・get_objclass_filter()・pstr_sprintf()・ldapsam_privates::schema_ver・smbldap_search_suffix()・ldapsam_privates::smbldap_state.
参照元 ldapsam_add_sam_account()・ldapsam_delete_sam_account()・ldapsam_getsampwnam()・ldapsam_update_sam_account()・pdb_nds_update_login_attempts().
00324 { 00325 pstring filter; 00326 char *escape_user = escape_ldap_string_alloc(user); 00327 00328 if (!escape_user) { 00329 return LDAP_NO_MEMORY; 00330 } 00331 00332 /* 00333 * in the filter expression, replace %u with the real name 00334 * so in ldap filter, %u MUST exist :-) 00335 */ 00336 pstr_sprintf(filter, "(&%s%s)", "(uid=%u)", 00337 get_objclass_filter(ldap_state->schema_ver)); 00338 00339 /* 00340 * have to use this here because $ is filtered out 00341 * in pstring_sub 00342 */ 00343 00344 00345 all_string_sub(filter, "%u", escape_user, sizeof(pstring)); 00346 SAFE_FREE(escape_user); 00347 00348 return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result); 00349 }
static int ldapsam_search_suffix_by_rid | ( | struct ldapsam_privates * | ldap_state, | |
uint32 | rid, | |||
LDAPMessage ** | result, | |||
const char ** | attr | |||
) | [static] |
pdb_ldap.c の 355 行で定義されています。
参照先 get_objclass_filter()・pstr_sprintf()・ldapsam_privates::schema_ver・smbldap_search_suffix()・ldapsam_privates::smbldap_state.
参照元 ldapsam_get_ldap_user_by_sid().
00358 { 00359 pstring filter; 00360 int rc; 00361 00362 pstr_sprintf(filter, "(&(rid=%i)%s)", rid, 00363 get_objclass_filter(ldap_state->schema_ver)); 00364 00365 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result); 00366 00367 return rc; 00368 }
static int ldapsam_search_suffix_by_sid | ( | struct ldapsam_privates * | ldap_state, | |
const DOM_SID * | sid, | |||
LDAPMessage ** | result, | |||
const char ** | attr | |||
) | [static] |
pdb_ldap.c の 374 行で定義されています。
参照先 get_objclass_filter()・get_userattr_key2string()・pstr_sprintf()・ldapsam_privates::schema_ver・sid_to_string()・smbldap_search_suffix()・ldapsam_privates::smbldap_state.
参照元 ldapsam_get_ldap_user_by_sid().
00377 { 00378 pstring filter; 00379 int rc; 00380 fstring sid_string; 00381 00382 pstr_sprintf(filter, "(&(%s=%s)%s)", 00383 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 00384 sid_to_string(sid_string, sid), 00385 get_objclass_filter(ldap_state->schema_ver)); 00386 00387 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result); 00388 00389 return rc; 00390 }
static int ldapsam_delete_entry | ( | struct ldapsam_privates * | priv, | |
TALLOC_CTX * | mem_ctx, | |||
LDAPMessage * | entry, | |||
const char * | objectclass, | |||
const char ** | attrs | |||
) | [static] |
pdb_ldap.c の 397 行で定義されています。
参照先 name・priv2ld()・smbldap_delete()・smbldap_modify()・smbldap_set_mod()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・strequal()・talloc_autofree_ldapmod().
参照元 ldapsam_delete_group_mapping_entry()・ldapsam_delete_sam_account().
00402 { 00403 LDAPMod **mods = NULL; 00404 char *name; 00405 const char *dn; 00406 BerElement *ptr = NULL; 00407 00408 dn = smbldap_talloc_dn(mem_ctx, priv2ld(priv), entry); 00409 if (dn == NULL) { 00410 return LDAP_NO_MEMORY; 00411 } 00412 00413 if (lp_ldap_delete_dn()) { 00414 return smbldap_delete(priv->smbldap_state, dn); 00415 } 00416 00417 /* Ok, delete only the SAM attributes */ 00418 00419 for (name = ldap_first_attribute(priv2ld(priv), entry, &ptr); 00420 name != NULL; 00421 name = ldap_next_attribute(priv2ld(priv), entry, ptr)) { 00422 const char **attrib; 00423 00424 /* We are only allowed to delete the attributes that 00425 really exist. */ 00426 00427 for (attrib = attrs; *attrib != NULL; attrib++) { 00428 if (strequal(*attrib, name)) { 00429 DEBUG(10, ("ldapsam_delete_entry: deleting " 00430 "attribute %s\n", name)); 00431 smbldap_set_mod(&mods, LDAP_MOD_DELETE, name, 00432 NULL); 00433 } 00434 } 00435 ldap_memfree(name); 00436 } 00437 00438 if (ptr != NULL) { 00439 ber_free(ptr, 0); 00440 } 00441 00442 smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass); 00443 talloc_autofree_ldapmod(mem_ctx, mods); 00444 00445 return smbldap_modify(priv->smbldap_state, dn, mods); 00446 }
static time_t ldapsam_get_entry_timestamp | ( | struct ldapsam_privates * | ldap_state, | |
LDAPMessage * | entry | |||
) | [static] |
pdb_ldap.c の 448 行で定義されています。
参照先 get_userattr_key2string()・smbldap_state::ldap_struct・ldapsam_privates::schema_ver・smbldap_get_single_pstring()・ldapsam_privates::smbldap_state.
参照元 init_sam_from_ldap().
00449 { 00450 pstring temp; 00451 struct tm tm; 00452 00453 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00454 get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP), 00455 temp)) 00456 return (time_t) 0; 00457 00458 if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) { 00459 DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n", 00460 (char*)temp)); 00461 return (time_t) 0; 00462 } 00463 tzset(); 00464 return timegm(&tm); 00465 }
static BOOL init_sam_from_ldap | ( | struct ldapsam_privates * | ldap_state, | |
struct samu * | sampass, | |||
LDAPMessage * | entry | |||
) | [static] |
pdb_ldap.c の 472 行で定義されています。
参照先 logon_cache_struct::acct_ctrl・logon_cache_struct::bad_password_count・logon_cache_struct::bad_password_time・ldapsam_privates::domain_name・logon_cache_struct::entry_timestamp・get_userattr_key2string()・ldapsam_privates::is_nds_ldap・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_get_entry_timestamp()・login_cache_delentry()・login_cache_read()・lp_parm_bool()・nt_lm_owf_gen()・pdb_decode_acct_ctrl()・PDB_DEFAULT・pdb_get_account_policy()・pdb_get_acct_ctrl()・pdb_get_bad_password_count()・pdb_get_bad_password_time()・pdb_get_init_flags()・pdb_get_user_sid()・pdb_gethexhours()・pdb_gethexpwd()・pdb_nds_get_password()・PDB_SET・pdb_set_acct_ctrl()・pdb_set_acct_desc()・pdb_set_bad_password_count()・pdb_set_bad_password_time()・pdb_set_dir_drive()・pdb_set_domain()・pdb_set_fullname()・pdb_set_homedir()・pdb_set_hours()・pdb_set_hours_len()・pdb_set_kickoff_time()・pdb_set_lanman_passwd()・pdb_set_logoff_time()・pdb_set_logon_count()・pdb_set_logon_divs()・pdb_set_logon_script()・pdb_set_logon_time()・pdb_set_munged_dial()・pdb_set_nt_passwd()・pdb_set_nt_username()・pdb_set_pass_can_change_time()・pdb_set_pass_last_set_time()・pdb_set_pass_must_change_time()・pdb_set_profile_path()・pdb_set_pw_history()・pdb_set_user_sid_from_rid()・pdb_set_user_sid_from_string()・pdb_set_username()・pdb_set_workstations()・PDB_USERSID・priv2ld()・ldapsam_privates::schema_ver・smbldap_get_dn()・smbldap_get_single_attribute()・smbldap_get_single_pstring()・ldapsam_privates::smbldap_state・standard_sub_basic()・store_uid_sid_cache()・talloc_sub_basic()・username.
参照元 ldapsam_getsampwent()・ldapsam_getsampwnam()・ldapsam_getsampwsid().
00475 { 00476 time_t logon_time, 00477 logoff_time, 00478 kickoff_time, 00479 pass_last_set_time, 00480 pass_can_change_time, 00481 pass_must_change_time, 00482 ldap_entry_time, 00483 bad_password_time; 00484 pstring username, 00485 domain, 00486 nt_username, 00487 fullname, 00488 homedir, 00489 dir_drive, 00490 logon_script, 00491 profile_path, 00492 acct_desc, 00493 workstations; 00494 char munged_dial[2048]; 00495 uint32 user_rid; 00496 uint8 smblmpwd[LM_HASH_LEN], 00497 smbntpwd[NT_HASH_LEN]; 00498 BOOL use_samba_attrs = True; 00499 uint32 acct_ctrl = 0; 00500 uint16 logon_divs; 00501 uint16 bad_password_count = 0, 00502 logon_count = 0; 00503 uint32 hours_len; 00504 uint8 hours[MAX_HOURS_LEN]; 00505 pstring temp; 00506 LOGIN_CACHE *cache_entry = NULL; 00507 uint32 pwHistLen; 00508 pstring tmpstring; 00509 BOOL expand_explicit = lp_passdb_expand_explicit(); 00510 00511 /* 00512 * do a little initialization 00513 */ 00514 username[0] = '\0'; 00515 domain[0] = '\0'; 00516 nt_username[0] = '\0'; 00517 fullname[0] = '\0'; 00518 homedir[0] = '\0'; 00519 dir_drive[0] = '\0'; 00520 logon_script[0] = '\0'; 00521 profile_path[0] = '\0'; 00522 acct_desc[0] = '\0'; 00523 munged_dial[0] = '\0'; 00524 workstations[0] = '\0'; 00525 00526 00527 if (sampass == NULL || ldap_state == NULL || entry == NULL) { 00528 DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n")); 00529 return False; 00530 } 00531 00532 if (priv2ld(ldap_state) == NULL) { 00533 DEBUG(0, ("init_sam_from_ldap: ldap_state->smbldap_state->" 00534 "ldap_struct is NULL!\n")); 00535 return False; 00536 } 00537 00538 if (!smbldap_get_single_pstring(priv2ld(ldap_state), entry, "uid", 00539 username)) { 00540 DEBUG(1, ("init_sam_from_ldap: No uid attribute found for " 00541 "this user!\n")); 00542 return False; 00543 } 00544 00545 DEBUG(2, ("init_sam_from_ldap: Entry found for user: %s\n", username)); 00546 00547 pstrcpy(nt_username, username); 00548 00549 pstrcpy(domain, ldap_state->domain_name); 00550 00551 pdb_set_username(sampass, username, PDB_SET); 00552 00553 pdb_set_domain(sampass, domain, PDB_DEFAULT); 00554 pdb_set_nt_username(sampass, nt_username, PDB_SET); 00555 00556 /* deal with different attributes between the schema first */ 00557 00558 if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ) { 00559 if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00560 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp)) { 00561 pdb_set_user_sid_from_string(sampass, temp, PDB_SET); 00562 } 00563 } else { 00564 if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00565 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp)) { 00566 user_rid = (uint32)atol(temp); 00567 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); 00568 } 00569 } 00570 00571 if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) { 00572 DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n", 00573 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 00574 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), 00575 username)); 00576 return False; 00577 } 00578 00579 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00580 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) { 00581 /* leave as default */ 00582 } else { 00583 pass_last_set_time = (time_t) atol(temp); 00584 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); 00585 } 00586 00587 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00588 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp)) { 00589 /* leave as default */ 00590 } else { 00591 logon_time = (time_t) atol(temp); 00592 pdb_set_logon_time(sampass, logon_time, PDB_SET); 00593 } 00594 00595 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00596 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp)) { 00597 /* leave as default */ 00598 } else { 00599 logoff_time = (time_t) atol(temp); 00600 pdb_set_logoff_time(sampass, logoff_time, PDB_SET); 00601 } 00602 00603 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00604 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp)) { 00605 /* leave as default */ 00606 } else { 00607 kickoff_time = (time_t) atol(temp); 00608 pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); 00609 } 00610 00611 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00612 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp)) { 00613 /* leave as default */ 00614 } else { 00615 pass_can_change_time = (time_t) atol(temp); 00616 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); 00617 } 00618 00619 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00620 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp)) { 00621 /* leave as default */ 00622 } else { 00623 pass_must_change_time = (time_t) atol(temp); 00624 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET); 00625 } 00626 00627 /* recommend that 'gecos' and 'displayName' should refer to the same 00628 * attribute OID. userFullName depreciated, only used by Samba 00629 * primary rules of LDAP: don't make a new attribute when one is already defined 00630 * that fits your needs; using cn then displayName rather than 'userFullName' 00631 */ 00632 00633 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00634 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), fullname)) { 00635 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00636 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_CN), fullname)) { 00637 /* leave as default */ 00638 } else { 00639 pdb_set_fullname(sampass, fullname, PDB_SET); 00640 } 00641 } else { 00642 pdb_set_fullname(sampass, fullname, PDB_SET); 00643 } 00644 00645 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00646 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), dir_drive)) 00647 { 00648 pdb_set_dir_drive( sampass, lp_logon_drive(), PDB_DEFAULT ); 00649 } else { 00650 pdb_set_dir_drive(sampass, dir_drive, PDB_SET); 00651 } 00652 00653 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00654 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir)) 00655 { 00656 pdb_set_homedir( sampass, 00657 talloc_sub_basic(sampass, username, domain, 00658 lp_logon_home()), 00659 PDB_DEFAULT ); 00660 } else { 00661 pstrcpy( tmpstring, homedir ); 00662 if (expand_explicit) { 00663 standard_sub_basic( username, domain, tmpstring, 00664 sizeof(tmpstring) ); 00665 } 00666 pdb_set_homedir(sampass, tmpstring, PDB_SET); 00667 } 00668 00669 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00670 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script)) 00671 { 00672 pdb_set_logon_script( sampass, 00673 talloc_sub_basic(sampass, username, domain, 00674 lp_logon_script()), 00675 PDB_DEFAULT ); 00676 } else { 00677 pstrcpy( tmpstring, logon_script ); 00678 if (expand_explicit) { 00679 standard_sub_basic( username, domain, tmpstring, 00680 sizeof(tmpstring) ); 00681 } 00682 pdb_set_logon_script(sampass, tmpstring, PDB_SET); 00683 } 00684 00685 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00686 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path)) 00687 { 00688 pdb_set_profile_path( sampass, 00689 talloc_sub_basic( sampass, username, domain, 00690 lp_logon_path()), 00691 PDB_DEFAULT ); 00692 } else { 00693 pstrcpy( tmpstring, profile_path ); 00694 if (expand_explicit) { 00695 standard_sub_basic( username, domain, tmpstring, 00696 sizeof(tmpstring) ); 00697 } 00698 pdb_set_profile_path(sampass, tmpstring, PDB_SET); 00699 } 00700 00701 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00702 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), acct_desc)) 00703 { 00704 /* leave as default */ 00705 } else { 00706 pdb_set_acct_desc(sampass, acct_desc, PDB_SET); 00707 } 00708 00709 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00710 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations)) { 00711 /* leave as default */; 00712 } else { 00713 pdb_set_workstations(sampass, workstations, PDB_SET); 00714 } 00715 00716 if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, 00717 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL), munged_dial, sizeof(munged_dial))) { 00718 /* leave as default */; 00719 } else { 00720 pdb_set_munged_dial(sampass, munged_dial, PDB_SET); 00721 } 00722 00723 /* FIXME: hours stuff should be cleaner */ 00724 00725 logon_divs = 168; 00726 hours_len = 21; 00727 memset(hours, 0xff, hours_len); 00728 00729 if (ldap_state->is_nds_ldap) { 00730 char *user_dn; 00731 size_t pwd_len; 00732 char clear_text_pw[512]; 00733 00734 /* Make call to Novell eDirectory ldap extension to get clear text password. 00735 NOTE: This will only work if we have an SSL connection to eDirectory. */ 00736 user_dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); 00737 if (user_dn != NULL) { 00738 DEBUG(3, ("init_sam_from_ldap: smbldap_get_dn(%s) returned '%s'\n", username, user_dn)); 00739 00740 pwd_len = sizeof(clear_text_pw); 00741 if (pdb_nds_get_password(ldap_state->smbldap_state, user_dn, &pwd_len, clear_text_pw) == LDAP_SUCCESS) { 00742 nt_lm_owf_gen(clear_text_pw, smbntpwd, smblmpwd); 00743 if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) { 00744 SAFE_FREE(user_dn); 00745 return False; 00746 } 00747 ZERO_STRUCT(smblmpwd); 00748 if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) { 00749 SAFE_FREE(user_dn); 00750 return False; 00751 } 00752 ZERO_STRUCT(smbntpwd); 00753 use_samba_attrs = False; 00754 } 00755 00756 SAFE_FREE(user_dn); 00757 00758 } else { 00759 DEBUG(0, ("init_sam_from_ldap: failed to get user_dn for '%s'\n", username)); 00760 } 00761 } 00762 00763 if (use_samba_attrs) { 00764 if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, 00765 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp)) { 00766 /* leave as default */ 00767 } else { 00768 pdb_gethexpwd(temp, smblmpwd); 00769 memset((char *)temp, '\0', strlen(temp)+1); 00770 if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET)) 00771 return False; 00772 ZERO_STRUCT(smblmpwd); 00773 } 00774 00775 if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, 00776 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp)) { 00777 /* leave as default */ 00778 } else { 00779 pdb_gethexpwd(temp, smbntpwd); 00780 memset((char *)temp, '\0', strlen(temp)+1); 00781 if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET)) 00782 return False; 00783 ZERO_STRUCT(smbntpwd); 00784 } 00785 } 00786 00787 pwHistLen = 0; 00788 00789 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); 00790 if (pwHistLen > 0){ 00791 uint8 *pwhist = NULL; 00792 int i; 00793 char history_string[MAX_PW_HISTORY_LEN*64]; 00794 00795 pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN); 00796 00797 if ((pwhist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){ 00798 DEBUG(0, ("init_sam_from_ldap: malloc failed!\n")); 00799 return False; 00800 } 00801 memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); 00802 00803 if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, 00804 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), 00805 history_string, sizeof(history_string))) { 00806 /* leave as default - zeros */ 00807 } else { 00808 BOOL hex_failed = False; 00809 for (i = 0; i < pwHistLen; i++){ 00810 /* Get the 16 byte salt. */ 00811 if (!pdb_gethexpwd(&history_string[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN])) { 00812 hex_failed = True; 00813 break; 00814 } 00815 /* Get the 16 byte MD5 hash of salt+passwd. */ 00816 if (!pdb_gethexpwd(&history_string[(i*64)+32], 00817 &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN])) { 00818 hex_failed = True; 00819 break; 00820 } 00821 } 00822 if (hex_failed) { 00823 DEBUG(0,("init_sam_from_ldap: Failed to get password history for user %s\n", 00824 username)); 00825 memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN); 00826 } 00827 } 00828 if (!pdb_set_pw_history(sampass, pwhist, pwHistLen, PDB_SET)){ 00829 SAFE_FREE(pwhist); 00830 return False; 00831 } 00832 SAFE_FREE(pwhist); 00833 } 00834 00835 if (!smbldap_get_single_pstring (ldap_state->smbldap_state->ldap_struct, entry, 00836 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp)) { 00837 acct_ctrl |= ACB_NORMAL; 00838 } else { 00839 acct_ctrl = pdb_decode_acct_ctrl(temp); 00840 00841 if (acct_ctrl == 0) 00842 acct_ctrl |= ACB_NORMAL; 00843 00844 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 00845 } 00846 00847 pdb_set_hours_len(sampass, hours_len, PDB_SET); 00848 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 00849 00850 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00851 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) { 00852 /* leave as default */ 00853 } else { 00854 bad_password_count = (uint32) atol(temp); 00855 pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); 00856 } 00857 00858 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00859 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_TIME), temp)) { 00860 /* leave as default */ 00861 } else { 00862 bad_password_time = (time_t) atol(temp); 00863 pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); 00864 } 00865 00866 00867 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00868 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_COUNT), temp)) { 00869 /* leave as default */ 00870 } else { 00871 logon_count = (uint32) atol(temp); 00872 pdb_set_logon_count(sampass, logon_count, PDB_SET); 00873 } 00874 00875 /* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */ 00876 00877 if(!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 00878 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_HOURS), temp)) { 00879 /* leave as default */ 00880 } else { 00881 pdb_gethexhours(temp, hours); 00882 memset((char *)temp, '\0', strlen(temp) +1); 00883 pdb_set_hours(sampass, hours, PDB_SET); 00884 ZERO_STRUCT(hours); 00885 } 00886 00887 if (lp_parm_bool(-1, "ldapsam", "trusted", False)) { 00888 if (smbldap_get_single_pstring(priv2ld(ldap_state), entry, 00889 "uidNumber", temp)) { 00890 /* We've got a uid, feed the cache */ 00891 uid_t uid = strtoul(temp, NULL, 10); 00892 store_uid_sid_cache(pdb_get_user_sid(sampass), uid); 00893 } 00894 } 00895 00896 /* check the timestamp of the cache vs ldap entry */ 00897 if (!(ldap_entry_time = ldapsam_get_entry_timestamp(ldap_state, 00898 entry))) 00899 return True; 00900 00901 /* see if we have newer updates */ 00902 if (!(cache_entry = login_cache_read(sampass))) { 00903 DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n", 00904 (unsigned int)pdb_get_bad_password_count(sampass), 00905 (unsigned int)pdb_get_bad_password_time(sampass))); 00906 return True; 00907 } 00908 00909 DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n", 00910 (unsigned int)ldap_entry_time, (unsigned int)cache_entry->entry_timestamp, 00911 (unsigned int)cache_entry->bad_password_time)); 00912 00913 if (ldap_entry_time > cache_entry->entry_timestamp) { 00914 /* cache is older than directory , so 00915 we need to delete the entry but allow the 00916 fields to be written out */ 00917 login_cache_delentry(sampass); 00918 } else { 00919 /* read cache in */ 00920 pdb_set_acct_ctrl(sampass, 00921 pdb_get_acct_ctrl(sampass) | 00922 (cache_entry->acct_ctrl & ACB_AUTOLOCK), 00923 PDB_SET); 00924 pdb_set_bad_password_count(sampass, 00925 cache_entry->bad_password_count, 00926 PDB_SET); 00927 pdb_set_bad_password_time(sampass, 00928 cache_entry->bad_password_time, 00929 PDB_SET); 00930 } 00931 00932 SAFE_FREE(cache_entry); 00933 return True; 00934 }
static BOOL init_ldap_from_sam | ( | struct ldapsam_privates * | ldap_state, | |
LDAPMessage * | existing, | |||
LDAPMod *** | mods, | |||
struct samu * | sampass, | |||
BOOL(*)(const struct samu *, enum pdb_elements) | need_update | |||
) | [static] |
pdb_ldap.c の 941 行で定義されています。
参照先 logon_cache_struct::acct_ctrl・logon_cache_struct::bad_password_count・logon_cache_struct::bad_password_time・ldapsam_privates::domain_sid・logon_cache_struct::entry_timestamp・get_userattr_key2string()・ldapsam_privates::is_nds_ldap・LDAP_PASSWD_SYNC_ONLY・smbldap_state::ldap_struct・login_cache_delentry()・login_cache_write()・PDB_ACCTCTRL・PDB_ACCTDESC・PDB_BAD_PASSWORD_COUNT・PDB_CANCHANGETIME・PDB_DRIVE・pdb_encode_acct_ctrl()・PDB_FULLNAME・pdb_get_account_policy()・pdb_get_acct_ctrl()・pdb_get_acct_desc()・pdb_get_bad_password_count()・pdb_get_bad_password_time()・pdb_get_dir_drive()・pdb_get_fullname()・pdb_get_group_sid()・pdb_get_homedir()・pdb_get_hours()・pdb_get_kickoff_time()・pdb_get_lanman_passwd()・pdb_get_logoff_time()・pdb_get_logon_script()・pdb_get_logon_time()・pdb_get_munged_dial()・pdb_get_nt_passwd()・pdb_get_nt_username()・pdb_get_pass_can_change_time_noncalc()・pdb_get_pass_last_set_time()・pdb_get_pass_must_change_time()・pdb_get_profile_path()・pdb_get_pw_history()・pdb_get_user_sid()・pdb_get_username()・pdb_get_workstations()・PDB_GROUPSID・PDB_HOURS・PDB_KICKOFFTIME・PDB_LMPASSWD・PDB_LOGOFFTIME・PDB_LOGONSCRIPT・PDB_LOGONTIME・PDB_MUNGEDDIAL・PDB_MUSTCHANGETIME・PDB_NTPASSWD・PDB_PASSLASTSET・PDB_PROFILE・PDB_PWHISTORY・pdb_sethexhours()・pdb_sethexpwd()・PDB_SMBHOME・PDB_USERNAME・PDB_USERSID・PDB_WORKSTATIONS・pol・ldapsam_privates::schema_ver・sid_peek_check_rid()・sid_string_static()・sid_to_string()・smbldap_make_mod()・ldapsam_privates::smbldap_state.
参照元 ldapsam_add_sam_account()・ldapsam_create_user()・ldapsam_update_sam_account().
00946 { 00947 pstring temp; 00948 uint32 rid; 00949 00950 if (mods == NULL || sampass == NULL) { 00951 DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n")); 00952 return False; 00953 } 00954 00955 *mods = NULL; 00956 00957 /* 00958 * took out adding "objectclass: sambaAccount" 00959 * do this on a per-mod basis 00960 */ 00961 if (need_update(sampass, PDB_USERNAME)) { 00962 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 00963 "uid", pdb_get_username(sampass)); 00964 if (ldap_state->is_nds_ldap) { 00965 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 00966 "cn", pdb_get_username(sampass)); 00967 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 00968 "sn", pdb_get_username(sampass)); 00969 } 00970 } 00971 00972 DEBUG(2, ("init_ldap_from_sam: Setting entry for user: %s\n", pdb_get_username(sampass))); 00973 00974 /* only update the RID if we actually need to */ 00975 if (need_update(sampass, PDB_USERSID)) { 00976 fstring sid_string; 00977 const DOM_SID *user_sid = pdb_get_user_sid(sampass); 00978 00979 switch ( ldap_state->schema_ver ) { 00980 case SCHEMAVER_SAMBAACCOUNT: 00981 if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) { 00982 DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", 00983 sid_string_static(user_sid), 00984 sid_string_static(&ldap_state->domain_sid))); 00985 return False; 00986 } 00987 slprintf(temp, sizeof(temp) - 1, "%i", rid); 00988 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 00989 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), 00990 temp); 00991 break; 00992 00993 case SCHEMAVER_SAMBASAMACCOUNT: 00994 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 00995 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 00996 sid_to_string(sid_string, user_sid)); 00997 break; 00998 00999 default: 01000 DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n")); 01001 break; 01002 } 01003 } 01004 01005 /* we don't need to store the primary group RID - so leaving it 01006 'free' to hang off the unix primary group makes life easier */ 01007 01008 if (need_update(sampass, PDB_GROUPSID)) { 01009 fstring sid_string; 01010 const DOM_SID *group_sid = pdb_get_group_sid(sampass); 01011 01012 switch ( ldap_state->schema_ver ) { 01013 case SCHEMAVER_SAMBAACCOUNT: 01014 if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) { 01015 DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n", 01016 sid_string_static(group_sid), 01017 sid_string_static(&ldap_state->domain_sid))); 01018 return False; 01019 } 01020 01021 slprintf(temp, sizeof(temp) - 1, "%i", rid); 01022 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01023 get_userattr_key2string(ldap_state->schema_ver, 01024 LDAP_ATTR_PRIMARY_GROUP_RID), temp); 01025 break; 01026 01027 case SCHEMAVER_SAMBASAMACCOUNT: 01028 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01029 get_userattr_key2string(ldap_state->schema_ver, 01030 LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid)); 01031 break; 01032 01033 default: 01034 DEBUG(0,("init_ldap_from_sam: unknown schema version specified\n")); 01035 break; 01036 } 01037 01038 } 01039 01040 /* displayName, cn, and gecos should all be the same 01041 * most easily accomplished by giving them the same OID 01042 * gecos isn't set here b/c it should be handled by the 01043 * add-user script 01044 * We change displayName only and fall back to cn if 01045 * it does not exist. 01046 */ 01047 01048 if (need_update(sampass, PDB_FULLNAME)) 01049 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01050 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), 01051 pdb_get_fullname(sampass)); 01052 01053 if (need_update(sampass, PDB_ACCTDESC)) 01054 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01055 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), 01056 pdb_get_acct_desc(sampass)); 01057 01058 if (need_update(sampass, PDB_WORKSTATIONS)) 01059 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01060 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), 01061 pdb_get_workstations(sampass)); 01062 01063 if (need_update(sampass, PDB_MUNGEDDIAL)) 01064 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01065 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_MUNGED_DIAL), 01066 pdb_get_munged_dial(sampass)); 01067 01068 if (need_update(sampass, PDB_SMBHOME)) 01069 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01070 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), 01071 pdb_get_homedir(sampass)); 01072 01073 if (need_update(sampass, PDB_DRIVE)) 01074 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01075 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), 01076 pdb_get_dir_drive(sampass)); 01077 01078 if (need_update(sampass, PDB_LOGONSCRIPT)) 01079 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01080 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), 01081 pdb_get_logon_script(sampass)); 01082 01083 if (need_update(sampass, PDB_PROFILE)) 01084 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01085 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), 01086 pdb_get_profile_path(sampass)); 01087 01088 slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass)); 01089 if (need_update(sampass, PDB_LOGONTIME)) 01090 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01091 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp); 01092 01093 slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass)); 01094 if (need_update(sampass, PDB_LOGOFFTIME)) 01095 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01096 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp); 01097 01098 slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass)); 01099 if (need_update(sampass, PDB_KICKOFFTIME)) 01100 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01101 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp); 01102 01103 slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time_noncalc(sampass)); 01104 if (need_update(sampass, PDB_CANCHANGETIME)) 01105 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01106 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp); 01107 01108 slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass)); 01109 if (need_update(sampass, PDB_MUSTCHANGETIME)) 01110 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01111 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp); 01112 01113 01114 if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) 01115 || (lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) { 01116 01117 if (need_update(sampass, PDB_LMPASSWD)) { 01118 const uchar *lm_pw = pdb_get_lanman_passwd(sampass); 01119 if (lm_pw) { 01120 pdb_sethexpwd(temp, lm_pw, 01121 pdb_get_acct_ctrl(sampass)); 01122 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01123 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), 01124 temp); 01125 } else { 01126 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01127 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), 01128 NULL); 01129 } 01130 } 01131 if (need_update(sampass, PDB_NTPASSWD)) { 01132 const uchar *nt_pw = pdb_get_nt_passwd(sampass); 01133 if (nt_pw) { 01134 pdb_sethexpwd(temp, nt_pw, 01135 pdb_get_acct_ctrl(sampass)); 01136 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01137 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), 01138 temp); 01139 } else { 01140 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01141 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), 01142 NULL); 01143 } 01144 } 01145 01146 if (need_update(sampass, PDB_PWHISTORY)) { 01147 uint32 pwHistLen = 0; 01148 pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); 01149 if (pwHistLen == 0) { 01150 /* Remove any password history from the LDAP store. */ 01151 memset(temp, '0', 64); /* NOTE !!!! '0' *NOT '\0' */ 01152 temp[64] = '\0'; 01153 } else { 01154 int i; 01155 uint32 currHistLen = 0; 01156 const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen); 01157 if (pwhist != NULL) { 01158 /* We can only store (sizeof(pstring)-1)/64 password history entries. */ 01159 pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64)); 01160 for (i=0; i< pwHistLen && i < currHistLen; i++) { 01161 /* Store the salt. */ 01162 pdb_sethexpwd(&temp[i*64], &pwhist[i*PW_HISTORY_ENTRY_LEN], 0); 01163 /* Followed by the md5 hash of salt + md4 hash */ 01164 pdb_sethexpwd(&temp[(i*64)+32], 01165 &pwhist[(i*PW_HISTORY_ENTRY_LEN)+PW_HISTORY_SALT_LEN], 0); 01166 DEBUG(100, ("temp=%s\n", temp)); 01167 } 01168 } 01169 } 01170 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01171 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_HISTORY), 01172 temp); 01173 } 01174 01175 if (need_update(sampass, PDB_PASSLASTSET)) { 01176 slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass)); 01177 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01178 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), 01179 temp); 01180 } 01181 } 01182 01183 if (need_update(sampass, PDB_HOURS)) { 01184 const uint8 *hours = pdb_get_hours(sampass); 01185 if (hours) { 01186 pdb_sethexhours(temp, hours); 01187 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, 01188 existing, 01189 mods, 01190 get_userattr_key2string(ldap_state->schema_ver, 01191 LDAP_ATTR_LOGON_HOURS), 01192 temp); 01193 } 01194 } 01195 01196 if (need_update(sampass, PDB_ACCTCTRL)) 01197 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 01198 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), 01199 pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN)); 01200 01201 /* password lockout cache: 01202 - If we are now autolocking or clearing, we write to ldap 01203 - If we are clearing, we delete the cache entry 01204 - If the count is > 0, we update the cache 01205 01206 This even means when autolocking, we cache, just in case the 01207 update doesn't work, and we have to cache the autolock flag */ 01208 01209 if (need_update(sampass, PDB_BAD_PASSWORD_COUNT)) /* && 01210 need_update(sampass, PDB_BAD_PASSWORD_TIME)) */ { 01211 uint16 badcount = pdb_get_bad_password_count(sampass); 01212 time_t badtime = pdb_get_bad_password_time(sampass); 01213 uint32 pol; 01214 pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &pol); 01215 01216 DEBUG(3, ("updating bad password fields, policy=%u, count=%u, time=%u\n", 01217 (unsigned int)pol, (unsigned int)badcount, (unsigned int)badtime)); 01218 01219 if ((badcount >= pol) || (badcount == 0)) { 01220 DEBUG(7, ("making mods to update ldap, count=%u, time=%u\n", 01221 (unsigned int)badcount, (unsigned int)badtime)); 01222 slprintf (temp, sizeof (temp) - 1, "%li", (long)badcount); 01223 smbldap_make_mod( 01224 ldap_state->smbldap_state->ldap_struct, 01225 existing, mods, 01226 get_userattr_key2string( 01227 ldap_state->schema_ver, 01228 LDAP_ATTR_BAD_PASSWORD_COUNT), 01229 temp); 01230 01231 slprintf (temp, sizeof (temp) - 1, "%li", badtime); 01232 smbldap_make_mod( 01233 ldap_state->smbldap_state->ldap_struct, 01234 existing, mods, 01235 get_userattr_key2string( 01236 ldap_state->schema_ver, 01237 LDAP_ATTR_BAD_PASSWORD_TIME), 01238 temp); 01239 } 01240 if (badcount == 0) { 01241 DEBUG(7, ("bad password count is reset, deleting login cache entry for %s\n", pdb_get_nt_username(sampass))); 01242 login_cache_delentry(sampass); 01243 } else { 01244 LOGIN_CACHE cache_entry; 01245 01246 cache_entry.entry_timestamp = time(NULL); 01247 cache_entry.acct_ctrl = pdb_get_acct_ctrl(sampass); 01248 cache_entry.bad_password_count = badcount; 01249 cache_entry.bad_password_time = badtime; 01250 01251 DEBUG(7, ("Updating bad password count and time in login cache\n")); 01252 login_cache_write(sampass, cache_entry); 01253 } 01254 } 01255 01256 return True; 01257 }
static NTSTATUS ldapsam_setsampwent | ( | struct pdb_methods * | my_methods, | |
BOOL | update, | |||
uint32 | acb_mask | |||
) | [static] |
pdb_ldap.c の 1263 行で定義されています。
参照先 all_string_sub()・ldapsam_privates::entry・get_objclass_filter()・get_userattr_list()・ldapsam_privates::index・smbldap_state::ldap_struct・LDAP_SUCCESS・lp_ldap_machine_suffix()・lp_ldap_user_suffix()・pdb_methods::private_data・pstr_sprintf()・ldapsam_privates::result・ldapsam_privates::schema_ver・smbldap_search()・ldapsam_privates::smbldap_state.
参照元 pdb_init_ldapsam_common().
01264 { 01265 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01266 int rc; 01267 pstring filter, suffix; 01268 const char **attr_list; 01269 BOOL machine_mask = False, user_mask = False; 01270 01271 pstr_sprintf( filter, "(&%s%s)", "(uid=%u)", 01272 get_objclass_filter(ldap_state->schema_ver)); 01273 all_string_sub(filter, "%u", "*", sizeof(pstring)); 01274 01275 machine_mask = ((acb_mask != 0) && (acb_mask & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))); 01276 user_mask = ((acb_mask != 0) && (acb_mask & ACB_NORMAL)); 01277 01278 if (machine_mask) { 01279 pstrcpy(suffix, lp_ldap_machine_suffix()); 01280 } else if (user_mask) { 01281 pstrcpy(suffix, lp_ldap_user_suffix()); 01282 } else { 01283 pstrcpy(suffix, lp_ldap_suffix()); 01284 } 01285 01286 DEBUG(10,("ldapsam_setsampwent: LDAP Query for acb_mask 0x%x will use suffix %s\n", 01287 acb_mask, suffix)); 01288 01289 attr_list = get_userattr_list(NULL, ldap_state->schema_ver); 01290 rc = smbldap_search(ldap_state->smbldap_state, suffix, LDAP_SCOPE_SUBTREE, filter, 01291 attr_list, 0, &ldap_state->result); 01292 TALLOC_FREE( attr_list ); 01293 01294 if (rc != LDAP_SUCCESS) { 01295 DEBUG(0, ("ldapsam_setsampwent: LDAP search failed: %s\n", ldap_err2string(rc))); 01296 DEBUG(3, ("ldapsam_setsampwent: Query was: %s, %s\n", suffix, filter)); 01297 ldap_msgfree(ldap_state->result); 01298 ldap_state->result = NULL; 01299 return NT_STATUS_UNSUCCESSFUL; 01300 } 01301 01302 DEBUG(2, ("ldapsam_setsampwent: %d entries in the base %s\n", 01303 ldap_count_entries(ldap_state->smbldap_state->ldap_struct, 01304 ldap_state->result), suffix)); 01305 01306 ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 01307 ldap_state->result); 01308 ldap_state->index = 0; 01309 01310 return NT_STATUS_OK; 01311 }
static void ldapsam_endsampwent | ( | struct pdb_methods * | my_methods | ) | [static] |
pdb_ldap.c の 1317 行で定義されています。
参照先 pdb_methods::private_data・ldapsam_privates::result.
参照元 ldapsam_endsamgrent()・pdb_init_ldapsam_common().
01318 { 01319 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01320 if (ldap_state->result) { 01321 ldap_msgfree(ldap_state->result); 01322 ldap_state->result = NULL; 01323 } 01324 }
static NTSTATUS ldapsam_getsampwent | ( | struct pdb_methods * | my_methods, | |
struct samu * | user | |||
) | [static] |
pdb_ldap.c の 1330 行で定義されています。
参照先 ldapsam_privates::entry・ldapsam_privates::index・init_sam_from_ldap()・priv2ld()・pdb_methods::private_data.
参照元 pdb_init_ldapsam_common().
01332 { 01333 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 01334 struct ldapsam_privates *ldap_state = 01335 (struct ldapsam_privates *)my_methods->private_data; 01336 BOOL bret = False; 01337 01338 while (!bret) { 01339 if (!ldap_state->entry) 01340 return ret; 01341 01342 ldap_state->index++; 01343 bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry); 01344 01345 ldap_state->entry = ldap_next_entry(priv2ld(ldap_state), 01346 ldap_state->entry); 01347 } 01348 01349 return NT_STATUS_OK; 01350 }
static void append_attr | ( | TALLOC_CTX * | mem_ctx, | |
const char *** | attr_list, | |||
const char * | new_attr | |||
) | [static] |
pdb_ldap.c の 1352 行で定義されています。
参照先 talloc_strdup().
参照元 ldapsam_get_ldap_user_by_sid()・ldapsam_getsampwnam().
01354 { 01355 int i; 01356 01357 if (new_attr == NULL) { 01358 return; 01359 } 01360 01361 for (i=0; (*attr_list)[i] != NULL; i++) { 01362 ; 01363 } 01364 01365 (*attr_list) = TALLOC_REALLOC_ARRAY(mem_ctx, (*attr_list), 01366 const char *, i+2); 01367 SMB_ASSERT((*attr_list) != NULL); 01368 (*attr_list)[i] = talloc_strdup((*attr_list), new_attr); 01369 (*attr_list)[i+1] = NULL; 01370 }
static NTSTATUS ldapsam_getsampwnam | ( | struct pdb_methods * | my_methods, | |
struct samu * | user, | |||
const char * | sname | |||
) | [static] |
pdb_ldap.c の 1376 行で定義されています。
参照先 append_attr()・ldapsam_privates::entry・get_userattr_key2string()・get_userattr_list()・init_sam_from_ldap()・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_search_suffix_by_name()・PDB_CHANGED・pdb_set_backend_private_data()・pdb_methods::private_data・result・ldapsam_privates::schema_ver・ldapsam_privates::smbldap_state・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam_common().
01377 { 01378 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 01379 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01380 LDAPMessage *result = NULL; 01381 LDAPMessage *entry = NULL; 01382 int count; 01383 const char ** attr_list; 01384 int rc; 01385 01386 attr_list = get_userattr_list( user, ldap_state->schema_ver ); 01387 append_attr(user, &attr_list, 01388 get_userattr_key2string(ldap_state->schema_ver, 01389 LDAP_ATTR_MOD_TIMESTAMP)); 01390 append_attr(user, &attr_list, "uidNumber"); 01391 rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result, 01392 attr_list); 01393 TALLOC_FREE( attr_list ); 01394 01395 if ( rc != LDAP_SUCCESS ) 01396 return NT_STATUS_NO_SUCH_USER; 01397 01398 count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); 01399 01400 if (count < 1) { 01401 DEBUG(4, ("ldapsam_getsampwnam: Unable to locate user [%s] count=%d\n", sname, count)); 01402 ldap_msgfree(result); 01403 return NT_STATUS_NO_SUCH_USER; 01404 } else if (count > 1) { 01405 DEBUG(1, ("ldapsam_getsampwnam: Duplicate entries for this user [%s] Failing. count=%d\n", sname, count)); 01406 ldap_msgfree(result); 01407 return NT_STATUS_NO_SUCH_USER; 01408 } 01409 01410 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); 01411 if (entry) { 01412 if (!init_sam_from_ldap(ldap_state, user, entry)) { 01413 DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname)); 01414 ldap_msgfree(result); 01415 return NT_STATUS_NO_SUCH_USER; 01416 } 01417 pdb_set_backend_private_data(user, result, NULL, 01418 my_methods, PDB_CHANGED); 01419 talloc_autofree_ldapmsg(user, result); 01420 ret = NT_STATUS_OK; 01421 } else { 01422 ldap_msgfree(result); 01423 } 01424 return ret; 01425 }
static int ldapsam_get_ldap_user_by_sid | ( | struct ldapsam_privates * | ldap_state, | |
const DOM_SID * | sid, | |||
LDAPMessage ** | result | |||
) | [static] |
pdb_ldap.c の 1427 行で定義されています。
参照先 append_attr()・ldapsam_privates::domain_sid・get_userattr_key2string()・get_userattr_list()・LDAP_SUCCESS・ldapsam_search_suffix_by_rid()・ldapsam_search_suffix_by_sid()・ldapsam_privates::schema_ver・sid_peek_check_rid().
参照元 ldapsam_add_sam_account()・ldapsam_getsampwsid().
01429 { 01430 int rc = -1; 01431 const char ** attr_list; 01432 uint32 rid; 01433 01434 switch ( ldap_state->schema_ver ) { 01435 case SCHEMAVER_SAMBASAMACCOUNT: { 01436 TALLOC_CTX *tmp_ctx = talloc_new(NULL); 01437 if (tmp_ctx == NULL) { 01438 return LDAP_NO_MEMORY; 01439 } 01440 01441 attr_list = get_userattr_list(tmp_ctx, 01442 ldap_state->schema_ver); 01443 append_attr(tmp_ctx, &attr_list, 01444 get_userattr_key2string( 01445 ldap_state->schema_ver, 01446 LDAP_ATTR_MOD_TIMESTAMP)); 01447 append_attr(tmp_ctx, &attr_list, "uidNumber"); 01448 rc = ldapsam_search_suffix_by_sid(ldap_state, sid, 01449 result, attr_list); 01450 TALLOC_FREE(tmp_ctx); 01451 01452 if ( rc != LDAP_SUCCESS ) 01453 return rc; 01454 break; 01455 } 01456 01457 case SCHEMAVER_SAMBAACCOUNT: 01458 if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) { 01459 return rc; 01460 } 01461 01462 attr_list = get_userattr_list(NULL, 01463 ldap_state->schema_ver); 01464 rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list ); 01465 TALLOC_FREE( attr_list ); 01466 01467 if ( rc != LDAP_SUCCESS ) 01468 return rc; 01469 break; 01470 } 01471 return rc; 01472 }
static NTSTATUS ldapsam_getsampwsid | ( | struct pdb_methods * | my_methods, | |
struct samu * | user, | |||
const DOM_SID * | sid | |||
) | [static] |
pdb_ldap.c の 1478 行で定義されています。
参照先 ldapsam_privates::entry・init_sam_from_ldap()・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_get_ldap_user_by_sid()・PDB_CHANGED・pdb_set_backend_private_data()・pdb_methods::private_data・result・sid_to_string()・ldapsam_privates::smbldap_state・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam_common().
01479 { 01480 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01481 LDAPMessage *result = NULL; 01482 LDAPMessage *entry = NULL; 01483 int count; 01484 int rc; 01485 fstring sid_string; 01486 01487 rc = ldapsam_get_ldap_user_by_sid(ldap_state, 01488 sid, &result); 01489 if (rc != LDAP_SUCCESS) 01490 return NT_STATUS_NO_SUCH_USER; 01491 01492 count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); 01493 01494 if (count < 1) { 01495 DEBUG(4, ("ldapsam_getsampwsid: Unable to locate SID [%s] count=%d\n", sid_to_string(sid_string, sid), 01496 count)); 01497 ldap_msgfree(result); 01498 return NT_STATUS_NO_SUCH_USER; 01499 } else if (count > 1) { 01500 DEBUG(1, ("ldapsam_getsampwsid: More than one user with SID [%s]. Failing. count=%d\n", sid_to_string(sid_string, sid), 01501 count)); 01502 ldap_msgfree(result); 01503 return NT_STATUS_NO_SUCH_USER; 01504 } 01505 01506 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); 01507 if (!entry) { 01508 ldap_msgfree(result); 01509 return NT_STATUS_NO_SUCH_USER; 01510 } 01511 01512 if (!init_sam_from_ldap(ldap_state, user, entry)) { 01513 DEBUG(1,("ldapsam_getsampwsid: init_sam_from_ldap failed!\n")); 01514 ldap_msgfree(result); 01515 return NT_STATUS_NO_SUCH_USER; 01516 } 01517 01518 pdb_set_backend_private_data(user, result, NULL, 01519 my_methods, PDB_CHANGED); 01520 talloc_autofree_ldapmsg(user, result); 01521 return NT_STATUS_OK; 01522 }
static NTSTATUS ldapsam_modify_entry | ( | struct pdb_methods * | my_methods, | |
struct samu * | newpwd, | |||
char * | dn, | |||
LDAPMod ** | mods, | |||
int | ldap_op, | |||
BOOL(*)(const struct samu *, enum pdb_elements) | need_update | |||
) | [static] |
pdb_ldap.c の 1529 行で定義されています。
参照先 ldapsam_privates::is_nds_ldap・LDAP_PASSWD_SYNC_OFF・smbldap_state::ldap_struct・LDAP_SUCCESS・pdb_get_acct_ctrl()・pdb_get_plaintext_passwd()・pdb_get_username()・pdb_nds_set_password()・PDB_PLAINTEXT_PW・pdb_methods::private_data・push_utf8_allocate()・smbldap_add()・smbldap_extended_operation()・smbldap_has_extension()・smbldap_modify()・smbldap_set_mod()・ldapsam_privates::smbldap_state.
参照元 ldapsam_add_sam_account()・ldapsam_update_sam_account().
01533 { 01534 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01535 int rc; 01536 01537 if (!newpwd || !dn) { 01538 return NT_STATUS_INVALID_PARAMETER; 01539 } 01540 01541 if (!mods) { 01542 DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n")); 01543 /* may be password change below however */ 01544 } else { 01545 switch(ldap_op) { 01546 case LDAP_MOD_ADD: 01547 if (ldap_state->is_nds_ldap) { 01548 smbldap_set_mod(&mods, LDAP_MOD_ADD, 01549 "objectclass", 01550 "inetOrgPerson"); 01551 } else { 01552 smbldap_set_mod(&mods, LDAP_MOD_ADD, 01553 "objectclass", 01554 LDAP_OBJ_ACCOUNT); 01555 } 01556 rc = smbldap_add(ldap_state->smbldap_state, 01557 dn, mods); 01558 break; 01559 case LDAP_MOD_REPLACE: 01560 rc = smbldap_modify(ldap_state->smbldap_state, 01561 dn ,mods); 01562 break; 01563 default: 01564 DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n", 01565 ldap_op)); 01566 return NT_STATUS_INVALID_PARAMETER; 01567 } 01568 01569 if (rc!=LDAP_SUCCESS) { 01570 return NT_STATUS_UNSUCCESSFUL; 01571 } 01572 } 01573 01574 if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) && 01575 (lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) && 01576 need_update(newpwd, PDB_PLAINTEXT_PW) && 01577 (pdb_get_plaintext_passwd(newpwd)!=NULL)) { 01578 BerElement *ber; 01579 struct berval *bv; 01580 char *retoid = NULL; 01581 struct berval *retdata = NULL; 01582 char *utf8_password; 01583 char *utf8_dn; 01584 01585 if (!ldap_state->is_nds_ldap) { 01586 01587 if (!smbldap_has_extension(ldap_state->smbldap_state->ldap_struct, 01588 LDAP_EXOP_MODIFY_PASSWD)) { 01589 DEBUG(2, ("ldap password change requested, but LDAP " 01590 "server does not support it -- ignoring\n")); 01591 return NT_STATUS_OK; 01592 } 01593 } 01594 01595 if (push_utf8_allocate(&utf8_password, pdb_get_plaintext_passwd(newpwd)) == (size_t)-1) { 01596 return NT_STATUS_NO_MEMORY; 01597 } 01598 01599 if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { 01600 SAFE_FREE(utf8_password); 01601 return NT_STATUS_NO_MEMORY; 01602 } 01603 01604 if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) { 01605 DEBUG(0,("ber_alloc_t returns NULL\n")); 01606 SAFE_FREE(utf8_password); 01607 SAFE_FREE(utf8_dn); 01608 return NT_STATUS_UNSUCCESSFUL; 01609 } 01610 01611 ber_printf (ber, "{"); 01612 ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn); 01613 ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password); 01614 ber_printf (ber, "n}"); 01615 01616 if ((rc = ber_flatten (ber, &bv))<0) { 01617 DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n")); 01618 ber_free(ber,1); 01619 SAFE_FREE(utf8_dn); 01620 SAFE_FREE(utf8_password); 01621 return NT_STATUS_UNSUCCESSFUL; 01622 } 01623 01624 SAFE_FREE(utf8_dn); 01625 SAFE_FREE(utf8_password); 01626 ber_free(ber, 1); 01627 01628 if (!ldap_state->is_nds_ldap) { 01629 rc = smbldap_extended_operation(ldap_state->smbldap_state, 01630 LDAP_EXOP_MODIFY_PASSWD, 01631 bv, NULL, NULL, &retoid, 01632 &retdata); 01633 } else { 01634 rc = pdb_nds_set_password(ldap_state->smbldap_state, dn, 01635 pdb_get_plaintext_passwd(newpwd)); 01636 } 01637 if (rc != LDAP_SUCCESS) { 01638 char *ld_error = NULL; 01639 01640 if (rc == LDAP_OBJECT_CLASS_VIOLATION) { 01641 DEBUG(3, ("Could not set userPassword " 01642 "attribute due to an objectClass " 01643 "violation -- ignoring\n")); 01644 ber_bvfree(bv); 01645 return NT_STATUS_OK; 01646 } 01647 01648 ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, 01649 &ld_error); 01650 DEBUG(0,("ldapsam_modify_entry: LDAP Password could not be changed for user %s: %s\n\t%s\n", 01651 pdb_get_username(newpwd), ldap_err2string(rc), ld_error?ld_error:"unknown")); 01652 SAFE_FREE(ld_error); 01653 ber_bvfree(bv); 01654 #if defined(LDAP_CONSTRAINT_VIOLATION) 01655 if (rc == LDAP_CONSTRAINT_VIOLATION) 01656 return NT_STATUS_PASSWORD_RESTRICTION; 01657 #endif 01658 return NT_STATUS_UNSUCCESSFUL; 01659 } else { 01660 DEBUG(3,("ldapsam_modify_entry: LDAP Password changed for user %s\n",pdb_get_username(newpwd))); 01661 #ifdef DEBUG_PASSWORD 01662 DEBUG(100,("ldapsam_modify_entry: LDAP Password changed to %s\n",pdb_get_plaintext_passwd(newpwd))); 01663 #endif 01664 if (retdata) 01665 ber_bvfree(retdata); 01666 if (retoid) 01667 ldap_memfree(retoid); 01668 } 01669 ber_bvfree(bv); 01670 } 01671 return NT_STATUS_OK; 01672 }
static NTSTATUS ldapsam_delete_sam_account | ( | struct pdb_methods * | my_methods, | |
struct samu * | sam_acct | |||
) | [static] |
pdb_ldap.c の 1678 行で定義されています。
参照先 ldapsam_privates::entry・get_userattr_delete_list()・LDAP_SUCCESS・ldapsam_delete_entry()・ldapsam_search_suffix_by_name()・pdb_get_username()・priv2ld()・pdb_methods::private_data・result・ldapsam_privates::schema_ver.
参照元 pdb_init_ldapsam_common().
01680 { 01681 struct ldapsam_privates *priv = 01682 (struct ldapsam_privates *)my_methods->private_data; 01683 const char *sname; 01684 int rc; 01685 LDAPMessage *msg, *entry; 01686 NTSTATUS result = NT_STATUS_NO_MEMORY; 01687 const char **attr_list; 01688 TALLOC_CTX *mem_ctx; 01689 01690 if (!sam_acct) { 01691 DEBUG(0, ("ldapsam_delete_sam_account: sam_acct was NULL!\n")); 01692 return NT_STATUS_INVALID_PARAMETER; 01693 } 01694 01695 sname = pdb_get_username(sam_acct); 01696 01697 DEBUG(3, ("ldapsam_delete_sam_account: Deleting user %s from " 01698 "LDAP.\n", sname)); 01699 01700 mem_ctx = talloc_new(NULL); 01701 if (mem_ctx == NULL) { 01702 DEBUG(0, ("talloc_new failed\n")); 01703 goto done; 01704 } 01705 01706 attr_list = get_userattr_delete_list(mem_ctx, priv->schema_ver ); 01707 if (attr_list == NULL) { 01708 goto done; 01709 } 01710 01711 rc = ldapsam_search_suffix_by_name(priv, sname, &msg, attr_list); 01712 01713 if ((rc != LDAP_SUCCESS) || 01714 (ldap_count_entries(priv2ld(priv), msg) != 1) || 01715 ((entry = ldap_first_entry(priv2ld(priv), msg)) == NULL)) { 01716 DEBUG(5, ("Could not find user %s\n", sname)); 01717 result = NT_STATUS_NO_SUCH_USER; 01718 goto done; 01719 } 01720 01721 rc = ldapsam_delete_entry( 01722 priv, mem_ctx, entry, 01723 priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ? 01724 LDAP_OBJ_SAMBASAMACCOUNT : LDAP_OBJ_SAMBAACCOUNT, 01725 attr_list); 01726 01727 result = (rc == LDAP_SUCCESS) ? 01728 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; 01729 01730 done: 01731 TALLOC_FREE(mem_ctx); 01732 return result; 01733 }
static BOOL element_is_changed | ( | const struct samu * | sampass, | |
enum pdb_elements | element | |||
) | [static] |
static NTSTATUS ldapsam_update_sam_account | ( | struct pdb_methods * | my_methods, | |
struct samu * | newpwd | |||
) | [static] |
pdb_ldap.c の 1750 行で定義されています。
参照先 element_is_changed()・ldapsam_privates::entry・get_userattr_list()・init_ldap_from_sam()・LDAP_PASSWD_SYNC_ONLY・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_modify_entry()・ldapsam_search_suffix_by_name()・PDB_CHANGED・pdb_get_backend_private_data()・pdb_get_username()・pdb_set_backend_private_data()・pdb_methods::private_data・result・ldapsam_privates::schema_ver・smbldap_get_dn()・ldapsam_privates::smbldap_state・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam_common().
01751 { 01752 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 01753 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01754 int rc = 0; 01755 char *dn; 01756 LDAPMessage *result = NULL; 01757 LDAPMessage *entry = NULL; 01758 LDAPMod **mods = NULL; 01759 const char **attr_list; 01760 01761 result = (LDAPMessage *)pdb_get_backend_private_data(newpwd, my_methods); 01762 if (!result) { 01763 attr_list = get_userattr_list(NULL, ldap_state->schema_ver); 01764 if (pdb_get_username(newpwd) == NULL) { 01765 return NT_STATUS_INVALID_PARAMETER; 01766 } 01767 rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list ); 01768 TALLOC_FREE( attr_list ); 01769 if (rc != LDAP_SUCCESS) { 01770 return NT_STATUS_UNSUCCESSFUL; 01771 } 01772 pdb_set_backend_private_data(newpwd, result, NULL, 01773 my_methods, PDB_CHANGED); 01774 talloc_autofree_ldapmsg(newpwd, result); 01775 } 01776 01777 if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) { 01778 DEBUG(0, ("ldapsam_update_sam_account: No user to modify!\n")); 01779 return NT_STATUS_UNSUCCESSFUL; 01780 } 01781 01782 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); 01783 dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); 01784 if (!dn) { 01785 return NT_STATUS_UNSUCCESSFUL; 01786 } 01787 01788 DEBUG(4, ("ldapsam_update_sam_account: user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn)); 01789 01790 if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, 01791 element_is_changed)) { 01792 DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n")); 01793 SAFE_FREE(dn); 01794 if (mods != NULL) 01795 ldap_mods_free(mods,True); 01796 return NT_STATUS_UNSUCCESSFUL; 01797 } 01798 01799 if ((lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_ONLY) 01800 && (mods == NULL)) { 01801 DEBUG(4,("ldapsam_update_sam_account: mods is empty: nothing to update for user: %s\n", 01802 pdb_get_username(newpwd))); 01803 SAFE_FREE(dn); 01804 return NT_STATUS_OK; 01805 } 01806 01807 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed); 01808 01809 if (mods != NULL) { 01810 ldap_mods_free(mods,True); 01811 } 01812 01813 SAFE_FREE(dn); 01814 01815 /* 01816 * We need to set the backend private data to NULL here. For example 01817 * setuserinfo level 25 does a pdb_update_sam_account twice on the 01818 * same one, and with the explicit delete / add logic for attribute 01819 * values the second time we would use the wrong "old" value which 01820 * does not exist in LDAP anymore. Thus the LDAP server would refuse 01821 * the update. 01822 * The existing LDAPMessage is still being auto-freed by the 01823 * destructor. 01824 */ 01825 pdb_set_backend_private_data(newpwd, NULL, NULL, my_methods, 01826 PDB_CHANGED); 01827 01828 if (!NT_STATUS_IS_OK(ret)) { 01829 return ret; 01830 } 01831 01832 DEBUG(2, ("ldapsam_update_sam_account: successfully modified uid = %s in the LDAP database\n", 01833 pdb_get_username(newpwd))); 01834 return NT_STATUS_OK; 01835 }
static NTSTATUS ldapsam_rename_sam_account | ( | struct pdb_methods * | my_methods, | |
struct samu * | old_acct, | |||
const char * | newname | |||
) | [static] |
pdb_ldap.c の 1842 行で定義されています。
参照先 pdb_get_username()・smb_nscd_flush_user_cache()・smbrun()・string_sub2()・strlower_m().
参照元 pdb_init_ldapsam_common().
01845 { 01846 const char *oldname; 01847 int rc; 01848 pstring rename_script; 01849 fstring oldname_lower, newname_lower; 01850 01851 if (!old_acct) { 01852 DEBUG(0, ("ldapsam_rename_sam_account: old_acct was NULL!\n")); 01853 return NT_STATUS_INVALID_PARAMETER; 01854 } 01855 if (!newname) { 01856 DEBUG(0, ("ldapsam_rename_sam_account: newname was NULL!\n")); 01857 return NT_STATUS_INVALID_PARAMETER; 01858 } 01859 01860 oldname = pdb_get_username(old_acct); 01861 01862 /* rename the posix user */ 01863 pstrcpy(rename_script, lp_renameuser_script()); 01864 01865 if (!(*rename_script)) 01866 return NT_STATUS_ACCESS_DENIED; 01867 01868 DEBUG (3, ("ldapsam_rename_sam_account: Renaming user %s to %s.\n", 01869 oldname, newname)); 01870 01871 /* We have to allow the account name to end with a '$'. 01872 Also, follow the semantics in _samr_create_user() and lower case the 01873 posix name but preserve the case in passdb */ 01874 01875 fstrcpy( oldname_lower, oldname ); 01876 strlower_m( oldname_lower ); 01877 fstrcpy( newname_lower, newname ); 01878 strlower_m( newname_lower ); 01879 string_sub2(rename_script, "%unew", newname_lower, sizeof(pstring), 01880 True, False, True); 01881 string_sub2(rename_script, "%uold", oldname_lower, sizeof(pstring), 01882 True, False, True); 01883 rc = smbrun(rename_script, NULL); 01884 01885 DEBUG(rc ? 0 : 3,("Running the command `%s' gave %d\n", 01886 rename_script, rc)); 01887 01888 if (rc == 0) { 01889 smb_nscd_flush_user_cache(); 01890 } 01891 01892 if (rc) 01893 return NT_STATUS_UNSUCCESSFUL; 01894 01895 return NT_STATUS_OK; 01896 }
static BOOL element_is_set_or_changed | ( | const struct samu * | sampass, | |
enum pdb_elements | element | |||
) | [static] |
pdb_ldap.c の 1903 行で定義されています。
参照元 ldapsam_add_sam_account()・ldapsam_create_user().
01905 { 01906 return (IS_SAM_SET(sampass, element) || 01907 IS_SAM_CHANGED(sampass, element)); 01908 }
static NTSTATUS ldapsam_add_sam_account | ( | struct pdb_methods * | my_methods, | |
struct samu * | newpwd | |||
) | [static] |
pdb_ldap.c の 1914 行で定義されています。
参照先 all_string_sub()・element_is_set_or_changed()・ldapsam_privates::entry・escape_ldap_string_alloc()・escape_rdn_val_string_alloc()・get_userattr_key2string()・get_userattr_list()・init_ldap_from_sam()・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_get_ldap_user_by_sid()・ldapsam_modify_entry()・ldapsam_search_suffix_by_name()・lp_ldap_machine_suffix()・lp_ldap_user_suffix()・pdb_get_user_sid()・pdb_get_username()・PDB_USERSID・pdb_methods::private_data・pstr_sprintf()・result・ldapsam_privates::schema_ver・sid_to_string()・smbldap_get_dn()・smbldap_search_suffix()・smbldap_set_mod()・ldapsam_privates::smbldap_state・username.
参照元 pdb_init_ldapsam_common().
01915 { 01916 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 01917 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 01918 int rc; 01919 LDAPMessage *result = NULL; 01920 LDAPMessage *entry = NULL; 01921 pstring dn; 01922 LDAPMod **mods = NULL; 01923 int ldap_op = LDAP_MOD_REPLACE; 01924 uint32 num_result; 01925 const char **attr_list; 01926 char *escape_user; 01927 const char *username = pdb_get_username(newpwd); 01928 const DOM_SID *sid = pdb_get_user_sid(newpwd); 01929 pstring filter; 01930 fstring sid_string; 01931 01932 if (!username || !*username) { 01933 DEBUG(0, ("ldapsam_add_sam_account: Cannot add user without a username!\n")); 01934 return NT_STATUS_INVALID_PARAMETER; 01935 } 01936 01937 /* free this list after the second search or in case we exit on failure */ 01938 attr_list = get_userattr_list(NULL, ldap_state->schema_ver); 01939 01940 rc = ldapsam_search_suffix_by_name (ldap_state, username, &result, attr_list); 01941 01942 if (rc != LDAP_SUCCESS) { 01943 TALLOC_FREE( attr_list ); 01944 return NT_STATUS_UNSUCCESSFUL; 01945 } 01946 01947 if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) { 01948 DEBUG(0,("ldapsam_add_sam_account: User '%s' already in the base, with samba attributes\n", 01949 username)); 01950 ldap_msgfree(result); 01951 TALLOC_FREE( attr_list ); 01952 return NT_STATUS_UNSUCCESSFUL; 01953 } 01954 ldap_msgfree(result); 01955 result = NULL; 01956 01957 if (element_is_set_or_changed(newpwd, PDB_USERSID)) { 01958 rc = ldapsam_get_ldap_user_by_sid(ldap_state, 01959 sid, &result); 01960 if (rc == LDAP_SUCCESS) { 01961 if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) { 01962 DEBUG(0,("ldapsam_add_sam_account: SID '%s' already in the base, with samba attributes\n", 01963 sid_to_string(sid_string, sid))); 01964 TALLOC_FREE( attr_list ); 01965 ldap_msgfree(result); 01966 return NT_STATUS_UNSUCCESSFUL; 01967 } 01968 ldap_msgfree(result); 01969 } 01970 } 01971 01972 /* does the entry already exist but without a samba attributes? 01973 we need to return the samba attributes here */ 01974 01975 escape_user = escape_ldap_string_alloc( username ); 01976 pstrcpy( filter, "(uid=%u)" ); 01977 all_string_sub( filter, "%u", escape_user, sizeof(filter) ); 01978 SAFE_FREE( escape_user ); 01979 01980 rc = smbldap_search_suffix(ldap_state->smbldap_state, 01981 filter, attr_list, &result); 01982 if ( rc != LDAP_SUCCESS ) { 01983 TALLOC_FREE( attr_list ); 01984 return NT_STATUS_UNSUCCESSFUL; 01985 } 01986 01987 num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); 01988 01989 if (num_result > 1) { 01990 DEBUG (0, ("ldapsam_add_sam_account: More than one user with that uid exists: bailing out!\n")); 01991 TALLOC_FREE( attr_list ); 01992 ldap_msgfree(result); 01993 return NT_STATUS_UNSUCCESSFUL; 01994 } 01995 01996 /* Check if we need to update an existing entry */ 01997 if (num_result == 1) { 01998 char *tmp; 01999 02000 DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n")); 02001 ldap_op = LDAP_MOD_REPLACE; 02002 entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result); 02003 tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); 02004 if (!tmp) { 02005 TALLOC_FREE( attr_list ); 02006 ldap_msgfree(result); 02007 return NT_STATUS_UNSUCCESSFUL; 02008 } 02009 slprintf (dn, sizeof (dn) - 1, "%s", tmp); 02010 SAFE_FREE(tmp); 02011 02012 } else if (ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT) { 02013 02014 /* There might be a SID for this account already - say an idmap entry */ 02015 02016 pstr_sprintf(filter, "(&(%s=%s)(|(objectClass=%s)(objectClass=%s)))", 02017 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 02018 sid_to_string(sid_string, sid), 02019 LDAP_OBJ_IDMAP_ENTRY, 02020 LDAP_OBJ_SID_ENTRY); 02021 02022 /* free old result before doing a new search */ 02023 if (result != NULL) { 02024 ldap_msgfree(result); 02025 result = NULL; 02026 } 02027 rc = smbldap_search_suffix(ldap_state->smbldap_state, 02028 filter, attr_list, &result); 02029 02030 if ( rc != LDAP_SUCCESS ) { 02031 TALLOC_FREE( attr_list ); 02032 return NT_STATUS_UNSUCCESSFUL; 02033 } 02034 02035 num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); 02036 02037 if (num_result > 1) { 02038 DEBUG (0, ("ldapsam_add_sam_account: More than one user with specified Sid exists: bailing out!\n")); 02039 TALLOC_FREE( attr_list ); 02040 ldap_msgfree(result); 02041 return NT_STATUS_UNSUCCESSFUL; 02042 } 02043 02044 /* Check if we need to update an existing entry */ 02045 if (num_result == 1) { 02046 char *tmp; 02047 02048 DEBUG(3,("ldapsam_add_sam_account: User exists without samba attributes: adding them\n")); 02049 ldap_op = LDAP_MOD_REPLACE; 02050 entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result); 02051 tmp = smbldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry); 02052 if (!tmp) { 02053 TALLOC_FREE( attr_list ); 02054 ldap_msgfree(result); 02055 return NT_STATUS_UNSUCCESSFUL; 02056 } 02057 slprintf (dn, sizeof (dn) - 1, "%s", tmp); 02058 SAFE_FREE(tmp); 02059 } 02060 } 02061 02062 TALLOC_FREE( attr_list ); 02063 02064 if (num_result == 0) { 02065 char *escape_username; 02066 /* Check if we need to add an entry */ 02067 DEBUG(3,("ldapsam_add_sam_account: Adding new user\n")); 02068 ldap_op = LDAP_MOD_ADD; 02069 02070 escape_username = escape_rdn_val_string_alloc(username); 02071 if (!escape_username) { 02072 DEBUG(0, ("Out of memory!\n")); 02073 ldap_msgfree(result); 02074 return NT_STATUS_NO_MEMORY; 02075 } 02076 02077 if (username[strlen(username)-1] == '$') { 02078 slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_machine_suffix ()); 02079 } else { 02080 slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", escape_username, lp_ldap_user_suffix ()); 02081 } 02082 02083 SAFE_FREE(escape_username); 02084 } 02085 02086 if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, 02087 element_is_set_or_changed)) { 02088 DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n")); 02089 ldap_msgfree(result); 02090 if (mods != NULL) 02091 ldap_mods_free(mods,True); 02092 return NT_STATUS_UNSUCCESSFUL; 02093 } 02094 02095 ldap_msgfree(result); 02096 02097 if (mods == NULL) { 02098 DEBUG(0,("ldapsam_add_sam_account: mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd))); 02099 return NT_STATUS_UNSUCCESSFUL; 02100 } 02101 switch ( ldap_state->schema_ver ) { 02102 case SCHEMAVER_SAMBAACCOUNT: 02103 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT); 02104 break; 02105 case SCHEMAVER_SAMBASAMACCOUNT: 02106 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT); 02107 break; 02108 default: 02109 DEBUG(0,("ldapsam_add_sam_account: invalid schema version specified\n")); 02110 break; 02111 } 02112 02113 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, element_is_set_or_changed); 02114 if (!NT_STATUS_IS_OK(ret)) { 02115 DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n", 02116 pdb_get_username(newpwd),dn)); 02117 ldap_mods_free(mods, True); 02118 return ret; 02119 } 02120 02121 DEBUG(2,("ldapsam_add_sam_account: added: uid == %s in the LDAP database\n", pdb_get_username(newpwd))); 02122 ldap_mods_free(mods, True); 02123 02124 return NT_STATUS_OK; 02125 }
static int ldapsam_search_one_group | ( | struct ldapsam_privates * | ldap_state, | |
const char * | filter, | |||
LDAPMessage ** | result | |||
) | [static] |
pdb_ldap.c の 2130 行で定義されています。
参照先 get_attr_list()・groupmap_attr_list・lp_ldap_group_suffix()・smbldap_search()・ldapsam_privates::smbldap_state.
参照元 ldapsam_enum_aliasmem()・ldapsam_getgroup()・ldapsam_modify_aliasmem().
02133 { 02134 int scope = LDAP_SCOPE_SUBTREE; 02135 int rc; 02136 const char **attr_list; 02137 02138 attr_list = get_attr_list(NULL, groupmap_attr_list); 02139 rc = smbldap_search(ldap_state->smbldap_state, 02140 lp_ldap_group_suffix (), scope, 02141 filter, attr_list, 0, result); 02142 TALLOC_FREE(attr_list); 02143 02144 return rc; 02145 }
static BOOL init_group_from_ldap | ( | struct ldapsam_privates * | ldap_state, | |
GROUP_MAP * | map, | |||
LDAPMessage * | entry | |||
) | [static] |
pdb_ldap.c の 2150 行で定義されています。
参照先 _GROUP_MAP::comment・get_attr_key2string()・_GROUP_MAP::gid・groupmap_attr_list・smbldap_state::ldap_struct・lp_parm_bool()・_GROUP_MAP::nt_name・_GROUP_MAP::sid・SID_NAME_UNKNOWN・_GROUP_MAP::sid_name_use・SID_NAME_USER・smbldap_get_single_pstring()・ldapsam_privates::smbldap_state・store_gid_sid_cache()・string_to_sid().
参照元 ldapsam_getgroup()・ldapsam_getsamgrent().
02152 { 02153 pstring temp; 02154 02155 if (ldap_state == NULL || map == NULL || entry == NULL || 02156 ldap_state->smbldap_state->ldap_struct == NULL) { 02157 DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n")); 02158 return False; 02159 } 02160 02161 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02162 get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp)) { 02163 DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", 02164 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER))); 02165 return False; 02166 } 02167 DEBUG(2, ("init_group_from_ldap: Entry found for group: %s\n", temp)); 02168 02169 map->gid = (gid_t)atol(temp); 02170 02171 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02172 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp)) { 02173 DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", 02174 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID))); 02175 return False; 02176 } 02177 02178 if (!string_to_sid(&map->sid, temp)) { 02179 DEBUG(1, ("SID string [%s] could not be read as a valid SID\n", temp)); 02180 return False; 02181 } 02182 02183 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02184 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) { 02185 DEBUG(0, ("init_group_from_ldap: Mandatory attribute %s not found\n", 02186 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE))); 02187 return False; 02188 } 02189 map->sid_name_use = (enum lsa_SidType)atol(temp); 02190 02191 if ((map->sid_name_use < SID_NAME_USER) || 02192 (map->sid_name_use > SID_NAME_UNKNOWN)) { 02193 DEBUG(0, ("init_group_from_ldap: Unknown Group type: %d\n", map->sid_name_use)); 02194 return False; 02195 } 02196 02197 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02198 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp)) { 02199 temp[0] = '\0'; 02200 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02201 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_CN), temp)) 02202 { 02203 DEBUG(0, ("init_group_from_ldap: Attributes cn not found either \ 02204 for gidNumber(%lu)\n",(unsigned long)map->gid)); 02205 return False; 02206 } 02207 } 02208 fstrcpy(map->nt_name, temp); 02209 02210 if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, 02211 get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp)) { 02212 temp[0] = '\0'; 02213 } 02214 fstrcpy(map->comment, temp); 02215 02216 if (lp_parm_bool(-1, "ldapsam", "trusted", False)) { 02217 store_gid_sid_cache(&map->sid, map->gid); 02218 } 02219 02220 return True; 02221 }
static NTSTATUS ldapsam_getgroup | ( | struct pdb_methods * | methods, | |
const char * | filter, | |||
GROUP_MAP * | map | |||
) | [static] |
pdb_ldap.c の 2226 行で定義されています。
参照先 ldapsam_privates::entry・init_group_from_ldap()・LDAP_SUCCESS・ldapsam_search_one_group()・methods・priv2ld()・result.
参照元 ldapsam_getgrgid()・ldapsam_getgrnam()・ldapsam_getgrsid().
02229 { 02230 struct ldapsam_privates *ldap_state = 02231 (struct ldapsam_privates *)methods->private_data; 02232 LDAPMessage *result = NULL; 02233 LDAPMessage *entry = NULL; 02234 int count; 02235 02236 if (ldapsam_search_one_group(ldap_state, filter, &result) 02237 != LDAP_SUCCESS) { 02238 return NT_STATUS_NO_SUCH_GROUP; 02239 } 02240 02241 count = ldap_count_entries(priv2ld(ldap_state), result); 02242 02243 if (count < 1) { 02244 DEBUG(4, ("ldapsam_getgroup: Did not find group\n")); 02245 ldap_msgfree(result); 02246 return NT_STATUS_NO_SUCH_GROUP; 02247 } 02248 02249 if (count > 1) { 02250 DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " 02251 "count=%d\n", filter, count)); 02252 ldap_msgfree(result); 02253 return NT_STATUS_NO_SUCH_GROUP; 02254 } 02255 02256 entry = ldap_first_entry(priv2ld(ldap_state), result); 02257 02258 if (!entry) { 02259 ldap_msgfree(result); 02260 return NT_STATUS_UNSUCCESSFUL; 02261 } 02262 02263 if (!init_group_from_ldap(ldap_state, map, entry)) { 02264 DEBUG(1, ("ldapsam_getgroup: init_group_from_ldap failed for " 02265 "group filter %s\n", filter)); 02266 ldap_msgfree(result); 02267 return NT_STATUS_NO_SUCH_GROUP; 02268 } 02269 02270 ldap_msgfree(result); 02271 return NT_STATUS_OK; 02272 }
static NTSTATUS ldapsam_getgrsid | ( | struct pdb_methods * | methods, | |
GROUP_MAP * | map, | |||
DOM_SID | sid | |||
) | [static] |
pdb_ldap.c の 2277 行で定義されています。
参照先 get_attr_key2string()・groupmap_attr_list・ldapsam_getgroup()・methods・pstr_sprintf()・sid_string_static().
参照元 pdb_init_ldapsam_common().
02279 { 02280 pstring filter; 02281 02282 pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", 02283 LDAP_OBJ_GROUPMAP, 02284 get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), 02285 sid_string_static(&sid)); 02286 02287 return ldapsam_getgroup(methods, filter, map); 02288 }
static NTSTATUS ldapsam_getgrgid | ( | struct pdb_methods * | methods, | |
GROUP_MAP * | map, | |||
gid_t | gid | |||
) | [static] |
pdb_ldap.c の 2293 行で定義されています。
参照先 get_attr_key2string()・groupmap_attr_list・ldapsam_getgroup()・methods・pstr_sprintf().
参照元 pdb_init_ldapsam_common().
02295 { 02296 pstring filter; 02297 02298 pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))", 02299 LDAP_OBJ_GROUPMAP, 02300 get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), 02301 (unsigned long)gid); 02302 02303 return ldapsam_getgroup(methods, filter, map); 02304 }
static NTSTATUS ldapsam_getgrnam | ( | struct pdb_methods * | methods, | |
GROUP_MAP * | map, | |||
const char * | name | |||
) | [static] |
pdb_ldap.c の 2309 行で定義されています。
参照先 escape_ldap_string_alloc()・get_attr_key2string()・groupmap_attr_list・ldapsam_getgroup()・methods・pstr_sprintf().
参照元 pdb_init_ldapsam_common().
02311 { 02312 pstring filter; 02313 char *escape_name = escape_ldap_string_alloc(name); 02314 02315 if (!escape_name) { 02316 return NT_STATUS_NO_MEMORY; 02317 } 02318 02319 pstr_sprintf(filter, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))", 02320 LDAP_OBJ_GROUPMAP, 02321 get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), escape_name, 02322 get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN), escape_name); 02323 02324 SAFE_FREE(escape_name); 02325 02326 return ldapsam_getgroup(methods, filter, map); 02327 }
static BOOL ldapsam_extract_rid_from_entry | ( | LDAP * | ldap_struct, | |
LDAPMessage * | entry, | |||
const DOM_SID * | domain_sid, | |||
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 2329 行で定義されています。
参照先 domain_sid・sid_compare_domain()・sid_peek_rid()・sid_string_static()・smbldap_get_single_attribute()・string_to_sid().
02333 { 02334 fstring str; 02335 DOM_SID sid; 02336 02337 if (!smbldap_get_single_attribute(ldap_struct, entry, "sambaSID", 02338 str, sizeof(str)-1)) { 02339 DEBUG(10, ("Could not find sambaSID attribute\n")); 02340 return False; 02341 } 02342 02343 if (!string_to_sid(&sid, str)) { 02344 DEBUG(10, ("Could not convert string %s to sid\n", str)); 02345 return False; 02346 } 02347 02348 if (sid_compare_domain(&sid, domain_sid) != 0) { 02349 DEBUG(10, ("SID %s is not in expected domain %s\n", 02350 str, sid_string_static(domain_sid))); 02351 return False; 02352 } 02353 02354 if (!sid_peek_rid(&sid, rid)) { 02355 DEBUG(10, ("Could not peek into RID\n")); 02356 return False; 02357 } 02358 02359 return True; 02360 }
static NTSTATUS ldapsam_enum_group_members | ( | struct pdb_methods * | methods, | |
TALLOC_CTX * | mem_ctx, | |||
const DOM_SID * | group, | |||
uint32 ** | pp_member_rids, | |||
size_t * | p_num_members | |||
) | [static] |
pdb_ldap.c の 2362 行で定義されています。
参照先 methods・ldapsam_privates::smbldap_state.
参照元 pdb_init_ldapsam().
02367 { 02368 struct ldapsam_privates *ldap_state = 02369 (struct ldapsam_privates *)methods->private_data; 02370 struct smbldap_state *conn = ldap_state->smbldap_state; 02371 const char *id_attrs[] = { "memberUid", "gidNumber", NULL }; 02372 const char *sid_attrs[] = { "sambaSID", NULL }; 02373 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 02374 LDAPMessage *result = NULL; 02375 LDAPMessage *entry; 02376 char *filter; 02377 char **values = NULL; 02378 char **memberuid; 02379 char *gidstr; 02380 int rc, count; 02381 02382 *pp_member_rids = NULL; 02383 *p_num_members = 0; 02384 02385 filter = talloc_asprintf(mem_ctx, 02386 "(&(objectClass=%s)" 02387 "(objectClass=%s)" 02388 "(sambaSID=%s))", 02389 LDAP_OBJ_POSIXGROUP, 02390 LDAP_OBJ_GROUPMAP, 02391 sid_string_static(group)); 02392 if (filter == NULL) { 02393 ret = NT_STATUS_NO_MEMORY; 02394 goto done; 02395 } 02396 02397 rc = smbldap_search(conn, lp_ldap_group_suffix(), 02398 LDAP_SCOPE_SUBTREE, filter, id_attrs, 0, 02399 &result); 02400 02401 if (rc != LDAP_SUCCESS) 02402 goto done; 02403 02404 talloc_autofree_ldapmsg(mem_ctx, result); 02405 02406 count = ldap_count_entries(conn->ldap_struct, result); 02407 02408 if (count > 1) { 02409 DEBUG(1, ("Found more than one groupmap entry for %s\n", 02410 sid_string_static(group))); 02411 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02412 goto done; 02413 } 02414 02415 if (count == 0) { 02416 ret = NT_STATUS_NO_SUCH_GROUP; 02417 goto done; 02418 } 02419 02420 entry = ldap_first_entry(conn->ldap_struct, result); 02421 if (entry == NULL) 02422 goto done; 02423 02424 gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx); 02425 if (!gidstr) { 02426 DEBUG (0, ("ldapsam_enum_group_members: Unable to find the group's gid!\n")); 02427 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02428 goto done; 02429 } 02430 02431 values = ldap_get_values(conn->ldap_struct, entry, "memberUid"); 02432 02433 if (values) { 02434 02435 filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT); 02436 if (filter == NULL) { 02437 ret = NT_STATUS_NO_MEMORY; 02438 goto done; 02439 } 02440 02441 for (memberuid = values; *memberuid != NULL; memberuid += 1) { 02442 char *escape_memberuid; 02443 02444 escape_memberuid = escape_ldap_string_alloc(*memberuid); 02445 if (escape_memberuid == NULL) { 02446 ret = NT_STATUS_NO_MEMORY; 02447 goto done; 02448 } 02449 02450 filter = talloc_asprintf_append(filter, "(uid=%s)", escape_memberuid); 02451 if (filter == NULL) { 02452 SAFE_FREE(escape_memberuid); 02453 ret = NT_STATUS_NO_MEMORY; 02454 goto done; 02455 } 02456 02457 SAFE_FREE(escape_memberuid); 02458 } 02459 02460 filter = talloc_asprintf_append(filter, "))"); 02461 if (filter == NULL) { 02462 ret = NT_STATUS_NO_MEMORY; 02463 goto done; 02464 } 02465 02466 rc = smbldap_search(conn, lp_ldap_suffix(), 02467 LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0, 02468 &result); 02469 02470 if (rc != LDAP_SUCCESS) 02471 goto done; 02472 02473 count = ldap_count_entries(conn->ldap_struct, result); 02474 DEBUG(10,("ldapsam_enum_group_members: found %d accounts\n", count)); 02475 02476 talloc_autofree_ldapmsg(mem_ctx, result); 02477 02478 for (entry = ldap_first_entry(conn->ldap_struct, result); 02479 entry != NULL; 02480 entry = ldap_next_entry(conn->ldap_struct, entry)) 02481 { 02482 char *sidstr; 02483 DOM_SID sid; 02484 uint32 rid; 02485 02486 sidstr = smbldap_talloc_single_attribute(conn->ldap_struct, 02487 entry, "sambaSID", 02488 mem_ctx); 02489 if (!sidstr) { 02490 DEBUG(0, ("Severe DB error, sambaSamAccount can't miss " 02491 "the sambaSID attribute\n")); 02492 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02493 goto done; 02494 } 02495 02496 if (!string_to_sid(&sid, sidstr)) 02497 goto done; 02498 02499 if (!sid_check_is_in_our_domain(&sid)) { 02500 DEBUG(0, ("Inconsistent SAM -- group member uid not " 02501 "in our domain\n")); 02502 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02503 goto done; 02504 } 02505 02506 sid_peek_rid(&sid, &rid); 02507 02508 if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, 02509 p_num_members)) { 02510 ret = NT_STATUS_NO_MEMORY; 02511 goto done; 02512 } 02513 } 02514 } 02515 02516 filter = talloc_asprintf(mem_ctx, 02517 "(&(objectClass=%s)" 02518 "(gidNumber=%s))", 02519 LDAP_OBJ_SAMBASAMACCOUNT, 02520 gidstr); 02521 02522 rc = smbldap_search(conn, lp_ldap_suffix(), 02523 LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0, 02524 &result); 02525 02526 if (rc != LDAP_SUCCESS) 02527 goto done; 02528 02529 talloc_autofree_ldapmsg(mem_ctx, result); 02530 02531 for (entry = ldap_first_entry(conn->ldap_struct, result); 02532 entry != NULL; 02533 entry = ldap_next_entry(conn->ldap_struct, entry)) 02534 { 02535 uint32 rid; 02536 02537 if (!ldapsam_extract_rid_from_entry(conn->ldap_struct, 02538 entry, 02539 get_global_sam_sid(), 02540 &rid)) { 02541 DEBUG(0, ("Severe DB error, sambaSamAccount can't miss " 02542 "the sambaSID attribute\n")); 02543 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02544 goto done; 02545 } 02546 02547 if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, 02548 p_num_members)) { 02549 ret = NT_STATUS_NO_MEMORY; 02550 goto done; 02551 } 02552 } 02553 02554 ret = NT_STATUS_OK; 02555 02556 done: 02557 02558 if (values) 02559 ldap_value_free(values); 02560 02561 return ret; 02562 }
static NTSTATUS ldapsam_enum_group_memberships | ( | struct pdb_methods * | methods, | |
TALLOC_CTX * | mem_ctx, | |||
struct samu * | user, | |||
DOM_SID ** | pp_sids, | |||
gid_t ** | pp_gids, | |||
size_t * | p_num_groups | |||
) | [static] |
pdb_ldap.c の 2564 行で定義されています。
参照先 methods・ldapsam_privates::smbldap_state.
参照元 pdb_init_ldapsam().
02570 { 02571 struct ldapsam_privates *ldap_state = 02572 (struct ldapsam_privates *)methods->private_data; 02573 struct smbldap_state *conn = ldap_state->smbldap_state; 02574 char *filter; 02575 const char *attrs[] = { "gidNumber", "sambaSID", NULL }; 02576 char *escape_name; 02577 int rc, count; 02578 LDAPMessage *result = NULL; 02579 LDAPMessage *entry; 02580 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 02581 size_t num_sids, num_gids; 02582 char *gidstr; 02583 gid_t primary_gid = -1; 02584 02585 *pp_sids = NULL; 02586 num_sids = 0; 02587 02588 if (pdb_get_username(user) == NULL) { 02589 return NT_STATUS_INVALID_PARAMETER; 02590 } 02591 02592 escape_name = escape_ldap_string_alloc(pdb_get_username(user)); 02593 if (escape_name == NULL) 02594 return NT_STATUS_NO_MEMORY; 02595 02596 /* retrieve the users primary gid */ 02597 filter = talloc_asprintf(mem_ctx, 02598 "(&(objectClass=%s)(uid=%s))", 02599 LDAP_OBJ_SAMBASAMACCOUNT, 02600 escape_name); 02601 if (filter == NULL) { 02602 ret = NT_STATUS_NO_MEMORY; 02603 goto done; 02604 } 02605 02606 rc = smbldap_search(conn, lp_ldap_suffix(), 02607 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 02608 02609 if (rc != LDAP_SUCCESS) 02610 goto done; 02611 02612 talloc_autofree_ldapmsg(mem_ctx, result); 02613 02614 count = ldap_count_entries(priv2ld(ldap_state), result); 02615 02616 switch (count) { 02617 case 0: 02618 DEBUG(1, ("User account [%s] not found!\n", pdb_get_username(user))); 02619 ret = NT_STATUS_NO_SUCH_USER; 02620 goto done; 02621 case 1: 02622 entry = ldap_first_entry(priv2ld(ldap_state), result); 02623 02624 gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", mem_ctx); 02625 if (!gidstr) { 02626 DEBUG (1, ("Unable to find the member's gid!\n")); 02627 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02628 goto done; 02629 } 02630 primary_gid = strtoul(gidstr, NULL, 10); 02631 break; 02632 default: 02633 DEBUG(1, ("found more than one account with the same user name ?!\n")); 02634 ret = NT_STATUS_INTERNAL_DB_CORRUPTION; 02635 goto done; 02636 } 02637 02638 filter = talloc_asprintf(mem_ctx, 02639 "(&(objectClass=%s)(|(memberUid=%s)(gidNumber=%d)))", 02640 LDAP_OBJ_POSIXGROUP, escape_name, primary_gid); 02641 if (filter == NULL) { 02642 ret = NT_STATUS_NO_MEMORY; 02643 goto done; 02644 } 02645 02646 rc = smbldap_search(conn, lp_ldap_group_suffix(), 02647 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 02648 02649 if (rc != LDAP_SUCCESS) 02650 goto done; 02651 02652 talloc_autofree_ldapmsg(mem_ctx, result); 02653 02654 num_gids = 0; 02655 *pp_gids = NULL; 02656 02657 num_sids = 0; 02658 *pp_sids = NULL; 02659 02660 /* We need to add the primary group as the first gid/sid */ 02661 02662 if (!add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids)) { 02663 ret = NT_STATUS_NO_MEMORY; 02664 goto done; 02665 } 02666 02667 /* This sid will be replaced later */ 02668 02669 if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) { 02670 ret = NT_STATUS_NO_MEMORY; 02671 goto done; 02672 } 02673 02674 for (entry = ldap_first_entry(conn->ldap_struct, result); 02675 entry != NULL; 02676 entry = ldap_next_entry(conn->ldap_struct, entry)) 02677 { 02678 fstring str; 02679 DOM_SID sid; 02680 gid_t gid; 02681 char *end; 02682 02683 if (!smbldap_get_single_attribute(conn->ldap_struct, 02684 entry, "sambaSID", 02685 str, sizeof(str)-1)) 02686 continue; 02687 02688 if (!string_to_sid(&sid, str)) 02689 goto done; 02690 02691 if (!smbldap_get_single_attribute(conn->ldap_struct, 02692 entry, "gidNumber", 02693 str, sizeof(str)-1)) 02694 continue; 02695 02696 gid = strtoul(str, &end, 10); 02697 02698 if (PTR_DIFF(end, str) != strlen(str)) 02699 goto done; 02700 02701 if (gid == primary_gid) { 02702 sid_copy(&(*pp_sids)[0], &sid); 02703 } else { 02704 if (!add_gid_to_array_unique(mem_ctx, gid, pp_gids, 02705 &num_gids)) { 02706 ret = NT_STATUS_NO_MEMORY; 02707 goto done; 02708 } 02709 if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids, 02710 &num_sids)) { 02711 ret = NT_STATUS_NO_MEMORY; 02712 goto done; 02713 } 02714 } 02715 } 02716 02717 if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { 02718 DEBUG(3, ("primary group of [%s] not found\n", 02719 pdb_get_username(user))); 02720 goto done; 02721 } 02722 02723 *p_num_groups = num_sids; 02724 02725 ret = NT_STATUS_OK; 02726 02727 done: 02728 02729 SAFE_FREE(escape_name); 02730 return ret; 02731 }
static NTSTATUS ldapsam_map_posixgroup | ( | TALLOC_CTX * | mem_ctx, | |
struct ldapsam_privates * | ldap_state, | |||
GROUP_MAP * | map | |||
) | [static] |
pdb_ldap.c の 2737 行で定義されています。
参照先 _GROUP_MAP::comment・get_attr_list()・_GROUP_MAP::gid・groupmap_attr_list・smbldap_state::ldap_struct・LDAP_SUCCESS・_GROUP_MAP::nt_name・_GROUP_MAP::sid・_GROUP_MAP::sid_name_use・sid_string_static()・smbldap_make_mod()・smbldap_modify()・smbldap_search_suffix()・smbldap_set_mod()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg().
02740 { 02741 const char *filter, *dn; 02742 LDAPMessage *msg, *entry; 02743 LDAPMod **mods; 02744 int rc; 02745 02746 filter = talloc_asprintf(mem_ctx, 02747 "(&(objectClass=posixGroup)(gidNumber=%u))", 02748 map->gid); 02749 if (filter == NULL) { 02750 return NT_STATUS_NO_MEMORY; 02751 } 02752 02753 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, 02754 get_attr_list(mem_ctx, groupmap_attr_list), 02755 &msg); 02756 talloc_autofree_ldapmsg(mem_ctx, msg); 02757 02758 if ((rc != LDAP_SUCCESS) || 02759 (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) != 1) || 02760 ((entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg)) == NULL)) { 02761 return NT_STATUS_NO_SUCH_GROUP; 02762 } 02763 02764 dn = smbldap_talloc_dn(mem_ctx, ldap_state->smbldap_state->ldap_struct, entry); 02765 if (dn == NULL) { 02766 return NT_STATUS_NO_MEMORY; 02767 } 02768 02769 mods = NULL; 02770 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", 02771 "sambaGroupMapping"); 02772 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaSid", 02773 sid_string_static(&map->sid)); 02774 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaGroupType", 02775 talloc_asprintf(mem_ctx, "%d", map->sid_name_use)); 02776 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName", 02777 map->nt_name); 02778 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description", 02779 map->comment); 02780 talloc_autofree_ldapmod(mem_ctx, mods); 02781 02782 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 02783 if (rc != LDAP_SUCCESS) { 02784 return NT_STATUS_ACCESS_DENIED; 02785 } 02786 02787 return NT_STATUS_OK; 02788 }
static NTSTATUS ldapsam_add_group_mapping_entry | ( | struct pdb_methods * | methods, | |
GROUP_MAP * | map | |||
) | [static] |
pdb_ldap.c の 2790 行で定義されています。
参照先 methods.
参照元 pdb_init_ldapsam_common().
02792 { 02793 struct ldapsam_privates *ldap_state = 02794 (struct ldapsam_privates *)methods->private_data; 02795 LDAPMessage *msg = NULL; 02796 LDAPMod **mods = NULL; 02797 const char *attrs[] = { NULL }; 02798 char *filter; 02799 02800 char *dn; 02801 TALLOC_CTX *mem_ctx; 02802 NTSTATUS result; 02803 02804 DOM_SID sid; 02805 02806 int rc; 02807 02808 mem_ctx = talloc_new(NULL); 02809 if (mem_ctx == NULL) { 02810 DEBUG(0, ("talloc_new failed\n")); 02811 return NT_STATUS_NO_MEMORY; 02812 } 02813 02814 filter = talloc_asprintf(mem_ctx, "(sambaSid=%s)", 02815 sid_string_static(&map->sid)); 02816 if (filter == NULL) { 02817 result = NT_STATUS_NO_MEMORY; 02818 goto done; 02819 } 02820 02821 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(), 02822 LDAP_SCOPE_SUBTREE, filter, attrs, True, &msg); 02823 talloc_autofree_ldapmsg(mem_ctx, msg); 02824 02825 if ((rc == LDAP_SUCCESS) && 02826 (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) > 0)) { 02827 02828 DEBUG(3, ("SID %s already present in LDAP, refusing to add " 02829 "group mapping entry\n", 02830 sid_string_static(&map->sid))); 02831 result = NT_STATUS_GROUP_EXISTS; 02832 goto done; 02833 } 02834 02835 switch (map->sid_name_use) { 02836 02837 case SID_NAME_DOM_GRP: 02838 /* To map a domain group we need to have a posix group 02839 to attach to. */ 02840 result = ldapsam_map_posixgroup(mem_ctx, ldap_state, map); 02841 goto done; 02842 break; 02843 02844 case SID_NAME_ALIAS: 02845 if (!sid_check_is_in_our_domain(&map->sid) 02846 && !sid_check_is_in_builtin(&map->sid) ) 02847 { 02848 DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n", 02849 sid_string_static(&map->sid))); 02850 result = NT_STATUS_INVALID_PARAMETER; 02851 goto done; 02852 } 02853 break; 02854 02855 default: 02856 DEBUG(3, ("Got invalid use '%s' for mapping\n", 02857 sid_type_lookup(map->sid_name_use))); 02858 result = NT_STATUS_INVALID_PARAMETER; 02859 goto done; 02860 } 02861 02862 /* Domain groups have been mapped in a separate routine, we have to 02863 * create an alias now */ 02864 02865 if (map->gid == -1) { 02866 DEBUG(10, ("Refusing to map gid==-1\n")); 02867 result = NT_STATUS_INVALID_PARAMETER; 02868 goto done; 02869 } 02870 02871 if (pdb_gid_to_sid(map->gid, &sid)) { 02872 DEBUG(3, ("Gid %d is already mapped to SID %s, refusing to " 02873 "add\n", map->gid, sid_string_static(&sid))); 02874 result = NT_STATUS_GROUP_EXISTS; 02875 goto done; 02876 } 02877 02878 /* Ok, enough checks done. It's still racy to go ahead now, but that's 02879 * the best we can get out of LDAP. */ 02880 02881 dn = talloc_asprintf(mem_ctx, "sambaSid=%s,%s", 02882 sid_string_static(&map->sid), 02883 lp_ldap_group_suffix()); 02884 if (dn == NULL) { 02885 result = NT_STATUS_NO_MEMORY; 02886 goto done; 02887 } 02888 02889 mods = NULL; 02890 02891 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass", 02892 "sambaSidEntry"); 02893 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "objectClass", 02894 "sambaGroupMapping"); 02895 02896 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaSid", 02897 sid_string_static(&map->sid)); 02898 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "sambaGroupType", 02899 talloc_asprintf(mem_ctx, "%d", map->sid_name_use)); 02900 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "displayName", 02901 map->nt_name); 02902 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "description", 02903 map->comment); 02904 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber", 02905 talloc_asprintf(mem_ctx, "%u", map->gid)); 02906 talloc_autofree_ldapmod(mem_ctx, mods); 02907 02908 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); 02909 02910 result = (rc == LDAP_SUCCESS) ? 02911 NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; 02912 02913 done: 02914 TALLOC_FREE(mem_ctx); 02915 return result; 02916 }
static NTSTATUS ldapsam_update_group_mapping_entry | ( | struct pdb_methods * | methods, | |
GROUP_MAP * | map | |||
) | [static] |
pdb_ldap.c の 2924 行で定義されています。
参照先 _GROUP_MAP::comment・get_attr_list()・_GROUP_MAP::gid・groupmap_attr_list・smbldap_state::ldap_struct・LDAP_SUCCESS・methods・_GROUP_MAP::nt_name・result・_GROUP_MAP::sid・_GROUP_MAP::sid_name_use・sid_string_static()・smbldap_make_mod()・smbldap_modify()・smbldap_search_suffix()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam_common().
02926 { 02927 struct ldapsam_privates *ldap_state = 02928 (struct ldapsam_privates *)methods->private_data; 02929 int rc; 02930 const char *filter, *dn; 02931 LDAPMessage *msg = NULL; 02932 LDAPMessage *entry = NULL; 02933 LDAPMod **mods = NULL; 02934 TALLOC_CTX *mem_ctx; 02935 NTSTATUS result; 02936 02937 mem_ctx = talloc_new(NULL); 02938 if (mem_ctx == NULL) { 02939 DEBUG(0, ("talloc_new failed\n")); 02940 return NT_STATUS_NO_MEMORY; 02941 } 02942 02943 /* Make 100% sure that sid, gid and type are not changed by looking up 02944 * exactly the values we're given in LDAP. */ 02945 02946 filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)" 02947 "(sambaSid=%s)(gidNumber=%u)" 02948 "(sambaGroupType=%d))", 02949 LDAP_OBJ_GROUPMAP, 02950 sid_string_static(&map->sid), map->gid, 02951 map->sid_name_use); 02952 if (filter == NULL) { 02953 result = NT_STATUS_NO_MEMORY; 02954 goto done; 02955 } 02956 02957 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, 02958 get_attr_list(mem_ctx, groupmap_attr_list), 02959 &msg); 02960 talloc_autofree_ldapmsg(mem_ctx, msg); 02961 02962 if ((rc != LDAP_SUCCESS) || 02963 (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, msg) != 1) || 02964 ((entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, msg)) == NULL)) { 02965 result = NT_STATUS_NO_SUCH_GROUP; 02966 goto done; 02967 } 02968 02969 dn = smbldap_talloc_dn(mem_ctx, ldap_state->smbldap_state->ldap_struct, entry); 02970 02971 if (dn == NULL) { 02972 result = NT_STATUS_NO_MEMORY; 02973 goto done; 02974 } 02975 02976 mods = NULL; 02977 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "displayName", 02978 map->nt_name); 02979 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description", 02980 map->comment); 02981 talloc_autofree_ldapmod(mem_ctx, mods); 02982 02983 if (mods == NULL) { 02984 DEBUG(4, ("ldapsam_update_group_mapping_entry: mods is empty: " 02985 "nothing to do\n")); 02986 result = NT_STATUS_OK; 02987 goto done; 02988 } 02989 02990 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 02991 02992 if (rc != LDAP_SUCCESS) { 02993 result = NT_STATUS_ACCESS_DENIED; 02994 goto done; 02995 } 02996 02997 DEBUG(2, ("ldapsam_update_group_mapping_entry: successfully modified " 02998 "group %lu in LDAP\n", (unsigned long)map->gid)); 02999 03000 result = NT_STATUS_OK; 03001 03002 done: 03003 TALLOC_FREE(mem_ctx); 03004 return result; 03005 }
static NTSTATUS ldapsam_delete_group_mapping_entry | ( | struct pdb_methods * | methods, | |
DOM_SID | sid | |||
) | [static] |
pdb_ldap.c の 3010 行で定義されています。
参照先 get_attr_list()・groupmap_attr_list・groupmap_attr_list_to_delete・LDAP_SUCCESS・ldapsam_delete_entry()・methods・priv2ld()・result・sid_string_static()・smbldap_search_suffix()・ldapsam_privates::smbldap_state・talloc_asprintf()・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam_common().
03012 { 03013 struct ldapsam_privates *priv = 03014 (struct ldapsam_privates *)methods->private_data; 03015 LDAPMessage *msg, *entry; 03016 int rc; 03017 NTSTATUS result; 03018 TALLOC_CTX *mem_ctx; 03019 char *filter; 03020 03021 mem_ctx = talloc_new(NULL); 03022 if (mem_ctx == NULL) { 03023 DEBUG(0, ("talloc_new failed\n")); 03024 return NT_STATUS_NO_MEMORY; 03025 } 03026 03027 filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))", 03028 LDAP_OBJ_GROUPMAP, LDAP_ATTRIBUTE_SID, 03029 sid_string_static(&sid)); 03030 if (filter == NULL) { 03031 result = NT_STATUS_NO_MEMORY; 03032 goto done; 03033 } 03034 rc = smbldap_search_suffix(priv->smbldap_state, filter, 03035 get_attr_list(mem_ctx, groupmap_attr_list), 03036 &msg); 03037 talloc_autofree_ldapmsg(mem_ctx, msg); 03038 03039 if ((rc != LDAP_SUCCESS) || 03040 (ldap_count_entries(priv2ld(priv), msg) != 1) || 03041 ((entry = ldap_first_entry(priv2ld(priv), msg)) == NULL)) { 03042 result = NT_STATUS_NO_SUCH_GROUP; 03043 goto done; 03044 } 03045 03046 rc = ldapsam_delete_entry(priv, mem_ctx, entry, LDAP_OBJ_GROUPMAP, 03047 get_attr_list(mem_ctx, 03048 groupmap_attr_list_to_delete)); 03049 03050 if ((rc == LDAP_NAMING_VIOLATION) || 03051 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 03052 const char *attrs[] = { "sambaGroupType", "description", 03053 "displayName", "sambaSIDList", 03054 NULL }; 03055 03056 /* Second try. Don't delete the sambaSID attribute, this is 03057 for "old" entries that are tacked on a winbind 03058 sambaIdmapEntry. */ 03059 03060 rc = ldapsam_delete_entry(priv, mem_ctx, entry, 03061 LDAP_OBJ_GROUPMAP, attrs); 03062 } 03063 03064 if ((rc == LDAP_NAMING_VIOLATION) || 03065 (rc == LDAP_OBJECT_CLASS_VIOLATION)) { 03066 const char *attrs[] = { "sambaGroupType", "description", 03067 "displayName", "sambaSIDList", 03068 "gidNumber", NULL }; 03069 03070 /* Third try. This is a post-3.0.21 alias (containing only 03071 * sambaSidEntry and sambaGroupMapping classes), we also have 03072 * to delete the gidNumber attribute, only the sambaSidEntry 03073 * remains */ 03074 03075 rc = ldapsam_delete_entry(priv, mem_ctx, entry, 03076 LDAP_OBJ_GROUPMAP, attrs); 03077 } 03078 03079 result = (rc == LDAP_SUCCESS) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; 03080 03081 done: 03082 TALLOC_FREE(mem_ctx); 03083 return result; 03084 }
static NTSTATUS ldapsam_setsamgrent | ( | struct pdb_methods * | my_methods, | |
BOOL | update | |||
) | [static] |
pdb_ldap.c の 3089 行で定義されています。
参照先 ldapsam_privates::entry・get_attr_list()・groupmap_attr_list・ldapsam_privates::index・smbldap_state::ldap_struct・LDAP_SUCCESS・lp_ldap_group_suffix()・pdb_methods::private_data・pstr_sprintf()・ldapsam_privates::result・smbldap_search()・ldapsam_privates::smbldap_state.
参照元 ldapsam_enum_group_mapping().
03091 { 03092 struct ldapsam_privates *ldap_state = 03093 (struct ldapsam_privates *)my_methods->private_data; 03094 fstring filter; 03095 int rc; 03096 const char **attr_list; 03097 03098 pstr_sprintf( filter, "(objectclass=%s)", LDAP_OBJ_GROUPMAP); 03099 attr_list = get_attr_list( NULL, groupmap_attr_list ); 03100 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), 03101 LDAP_SCOPE_SUBTREE, filter, 03102 attr_list, 0, &ldap_state->result); 03103 TALLOC_FREE(attr_list); 03104 03105 if (rc != LDAP_SUCCESS) { 03106 DEBUG(0, ("ldapsam_setsamgrent: LDAP search failed: %s\n", 03107 ldap_err2string(rc))); 03108 DEBUG(3, ("ldapsam_setsamgrent: Query was: %s, %s\n", 03109 lp_ldap_group_suffix(), filter)); 03110 ldap_msgfree(ldap_state->result); 03111 ldap_state->result = NULL; 03112 return NT_STATUS_UNSUCCESSFUL; 03113 } 03114 03115 DEBUG(2, ("ldapsam_setsamgrent: %d entries in the base!\n", 03116 ldap_count_entries(ldap_state->smbldap_state->ldap_struct, 03117 ldap_state->result))); 03118 03119 ldap_state->entry = 03120 ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 03121 ldap_state->result); 03122 ldap_state->index = 0; 03123 03124 return NT_STATUS_OK; 03125 }
static void ldapsam_endsamgrent | ( | struct pdb_methods * | my_methods | ) | [static] |
pdb_ldap.c の 3130 行で定義されています。
参照元 ldapsam_enum_group_mapping().
03131 { 03132 ldapsam_endsampwent(my_methods); 03133 }
static NTSTATUS ldapsam_getsamgrent | ( | struct pdb_methods * | my_methods, | |
GROUP_MAP * | map | |||
) | [static] |
pdb_ldap.c の 3138 行で定義されています。
参照先 ldapsam_privates::entry・ldapsam_privates::index・init_group_from_ldap()・smbldap_state::ldap_struct・pdb_methods::private_data・ldapsam_privates::smbldap_state.
参照元 ldapsam_enum_group_mapping().
03140 { 03141 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 03142 struct ldapsam_privates *ldap_state = 03143 (struct ldapsam_privates *)my_methods->private_data; 03144 BOOL bret = False; 03145 03146 while (!bret) { 03147 if (!ldap_state->entry) 03148 return ret; 03149 03150 ldap_state->index++; 03151 bret = init_group_from_ldap(ldap_state, map, 03152 ldap_state->entry); 03153 03154 ldap_state->entry = 03155 ldap_next_entry(ldap_state->smbldap_state->ldap_struct, 03156 ldap_state->entry); 03157 } 03158 03159 return NT_STATUS_OK; 03160 }
static NTSTATUS ldapsam_enum_group_mapping | ( | struct pdb_methods * | methods, | |
const DOM_SID * | domsid, | |||
enum lsa_SidType | sid_name_use, | |||
GROUP_MAP ** | pp_rmap, | |||
size_t * | p_num_entries, | |||
BOOL | unix_only | |||
) | [static] |
pdb_ldap.c の 3165 行で定義されています。
参照先 _GROUP_MAP::gid・ldapsam_endsamgrent()・ldapsam_getsamgrent()・ldapsam_setsamgrent()・methods・_GROUP_MAP::nt_name・SID_NAME_UNKNOWN・_GROUP_MAP::sid_name_use.
参照元 pdb_init_ldapsam_common().
03170 { 03171 GROUP_MAP map; 03172 size_t entries = 0; 03173 03174 *p_num_entries = 0; 03175 *pp_rmap = NULL; 03176 03177 if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) { 03178 DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open " 03179 "passdb\n")); 03180 return NT_STATUS_ACCESS_DENIED; 03181 } 03182 03183 while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) { 03184 if (sid_name_use != SID_NAME_UNKNOWN && 03185 sid_name_use != map.sid_name_use) { 03186 DEBUG(11,("ldapsam_enum_group_mapping: group %s is " 03187 "not of the requested type\n", map.nt_name)); 03188 continue; 03189 } 03190 if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { 03191 DEBUG(11,("ldapsam_enum_group_mapping: group %s is " 03192 "non mapped\n", map.nt_name)); 03193 continue; 03194 } 03195 03196 (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); 03197 if (!(*pp_rmap)) { 03198 DEBUG(0,("ldapsam_enum_group_mapping: Unable to " 03199 "enlarge group map!\n")); 03200 return NT_STATUS_UNSUCCESSFUL; 03201 } 03202 03203 (*pp_rmap)[entries] = map; 03204 03205 entries += 1; 03206 03207 } 03208 ldapsam_endsamgrent(methods); 03209 03210 *p_num_entries = entries; 03211 03212 return NT_STATUS_OK; 03213 }
static NTSTATUS ldapsam_modify_aliasmem | ( | struct pdb_methods * | methods, | |
const DOM_SID * | alias, | |||
const DOM_SID * | member, | |||
int | modop | |||
) | [static] |
pdb_ldap.c の 3215 行で定義されています。
参照先 get_attr_key2string()・groupmap_attr_list・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_search_one_group()・methods・pstr_sprintf()・result・sid_check_is_in_builtin()・sid_check_is_in_our_domain()・SID_NAME_ALIAS・SID_NAME_USE_NONE・sid_string_static()・smbldap_get_dn()・smbldap_modify()・smbldap_set_mod()・ldapsam_privates::smbldap_state・type.
参照元 ldapsam_add_aliasmem()・ldapsam_del_aliasmem().
03219 { 03220 struct ldapsam_privates *ldap_state = 03221 (struct ldapsam_privates *)methods->private_data; 03222 char *dn; 03223 LDAPMessage *result = NULL; 03224 LDAPMessage *entry = NULL; 03225 int count; 03226 LDAPMod **mods = NULL; 03227 int rc; 03228 enum lsa_SidType type = SID_NAME_USE_NONE; 03229 03230 pstring filter; 03231 03232 if (sid_check_is_in_builtin(alias)) { 03233 type = SID_NAME_ALIAS; 03234 } 03235 03236 if (sid_check_is_in_our_domain(alias)) { 03237 type = SID_NAME_ALIAS; 03238 } 03239 03240 if (type == SID_NAME_USE_NONE) { 03241 DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n", 03242 sid_string_static(alias))); 03243 return NT_STATUS_NO_SUCH_ALIAS; 03244 } 03245 03246 pstr_sprintf(filter, 03247 "(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))", 03248 LDAP_OBJ_GROUPMAP, sid_string_static(alias), 03249 type); 03250 03251 if (ldapsam_search_one_group(ldap_state, filter, 03252 &result) != LDAP_SUCCESS) 03253 return NT_STATUS_NO_SUCH_ALIAS; 03254 03255 count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, 03256 result); 03257 03258 if (count < 1) { 03259 DEBUG(4, ("ldapsam_modify_aliasmem: Did not find alias\n")); 03260 ldap_msgfree(result); 03261 return NT_STATUS_NO_SUCH_ALIAS; 03262 } 03263 03264 if (count > 1) { 03265 DEBUG(1, ("ldapsam_modify_aliasmem: Duplicate entries for " 03266 "filter %s: count=%d\n", filter, count)); 03267 ldap_msgfree(result); 03268 return NT_STATUS_NO_SUCH_ALIAS; 03269 } 03270 03271 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 03272 result); 03273 03274 if (!entry) { 03275 ldap_msgfree(result); 03276 return NT_STATUS_UNSUCCESSFUL; 03277 } 03278 03279 dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); 03280 if (!dn) { 03281 ldap_msgfree(result); 03282 return NT_STATUS_UNSUCCESSFUL; 03283 } 03284 03285 smbldap_set_mod(&mods, modop, 03286 get_attr_key2string(groupmap_attr_list, 03287 LDAP_ATTR_SID_LIST), 03288 sid_string_static(member)); 03289 03290 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 03291 03292 ldap_mods_free(mods, True); 03293 ldap_msgfree(result); 03294 SAFE_FREE(dn); 03295 03296 if (rc == LDAP_TYPE_OR_VALUE_EXISTS) { 03297 return NT_STATUS_MEMBER_IN_ALIAS; 03298 } 03299 03300 if (rc == LDAP_NO_SUCH_ATTRIBUTE) { 03301 return NT_STATUS_MEMBER_NOT_IN_ALIAS; 03302 } 03303 03304 if (rc != LDAP_SUCCESS) { 03305 return NT_STATUS_UNSUCCESSFUL; 03306 } 03307 03308 return NT_STATUS_OK; 03309 }
static NTSTATUS ldapsam_add_aliasmem | ( | struct pdb_methods * | methods, | |
const DOM_SID * | alias, | |||
const DOM_SID * | member | |||
) | [static] |
pdb_ldap.c の 3311 行で定義されています。
参照先 ldapsam_modify_aliasmem()・methods.
参照元 pdb_init_ldapsam().
03314 { 03315 return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD); 03316 }
static NTSTATUS ldapsam_del_aliasmem | ( | struct pdb_methods * | methods, | |
const DOM_SID * | alias, | |||
const DOM_SID * | member | |||
) | [static] |
pdb_ldap.c の 3318 行で定義されています。
参照先 ldapsam_modify_aliasmem()・methods.
参照元 pdb_init_ldapsam().
03321 { 03322 return ldapsam_modify_aliasmem(methods, alias, member, 03323 LDAP_MOD_DELETE); 03324 }
static NTSTATUS ldapsam_enum_aliasmem | ( | struct pdb_methods * | methods, | |
const DOM_SID * | alias, | |||
DOM_SID ** | pp_members, | |||
size_t * | p_num_members | |||
) | [static] |
pdb_ldap.c の 3326 行で定義されています。
参照先 add_sid_to_array()・get_attr_key2string()・groupmap_attr_list・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_search_one_group()・methods・pstr_sprintf()・result・sid_check_is_in_builtin()・sid_check_is_in_our_domain()・SID_NAME_ALIAS・SID_NAME_USE_NONE・sid_string_static()・ldapsam_privates::smbldap_state・string_to_sid()・type.
参照元 pdb_init_ldapsam().
03330 { 03331 struct ldapsam_privates *ldap_state = 03332 (struct ldapsam_privates *)methods->private_data; 03333 LDAPMessage *result = NULL; 03334 LDAPMessage *entry = NULL; 03335 int count; 03336 char **values; 03337 int i; 03338 pstring filter; 03339 size_t num_members = 0; 03340 enum lsa_SidType type = SID_NAME_USE_NONE; 03341 03342 *pp_members = NULL; 03343 *p_num_members = 0; 03344 03345 if (sid_check_is_in_builtin(alias)) { 03346 type = SID_NAME_ALIAS; 03347 } 03348 03349 if (sid_check_is_in_our_domain(alias)) { 03350 type = SID_NAME_ALIAS; 03351 } 03352 03353 if (type == SID_NAME_USE_NONE) { 03354 DEBUG(5, ("SID %s is neither in builtin nor in our domain!\n", 03355 sid_string_static(alias))); 03356 return NT_STATUS_NO_SUCH_ALIAS; 03357 } 03358 03359 pstr_sprintf(filter, 03360 "(&(objectClass=%s)(sambaSid=%s)(sambaGroupType=%d))", 03361 LDAP_OBJ_GROUPMAP, sid_string_static(alias), 03362 type); 03363 03364 if (ldapsam_search_one_group(ldap_state, filter, 03365 &result) != LDAP_SUCCESS) 03366 return NT_STATUS_NO_SUCH_ALIAS; 03367 03368 count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, 03369 result); 03370 03371 if (count < 1) { 03372 DEBUG(4, ("ldapsam_enum_aliasmem: Did not find alias\n")); 03373 ldap_msgfree(result); 03374 return NT_STATUS_NO_SUCH_ALIAS; 03375 } 03376 03377 if (count > 1) { 03378 DEBUG(1, ("ldapsam_enum_aliasmem: Duplicate entries for " 03379 "filter %s: count=%d\n", filter, count)); 03380 ldap_msgfree(result); 03381 return NT_STATUS_NO_SUCH_ALIAS; 03382 } 03383 03384 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 03385 result); 03386 03387 if (!entry) { 03388 ldap_msgfree(result); 03389 return NT_STATUS_UNSUCCESSFUL; 03390 } 03391 03392 values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, 03393 entry, 03394 get_attr_key2string(groupmap_attr_list, 03395 LDAP_ATTR_SID_LIST)); 03396 03397 if (values == NULL) { 03398 ldap_msgfree(result); 03399 return NT_STATUS_OK; 03400 } 03401 03402 count = ldap_count_values(values); 03403 03404 for (i=0; i<count; i++) { 03405 DOM_SID member; 03406 03407 if (!string_to_sid(&member, values[i])) 03408 continue; 03409 03410 if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) { 03411 ldap_value_free(values); 03412 ldap_msgfree(result); 03413 return NT_STATUS_NO_MEMORY; 03414 } 03415 } 03416 03417 *p_num_members = num_members; 03418 ldap_value_free(values); 03419 ldap_msgfree(result); 03420 03421 return NT_STATUS_OK; 03422 }
static NTSTATUS ldapsam_alias_memberships | ( | struct pdb_methods * | methods, | |
TALLOC_CTX * | mem_ctx, | |||
const DOM_SID * | domain_sid, | |||
const DOM_SID * | members, | |||
size_t | num_members, | |||
uint32 ** | pp_alias_rids, | |||
size_t * | p_num_alias_rids | |||
) | [static] |
pdb_ldap.c の 3424 行で定義されています。
参照先 methods.
参照元 pdb_init_ldapsam().
03431 { 03432 struct ldapsam_privates *ldap_state = 03433 (struct ldapsam_privates *)methods->private_data; 03434 LDAP *ldap_struct; 03435 03436 const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL }; 03437 03438 LDAPMessage *result = NULL; 03439 LDAPMessage *entry = NULL; 03440 int i; 03441 int rc; 03442 char *filter; 03443 enum lsa_SidType type = SID_NAME_USE_NONE; 03444 03445 if (sid_check_is_builtin(domain_sid)) { 03446 type = SID_NAME_ALIAS; 03447 } 03448 03449 if (sid_check_is_domain(domain_sid)) { 03450 type = SID_NAME_ALIAS; 03451 } 03452 03453 if (type == SID_NAME_USE_NONE) { 03454 DEBUG(5, ("SID %s is neither builtin nor domain!\n", 03455 sid_string_static(domain_sid))); 03456 return NT_STATUS_UNSUCCESSFUL; 03457 } 03458 03459 filter = talloc_asprintf(mem_ctx, 03460 "(&(|(objectclass=%s)(sambaGroupType=%d))(|", 03461 LDAP_OBJ_GROUPMAP, type); 03462 03463 for (i=0; i<num_members; i++) 03464 filter = talloc_asprintf(mem_ctx, "%s(sambaSIDList=%s)", 03465 filter, 03466 sid_string_static(&members[i])); 03467 03468 filter = talloc_asprintf(mem_ctx, "%s))", filter); 03469 03470 if (filter == NULL) { 03471 return NT_STATUS_NO_MEMORY; 03472 } 03473 03474 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), 03475 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 03476 03477 if (rc != LDAP_SUCCESS) 03478 return NT_STATUS_UNSUCCESSFUL; 03479 03480 ldap_struct = ldap_state->smbldap_state->ldap_struct; 03481 03482 for (entry = ldap_first_entry(ldap_struct, result); 03483 entry != NULL; 03484 entry = ldap_next_entry(ldap_struct, entry)) 03485 { 03486 fstring sid_str; 03487 DOM_SID sid; 03488 uint32 rid; 03489 03490 if (!smbldap_get_single_attribute(ldap_struct, entry, 03491 LDAP_ATTRIBUTE_SID, 03492 sid_str, 03493 sizeof(sid_str)-1)) 03494 continue; 03495 03496 if (!string_to_sid(&sid, sid_str)) 03497 continue; 03498 03499 if (!sid_peek_check_rid(domain_sid, &sid, &rid)) 03500 continue; 03501 03502 if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, 03503 p_num_alias_rids)) { 03504 ldap_msgfree(result); 03505 return NT_STATUS_NO_MEMORY; 03506 } 03507 } 03508 03509 ldap_msgfree(result); 03510 return NT_STATUS_OK; 03511 }
static NTSTATUS ldapsam_set_account_policy_in_ldap | ( | struct pdb_methods * | methods, | |
int | policy_index, | |||
uint32 | value | |||
) | [static] |
pdb_ldap.c の 3513 行で定義されています。
参照先 cache_account_policy_set()・ldapsam_privates::domain_dn・get_account_policy_attr()・LDAP_SUCCESS・methods・ntstatus・smbldap_modify()・smbldap_set_mod()・ldapsam_privates::smbldap_state.
参照元 ldapsam_set_account_policy().
03516 { 03517 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; 03518 int rc; 03519 LDAPMod **mods = NULL; 03520 fstring value_string; 03521 const char *policy_attr = NULL; 03522 03523 struct ldapsam_privates *ldap_state = 03524 (struct ldapsam_privates *)methods->private_data; 03525 03526 DEBUG(10,("ldapsam_set_account_policy_in_ldap\n")); 03527 03528 if (!ldap_state->domain_dn) { 03529 return NT_STATUS_INVALID_PARAMETER; 03530 } 03531 03532 policy_attr = get_account_policy_attr(policy_index); 03533 if (policy_attr == NULL) { 03534 DEBUG(0,("ldapsam_set_account_policy_in_ldap: invalid " 03535 "policy\n")); 03536 return ntstatus; 03537 } 03538 03539 slprintf(value_string, sizeof(value_string) - 1, "%i", value); 03540 03541 smbldap_set_mod(&mods, LDAP_MOD_REPLACE, policy_attr, value_string); 03542 03543 rc = smbldap_modify(ldap_state->smbldap_state, ldap_state->domain_dn, 03544 mods); 03545 03546 ldap_mods_free(mods, True); 03547 03548 if (rc != LDAP_SUCCESS) { 03549 return ntstatus; 03550 } 03551 03552 if (!cache_account_policy_set(policy_index, value)) { 03553 DEBUG(0,("ldapsam_set_account_policy_in_ldap: failed to " 03554 "update local tdb cache\n")); 03555 return ntstatus; 03556 } 03557 03558 return NT_STATUS_OK; 03559 }
static NTSTATUS ldapsam_set_account_policy | ( | struct pdb_methods * | methods, | |
int | policy_index, | |||
uint32 | value | |||
) | [static] |
pdb_ldap.c の 3561 行で定義されています。
参照先 ldapsam_set_account_policy_in_ldap()・methods.
参照元 ldapsam_get_account_policy()・pdb_init_ldapsam_common().
03563 { 03564 return ldapsam_set_account_policy_in_ldap(methods, policy_index, 03565 value); 03566 }
static NTSTATUS ldapsam_get_account_policy_from_ldap | ( | struct pdb_methods * | methods, | |
int | policy_index, | |||
uint32 * | value | |||
) | [static] |
pdb_ldap.c の 3568 行で定義されています。
参照先 ldapsam_privates::domain_dn・get_account_policy_attr()・LDAP_SUCCESS・methods・ntstatus・priv2ld()・smbldap_search()・ldapsam_privates::smbldap_state.
参照元 ldapsam_get_account_policy().
03571 { 03572 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; 03573 LDAPMessage *result = NULL; 03574 LDAPMessage *entry = NULL; 03575 int count; 03576 int rc; 03577 char **vals = NULL; 03578 const char *policy_attr = NULL; 03579 03580 struct ldapsam_privates *ldap_state = 03581 (struct ldapsam_privates *)methods->private_data; 03582 03583 const char *attrs[2]; 03584 03585 DEBUG(10,("ldapsam_get_account_policy_from_ldap\n")); 03586 03587 if (!ldap_state->domain_dn) { 03588 return NT_STATUS_INVALID_PARAMETER; 03589 } 03590 03591 policy_attr = get_account_policy_attr(policy_index); 03592 if (!policy_attr) { 03593 DEBUG(0,("ldapsam_get_account_policy_from_ldap: invalid " 03594 "policy index: %d\n", policy_index)); 03595 return ntstatus; 03596 } 03597 03598 attrs[0] = policy_attr; 03599 attrs[1] = NULL; 03600 03601 rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, 03602 LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0, 03603 &result); 03604 03605 if (rc != LDAP_SUCCESS) { 03606 return ntstatus; 03607 } 03608 03609 count = ldap_count_entries(priv2ld(ldap_state), result); 03610 if (count < 1) { 03611 goto out; 03612 } 03613 03614 entry = ldap_first_entry(priv2ld(ldap_state), result); 03615 if (entry == NULL) { 03616 goto out; 03617 } 03618 03619 vals = ldap_get_values(priv2ld(ldap_state), entry, policy_attr); 03620 if (vals == NULL) { 03621 goto out; 03622 } 03623 03624 *value = (uint32)atol(vals[0]); 03625 03626 ntstatus = NT_STATUS_OK; 03627 03628 out: 03629 if (vals) 03630 ldap_value_free(vals); 03631 ldap_msgfree(result); 03632 03633 return ntstatus; 03634 }
static NTSTATUS ldapsam_get_account_policy | ( | struct pdb_methods * | methods, | |
int | policy_index, | |||
uint32 * | value | |||
) | [static] |
pdb_ldap.c の 3647 行で定義されています。
参照先 account_policy_get()・account_policy_get_default()・cache_account_policy_get()・cache_account_policy_set()・ldapsam_get_account_policy_from_ldap()・ldapsam_set_account_policy()・methods・ntstatus.
参照元 pdb_init_ldapsam_common().
03649 { 03650 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; 03651 03652 if (cache_account_policy_get(policy_index, value)) { 03653 DEBUG(11,("ldapsam_get_account_policy: got valid value from " 03654 "cache\n")); 03655 return NT_STATUS_OK; 03656 } 03657 03658 ntstatus = ldapsam_get_account_policy_from_ldap(methods, policy_index, 03659 value); 03660 if (NT_STATUS_IS_OK(ntstatus)) { 03661 goto update_cache; 03662 } 03663 03664 DEBUG(10,("ldapsam_get_account_policy: failed to retrieve from " 03665 "ldap\n")); 03666 03667 #if 0 03668 /* should we automagically migrate old tdb value here ? */ 03669 if (account_policy_get(policy_index, value)) 03670 goto update_ldap; 03671 03672 DEBUG(10,("ldapsam_get_account_policy: no tdb for %d, trying " 03673 "default\n", policy_index)); 03674 #endif 03675 03676 if (!account_policy_get_default(policy_index, value)) { 03677 return ntstatus; 03678 } 03679 03680 /* update_ldap: */ 03681 03682 ntstatus = ldapsam_set_account_policy(methods, policy_index, *value); 03683 if (!NT_STATUS_IS_OK(ntstatus)) { 03684 return ntstatus; 03685 } 03686 03687 update_cache: 03688 03689 if (!cache_account_policy_set(policy_index, *value)) { 03690 DEBUG(0,("ldapsam_get_account_policy: failed to update local " 03691 "tdb as a cache\n")); 03692 return NT_STATUS_UNSUCCESSFUL; 03693 } 03694 03695 return NT_STATUS_OK; 03696 }
static NTSTATUS ldapsam_lookup_rids | ( | struct pdb_methods * | methods, | |
const DOM_SID * | domain_sid, | |||
int | num_rids, | |||
uint32 * | rids, | |||
const char ** | names, | |||
enum lsa_SidType * | attrs | |||
) | [static] |
pdb_ldap.c の 3698 行で定義されています。
参照先 domain_sid・smbldap_state::ldap_struct・LDAP_SUCCESS・ldapsam_extract_rid_from_entry()・lp_ldap_group_suffix()・lp_ldap_user_suffix()・methods・name・sid_check_is_builtin()・sid_check_is_domain()・sid_compose()・SID_NAME_ALIAS・SID_NAME_DOM_GRP・SID_NAME_UNKNOWN・SID_NAME_USER・sid_string_static()・smbldap_search()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・talloc_asprintf()・talloc_asprintf_append()・talloc_autofree_ldapmsg()・talloc_strdup().
参照元 pdb_init_ldapsam().
03704 { 03705 struct ldapsam_privates *ldap_state = 03706 (struct ldapsam_privates *)methods->private_data; 03707 LDAPMessage *msg = NULL; 03708 LDAPMessage *entry; 03709 char *allsids = NULL; 03710 int i, rc, num_mapped; 03711 NTSTATUS result = NT_STATUS_NO_MEMORY; 03712 TALLOC_CTX *mem_ctx; 03713 LDAP *ld; 03714 BOOL is_builtin; 03715 03716 mem_ctx = talloc_new(NULL); 03717 if (mem_ctx == NULL) { 03718 DEBUG(0, ("talloc_new failed\n")); 03719 goto done; 03720 } 03721 03722 if (!sid_check_is_builtin(domain_sid) && 03723 !sid_check_is_domain(domain_sid)) { 03724 result = NT_STATUS_INVALID_PARAMETER; 03725 goto done; 03726 } 03727 03728 for (i=0; i<num_rids; i++) 03729 attrs[i] = SID_NAME_UNKNOWN; 03730 03731 allsids = talloc_strdup(mem_ctx, ""); 03732 if (allsids == NULL) { 03733 goto done; 03734 } 03735 03736 for (i=0; i<num_rids; i++) { 03737 DOM_SID sid; 03738 sid_compose(&sid, domain_sid, rids[i]); 03739 allsids = talloc_asprintf_append(allsids, "(sambaSid=%s)", 03740 sid_string_static(&sid)); 03741 if (allsids == NULL) { 03742 goto done; 03743 } 03744 } 03745 03746 /* First look for users */ 03747 03748 { 03749 char *filter; 03750 const char *ldap_attrs[] = { "uid", "sambaSid", NULL }; 03751 03752 filter = talloc_asprintf( 03753 mem_ctx, ("(&(objectClass=%s)(|%s))"), 03754 LDAP_OBJ_SAMBASAMACCOUNT, allsids); 03755 03756 if (filter == NULL) { 03757 goto done; 03758 } 03759 03760 rc = smbldap_search(ldap_state->smbldap_state, 03761 lp_ldap_user_suffix(), 03762 LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0, 03763 &msg); 03764 talloc_autofree_ldapmsg(mem_ctx, msg); 03765 } 03766 03767 if (rc != LDAP_SUCCESS) 03768 goto done; 03769 03770 ld = ldap_state->smbldap_state->ldap_struct; 03771 num_mapped = 0; 03772 03773 for (entry = ldap_first_entry(ld, msg); 03774 entry != NULL; 03775 entry = ldap_next_entry(ld, entry)) { 03776 uint32 rid; 03777 int rid_index; 03778 const char *name; 03779 03780 if (!ldapsam_extract_rid_from_entry(ld, entry, domain_sid, 03781 &rid)) { 03782 DEBUG(2, ("Could not find sid from ldap entry\n")); 03783 continue; 03784 } 03785 03786 name = smbldap_talloc_single_attribute(ld, entry, "uid", 03787 names); 03788 if (name == NULL) { 03789 DEBUG(2, ("Could not retrieve uid attribute\n")); 03790 continue; 03791 } 03792 03793 for (rid_index = 0; rid_index < num_rids; rid_index++) { 03794 if (rid == rids[rid_index]) 03795 break; 03796 } 03797 03798 if (rid_index == num_rids) { 03799 DEBUG(2, ("Got a RID not asked for: %d\n", rid)); 03800 continue; 03801 } 03802 03803 attrs[rid_index] = SID_NAME_USER; 03804 names[rid_index] = name; 03805 num_mapped += 1; 03806 } 03807 03808 if (num_mapped == num_rids) { 03809 /* No need to look for groups anymore -- we're done */ 03810 result = NT_STATUS_OK; 03811 goto done; 03812 } 03813 03814 /* Same game for groups */ 03815 03816 { 03817 char *filter; 03818 const char *ldap_attrs[] = { "cn", "displayName", "sambaSid", 03819 "sambaGroupType", NULL }; 03820 03821 filter = talloc_asprintf( 03822 mem_ctx, "(&(objectClass=%s)(|%s))", 03823 LDAP_OBJ_GROUPMAP, allsids); 03824 if (filter == NULL) { 03825 goto done; 03826 } 03827 03828 rc = smbldap_search(ldap_state->smbldap_state, 03829 lp_ldap_group_suffix(), 03830 LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0, 03831 &msg); 03832 talloc_autofree_ldapmsg(mem_ctx, msg); 03833 } 03834 03835 if (rc != LDAP_SUCCESS) 03836 goto done; 03837 03838 /* ldap_struct might have changed due to a reconnect */ 03839 03840 ld = ldap_state->smbldap_state->ldap_struct; 03841 03842 /* For consistency checks, we already checked we're only domain or builtin */ 03843 03844 is_builtin = sid_check_is_builtin(domain_sid); 03845 03846 for (entry = ldap_first_entry(ld, msg); 03847 entry != NULL; 03848 entry = ldap_next_entry(ld, entry)) 03849 { 03850 uint32 rid; 03851 int rid_index; 03852 const char *attr; 03853 enum lsa_SidType type; 03854 const char *dn = smbldap_talloc_dn(mem_ctx, ld, entry); 03855 03856 attr = smbldap_talloc_single_attribute(ld, entry, "sambaGroupType", 03857 mem_ctx); 03858 if (attr == NULL) { 03859 DEBUG(2, ("Could not extract type from ldap entry %s\n", 03860 dn)); 03861 continue; 03862 } 03863 03864 type = (enum lsa_SidType)atol(attr); 03865 03866 /* Consistency checks */ 03867 if ((is_builtin && (type != SID_NAME_ALIAS)) || 03868 (!is_builtin && ((type != SID_NAME_ALIAS) && 03869 (type != SID_NAME_DOM_GRP)))) { 03870 DEBUG(2, ("Rejecting invalid group mapping entry %s\n", dn)); 03871 } 03872 03873 if (!ldapsam_extract_rid_from_entry(ld, entry, domain_sid, 03874 &rid)) { 03875 DEBUG(2, ("Could not find sid from ldap entry %s\n", dn)); 03876 continue; 03877 } 03878 03879 attr = smbldap_talloc_single_attribute(ld, entry, "displayName", names); 03880 03881 if (attr == NULL) { 03882 DEBUG(10, ("Could not retrieve 'displayName' attribute from %s\n", 03883 dn)); 03884 attr = smbldap_talloc_single_attribute(ld, entry, "cn", names); 03885 } 03886 03887 if (attr == NULL) { 03888 DEBUG(2, ("Could not retrieve naming attribute from %s\n", 03889 dn)); 03890 continue; 03891 } 03892 03893 for (rid_index = 0; rid_index < num_rids; rid_index++) { 03894 if (rid == rids[rid_index]) 03895 break; 03896 } 03897 03898 if (rid_index == num_rids) { 03899 DEBUG(2, ("Got a RID not asked for: %d\n", rid)); 03900 continue; 03901 } 03902 03903 attrs[rid_index] = type; 03904 names[rid_index] = attr; 03905 num_mapped += 1; 03906 } 03907 03908 result = NT_STATUS_NONE_MAPPED; 03909 03910 if (num_mapped > 0) 03911 result = (num_mapped == num_rids) ? 03912 NT_STATUS_OK : STATUS_SOME_UNMAPPED; 03913 done: 03914 TALLOC_FREE(mem_ctx); 03915 return result; 03916 }
static char* get_ldap_filter | ( | TALLOC_CTX * | mem_ctx, | |
const char * | username | |||
) | [static] |
pdb_ldap.c の 3918 行で定義されています。
参照先 asprintf()・escape_ldap_string_alloc()・talloc_string_sub().
03919 { 03920 char *filter = NULL; 03921 char *escaped = NULL; 03922 char *result = NULL; 03923 03924 asprintf(&filter, "(&%s(objectclass=sambaSamAccount))", 03925 "(uid=%u)"); 03926 if (filter == NULL) goto done; 03927 03928 escaped = escape_ldap_string_alloc(username); 03929 if (escaped == NULL) goto done; 03930 03931 result = talloc_string_sub(mem_ctx, filter, "%u", username); 03932 03933 done: 03934 SAFE_FREE(filter); 03935 SAFE_FREE(escaped); 03936 03937 return result; 03938 }
const char** talloc_attrs | ( | TALLOC_CTX * | mem_ctx, | |
... | ||||
) |
pdb_ldap.c の 3940 行で定義されています。
参照先 talloc_free()・talloc_strdup().
参照元 ldapsam_search_grouptype()・ldapsam_search_users().
03941 { 03942 int i, num = 0; 03943 va_list ap; 03944 const char **result; 03945 03946 va_start(ap, mem_ctx); 03947 while (va_arg(ap, const char *) != NULL) 03948 num += 1; 03949 va_end(ap); 03950 03951 if ((result = TALLOC_ARRAY(mem_ctx, const char *, num+1)) == NULL) { 03952 return NULL; 03953 } 03954 03955 va_start(ap, mem_ctx); 03956 for (i=0; i<num; i++) { 03957 result[i] = talloc_strdup(result, va_arg(ap, const char*)); 03958 if (result[i] == NULL) { 03959 talloc_free(result); 03960 return NULL; 03961 } 03962 } 03963 va_end(ap); 03964 03965 result[num] = NULL; 03966 return result; 03967 }
static BOOL ldapsam_search_firstpage | ( | struct pdb_search * | search | ) | [static] |
pdb_ldap.c の 3989 行で定義されています。
参照先 ldap_search_state::attrs・ldap_search_state::attrsonly・ldap_search_state::base・ldap_search_state::connection・ldap_search_state::current_entry・ldap_search_state::entries・ldap_search_state::filter・smbldap_state::ldap_struct・LDAP_SUCCESS・smbldap_state::paged_results・ldap_search_state::pagedresults_cookie・pdb_search::private_data・ldap_search_state::scope・smbldap_search()・smbldap_search_paged().
参照元 ldapsam_search_grouptype()・ldapsam_search_users().
03990 { 03991 struct ldap_search_state *state = 03992 (struct ldap_search_state *)search->private_data; 03993 LDAP *ld; 03994 int rc = LDAP_OPERATIONS_ERROR; 03995 03996 state->entries = NULL; 03997 03998 if (state->connection->paged_results) { 03999 rc = smbldap_search_paged(state->connection, state->base, 04000 state->scope, state->filter, 04001 state->attrs, state->attrsonly, 04002 lp_ldap_page_size(), &state->entries, 04003 &state->pagedresults_cookie); 04004 } 04005 04006 if ((rc != LDAP_SUCCESS) || (state->entries == NULL)) { 04007 04008 if (state->entries != NULL) { 04009 /* Left over from unsuccessful paged attempt */ 04010 ldap_msgfree(state->entries); 04011 state->entries = NULL; 04012 } 04013 04014 rc = smbldap_search(state->connection, state->base, 04015 state->scope, state->filter, state->attrs, 04016 state->attrsonly, &state->entries); 04017 04018 if ((rc != LDAP_SUCCESS) || (state->entries == NULL)) 04019 return False; 04020 04021 /* Ok, the server was lying. It told us it could do paged 04022 * searches when it could not. */ 04023 state->connection->paged_results = False; 04024 } 04025 04026 ld = state->connection->ldap_struct; 04027 if ( ld == NULL) { 04028 DEBUG(5, ("Don't have an LDAP connection right after a " 04029 "search\n")); 04030 return False; 04031 } 04032 state->current_entry = ldap_first_entry(ld, state->entries); 04033 04034 if (state->current_entry == NULL) { 04035 ldap_msgfree(state->entries); 04036 state->entries = NULL; 04037 } 04038 04039 return True; 04040 }
static BOOL ldapsam_search_nextpage | ( | struct pdb_search * | search | ) | [static] |
pdb_ldap.c の 4042 行で定義されています。
参照先 ldap_search_state::attrs・ldap_search_state::attrsonly・ldap_search_state::base・ldap_search_state::connection・ldap_search_state::current_entry・ldap_search_state::entries・ldap_search_state::filter・smbldap_state::ldap_struct・LDAP_SUCCESS・smbldap_state::paged_results・ldap_search_state::pagedresults_cookie・pdb_search::private_data・ldap_search_state::scope・smbldap_search_paged().
参照元 ldapsam_search_next_entry().
04043 { 04044 struct ldap_search_state *state = 04045 (struct ldap_search_state *)search->private_data; 04046 int rc; 04047 04048 if (!state->connection->paged_results) { 04049 /* There is no next page when there are no paged results */ 04050 return False; 04051 } 04052 04053 rc = smbldap_search_paged(state->connection, state->base, 04054 state->scope, state->filter, state->attrs, 04055 state->attrsonly, lp_ldap_page_size(), 04056 &state->entries, 04057 &state->pagedresults_cookie); 04058 04059 if ((rc != LDAP_SUCCESS) || (state->entries == NULL)) 04060 return False; 04061 04062 state->current_entry = ldap_first_entry(state->connection->ldap_struct, state->entries); 04063 04064 if (state->current_entry == NULL) { 04065 ldap_msgfree(state->entries); 04066 state->entries = NULL; 04067 } 04068 04069 return True; 04070 }
static BOOL ldapsam_search_next_entry | ( | struct pdb_search * | search, | |
struct samr_displayentry * | entry | |||
) | [static] |
pdb_ldap.c の 4072 行で定義されています。
参照先 ldap_search_state::connection・ldap_search_state::current_entry・ldap_search_state::entries・ldap_search_state::ldap2displayentry・smbldap_state::ldap_struct・ldapsam_search_nextpage()・pdb_search::mem_ctx・ldap_search_state::pagedresults_cookie・pdb_search::private_data.
参照元 ldapsam_search_grouptype()・ldapsam_search_users().
04074 { 04075 struct ldap_search_state *state = 04076 (struct ldap_search_state *)search->private_data; 04077 BOOL result; 04078 04079 retry: 04080 if ((state->entries == NULL) && (state->pagedresults_cookie == NULL)) 04081 return False; 04082 04083 if ((state->entries == NULL) && 04084 !ldapsam_search_nextpage(search)) 04085 return False; 04086 04087 result = state->ldap2displayentry(state, search->mem_ctx, state->connection->ldap_struct, 04088 state->current_entry, entry); 04089 04090 if (!result) { 04091 char *dn; 04092 dn = ldap_get_dn(state->connection->ldap_struct, state->current_entry); 04093 DEBUG(5, ("Skipping entry %s\n", dn != NULL ? dn : "<NULL>")); 04094 if (dn != NULL) ldap_memfree(dn); 04095 } 04096 04097 state->current_entry = ldap_next_entry(state->connection->ldap_struct, state->current_entry); 04098 04099 if (state->current_entry == NULL) { 04100 ldap_msgfree(state->entries); 04101 state->entries = NULL; 04102 } 04103 04104 if (!result) goto retry; 04105 04106 return True; 04107 }
static void ldapsam_search_end | ( | struct pdb_search * | search | ) | [static] |
pdb_ldap.c の 4109 行で定義されています。
参照先 ldap_search_state::attrs・ldap_search_state::attrsonly・ldap_search_state::base・ldap_search_state::connection・ldap_search_state::current_entry・ldap_search_state::entries・ldap_search_state::filter・LDAP_SUCCESS・smbldap_state::paged_results・ldap_search_state::pagedresults_cookie・pdb_search::private_data・ldap_search_state::scope・smbldap_search_paged().
参照元 ldapsam_search_grouptype()・ldapsam_search_users().
04110 { 04111 struct ldap_search_state *state = 04112 (struct ldap_search_state *)search->private_data; 04113 int rc; 04114 04115 if (state->pagedresults_cookie == NULL) 04116 return; 04117 04118 if (state->entries != NULL) 04119 ldap_msgfree(state->entries); 04120 04121 state->entries = NULL; 04122 state->current_entry = NULL; 04123 04124 if (!state->connection->paged_results) 04125 return; 04126 04127 /* Tell the LDAP server we're not interested in the rest anymore. */ 04128 04129 rc = smbldap_search_paged(state->connection, state->base, state->scope, 04130 state->filter, state->attrs, 04131 state->attrsonly, 0, &state->entries, 04132 &state->pagedresults_cookie); 04133 04134 if (rc != LDAP_SUCCESS) 04135 DEBUG(5, ("Could not end search properly\n")); 04136 04137 return; 04138 }
static BOOL ldapuser2displayentry | ( | struct ldap_search_state * | state, | |
TALLOC_CTX * | mem_ctx, | |||
LDAP * | ld, | |||
LDAPMessage * | entry, | |||
struct samr_displayentry * | result | |||
) | [static] |
pdb_ldap.c の 4140 行で定義されています。
参照先 ldap_search_state::acct_flags・get_global_sam_sid()・pdb_decode_acct_ctrl()・pull_utf8_talloc()・result・sid_peek_check_rid()・sid_string_static()・string_to_sid().
04144 { 04145 char **vals; 04146 DOM_SID sid; 04147 uint32 acct_flags; 04148 04149 vals = ldap_get_values(ld, entry, "sambaAcctFlags"); 04150 if ((vals == NULL) || (vals[0] == NULL)) { 04151 DEBUG(5, ("\"sambaAcctFlags\" not found\n")); 04152 return False; 04153 } 04154 acct_flags = pdb_decode_acct_ctrl(vals[0]); 04155 ldap_value_free(vals); 04156 04157 if ((state->acct_flags != 0) && 04158 ((state->acct_flags & acct_flags) == 0)) 04159 return False; 04160 04161 result->acct_flags = acct_flags; 04162 result->account_name = ""; 04163 result->fullname = ""; 04164 result->description = ""; 04165 04166 vals = ldap_get_values(ld, entry, "uid"); 04167 if ((vals == NULL) || (vals[0] == NULL)) { 04168 DEBUG(5, ("\"uid\" not found\n")); 04169 return False; 04170 } 04171 pull_utf8_talloc(mem_ctx, 04172 CONST_DISCARD(char **, &result->account_name), 04173 vals[0]); 04174 ldap_value_free(vals); 04175 04176 vals = ldap_get_values(ld, entry, "displayName"); 04177 if ((vals == NULL) || (vals[0] == NULL)) 04178 DEBUG(8, ("\"displayName\" not found\n")); 04179 else 04180 pull_utf8_talloc(mem_ctx, 04181 CONST_DISCARD(char **, &result->fullname), 04182 vals[0]); 04183 ldap_value_free(vals); 04184 04185 vals = ldap_get_values(ld, entry, "description"); 04186 if ((vals == NULL) || (vals[0] == NULL)) 04187 DEBUG(8, ("\"description\" not found\n")); 04188 else 04189 pull_utf8_talloc(mem_ctx, 04190 CONST_DISCARD(char **, &result->description), 04191 vals[0]); 04192 ldap_value_free(vals); 04193 04194 if ((result->account_name == NULL) || 04195 (result->fullname == NULL) || 04196 (result->description == NULL)) { 04197 DEBUG(0, ("talloc failed\n")); 04198 return False; 04199 } 04200 04201 vals = ldap_get_values(ld, entry, "sambaSid"); 04202 if ((vals == NULL) || (vals[0] == NULL)) { 04203 DEBUG(0, ("\"objectSid\" not found\n")); 04204 return False; 04205 } 04206 04207 if (!string_to_sid(&sid, vals[0])) { 04208 DEBUG(0, ("Could not convert %s to SID\n", vals[0])); 04209 ldap_value_free(vals); 04210 return False; 04211 } 04212 ldap_value_free(vals); 04213 04214 if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid)) { 04215 DEBUG(0, ("sid %s does not belong to our domain\n", 04216 sid_string_static(&sid))); 04217 return False; 04218 } 04219 04220 return True; 04221 }
static BOOL ldapsam_search_users | ( | struct pdb_methods * | methods, | |
struct pdb_search * | search, | |||
uint32 | acct_flags | |||
) | [static] |
pdb_ldap.c の 4224 行で定義されています。
参照先 get_ldap_filter()・ldapsam_search_end()・ldapsam_search_firstpage()・ldapsam_search_next_entry()・ldapuser2displayentry()・lp_ldap_machine_suffix()・lp_ldap_user_suffix()・pdb_search::mem_ctx・methods・pdb_search::next_entry・pdb_search::private_data・pdb_search::search_end・ldapsam_privates::smbldap_state・talloc_attrs()・talloc_strdup().
参照元 pdb_init_ldapsam().
04227 { 04228 struct ldapsam_privates *ldap_state = 04229 (struct ldapsam_privates *)methods->private_data; 04230 struct ldap_search_state *state; 04231 04232 state = TALLOC_P(search->mem_ctx, struct ldap_search_state); 04233 if (state == NULL) { 04234 DEBUG(0, ("talloc failed\n")); 04235 return False; 04236 } 04237 04238 state->connection = ldap_state->smbldap_state; 04239 04240 if ((acct_flags != 0) && ((acct_flags & ACB_NORMAL) != 0)) 04241 state->base = lp_ldap_user_suffix(); 04242 else if ((acct_flags != 0) && 04243 ((acct_flags & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) != 0)) 04244 state->base = lp_ldap_machine_suffix(); 04245 else 04246 state->base = lp_ldap_suffix(); 04247 04248 state->acct_flags = acct_flags; 04249 state->base = talloc_strdup(search->mem_ctx, state->base); 04250 state->scope = LDAP_SCOPE_SUBTREE; 04251 state->filter = get_ldap_filter(search->mem_ctx, "*"); 04252 state->attrs = talloc_attrs(search->mem_ctx, "uid", "sambaSid", 04253 "displayName", "description", 04254 "sambaAcctFlags", NULL); 04255 state->attrsonly = 0; 04256 state->pagedresults_cookie = NULL; 04257 state->entries = NULL; 04258 state->ldap2displayentry = ldapuser2displayentry; 04259 04260 if ((state->filter == NULL) || (state->attrs == NULL)) { 04261 DEBUG(0, ("talloc failed\n")); 04262 return False; 04263 } 04264 04265 search->private_data = state; 04266 search->next_entry = ldapsam_search_next_entry; 04267 search->search_end = ldapsam_search_end; 04268 04269 return ldapsam_search_firstpage(search); 04270 }
static BOOL ldapgroup2displayentry | ( | struct ldap_search_state * | state, | |
TALLOC_CTX * | mem_ctx, | |||
LDAP * | ld, | |||
LDAPMessage * | entry, | |||
struct samr_displayentry * | result | |||
) | [static] |
pdb_ldap.c の 4272 行で定義されています。
参照先 get_global_sam_sid()・global_sid_Builtin・ldap_search_state::group_type・pull_utf8_talloc()・result・SID_NAME_ALIAS・SID_NAME_DOM_GRP・sid_peek_check_rid()・sid_string_static()・string_to_sid().
参照元 ldapsam_search_grouptype().
04276 { 04277 char **vals; 04278 DOM_SID sid; 04279 uint16 group_type; 04280 04281 result->account_name = ""; 04282 result->fullname = ""; 04283 result->description = ""; 04284 04285 04286 vals = ldap_get_values(ld, entry, "sambaGroupType"); 04287 if ((vals == NULL) || (vals[0] == NULL)) { 04288 DEBUG(5, ("\"sambaGroupType\" not found\n")); 04289 if (vals != NULL) { 04290 ldap_value_free(vals); 04291 } 04292 return False; 04293 } 04294 04295 group_type = atoi(vals[0]); 04296 04297 if ((state->group_type != 0) && 04298 ((state->group_type != group_type))) { 04299 ldap_value_free(vals); 04300 return False; 04301 } 04302 04303 ldap_value_free(vals); 04304 04305 /* display name is the NT group name */ 04306 04307 vals = ldap_get_values(ld, entry, "displayName"); 04308 if ((vals == NULL) || (vals[0] == NULL)) { 04309 DEBUG(8, ("\"displayName\" not found\n")); 04310 04311 /* fallback to the 'cn' attribute */ 04312 vals = ldap_get_values(ld, entry, "cn"); 04313 if ((vals == NULL) || (vals[0] == NULL)) { 04314 DEBUG(5, ("\"cn\" not found\n")); 04315 return False; 04316 } 04317 pull_utf8_talloc(mem_ctx, 04318 CONST_DISCARD(char **, &result->account_name), 04319 vals[0]); 04320 } 04321 else { 04322 pull_utf8_talloc(mem_ctx, 04323 CONST_DISCARD(char **, &result->account_name), 04324 vals[0]); 04325 } 04326 04327 ldap_value_free(vals); 04328 04329 vals = ldap_get_values(ld, entry, "description"); 04330 if ((vals == NULL) || (vals[0] == NULL)) 04331 DEBUG(8, ("\"description\" not found\n")); 04332 else 04333 pull_utf8_talloc(mem_ctx, 04334 CONST_DISCARD(char **, &result->description), 04335 vals[0]); 04336 ldap_value_free(vals); 04337 04338 if ((result->account_name == NULL) || 04339 (result->fullname == NULL) || 04340 (result->description == NULL)) { 04341 DEBUG(0, ("talloc failed\n")); 04342 return False; 04343 } 04344 04345 vals = ldap_get_values(ld, entry, "sambaSid"); 04346 if ((vals == NULL) || (vals[0] == NULL)) { 04347 DEBUG(0, ("\"objectSid\" not found\n")); 04348 if (vals != NULL) { 04349 ldap_value_free(vals); 04350 } 04351 return False; 04352 } 04353 04354 if (!string_to_sid(&sid, vals[0])) { 04355 DEBUG(0, ("Could not convert %s to SID\n", vals[0])); 04356 return False; 04357 } 04358 04359 ldap_value_free(vals); 04360 04361 switch (group_type) { 04362 case SID_NAME_DOM_GRP: 04363 case SID_NAME_ALIAS: 04364 04365 if (!sid_peek_check_rid(get_global_sam_sid(), &sid, &result->rid) 04366 && !sid_peek_check_rid(&global_sid_Builtin, &sid, &result->rid)) 04367 { 04368 DEBUG(0, ("%s is not in our domain\n", 04369 sid_string_static(&sid))); 04370 return False; 04371 } 04372 break; 04373 04374 default: 04375 DEBUG(0,("unkown group type: %d\n", group_type)); 04376 return False; 04377 } 04378 04379 return True; 04380 }
static BOOL ldapsam_search_grouptype | ( | struct pdb_methods * | methods, | |
struct pdb_search * | search, | |||
const DOM_SID * | sid, | |||
enum lsa_SidType | type | |||
) | [static] |
pdb_ldap.c の 4382 行で定義されています。
参照先 ldapgroup2displayentry()・ldapsam_search_end()・ldapsam_search_firstpage()・ldapsam_search_next_entry()・lp_ldap_group_suffix()・pdb_search::mem_ctx・methods・pdb_search::next_entry・pdb_search::private_data・pdb_search::search_end・sid_string_static()・ldapsam_privates::smbldap_state・talloc_asprintf()・talloc_attrs()・talloc_strdup().
参照元 ldapsam_search_aliases()・ldapsam_search_groups().
04386 { 04387 struct ldapsam_privates *ldap_state = 04388 (struct ldapsam_privates *)methods->private_data; 04389 struct ldap_search_state *state; 04390 04391 state = TALLOC_P(search->mem_ctx, struct ldap_search_state); 04392 if (state == NULL) { 04393 DEBUG(0, ("talloc failed\n")); 04394 return False; 04395 } 04396 04397 state->connection = ldap_state->smbldap_state; 04398 04399 state->base = talloc_strdup(search->mem_ctx, lp_ldap_group_suffix()); 04400 state->connection = ldap_state->smbldap_state; 04401 state->scope = LDAP_SCOPE_SUBTREE; 04402 state->filter = talloc_asprintf(search->mem_ctx, 04403 "(&(objectclass=sambaGroupMapping)" 04404 "(sambaGroupType=%d)(sambaSID=%s*))", 04405 type, sid_string_static(sid)); 04406 state->attrs = talloc_attrs(search->mem_ctx, "cn", "sambaSid", 04407 "displayName", "description", 04408 "sambaGroupType", NULL); 04409 state->attrsonly = 0; 04410 state->pagedresults_cookie = NULL; 04411 state->entries = NULL; 04412 state->group_type = type; 04413 state->ldap2displayentry = ldapgroup2displayentry; 04414 04415 if ((state->filter == NULL) || (state->attrs == NULL)) { 04416 DEBUG(0, ("talloc failed\n")); 04417 return False; 04418 } 04419 04420 search->private_data = state; 04421 search->next_entry = ldapsam_search_next_entry; 04422 search->search_end = ldapsam_search_end; 04423 04424 return ldapsam_search_firstpage(search); 04425 }
static BOOL ldapsam_search_groups | ( | struct pdb_methods * | methods, | |
struct pdb_search * | search | |||
) | [static] |
pdb_ldap.c の 4427 行で定義されています。
参照先 get_global_sam_sid()・ldapsam_search_grouptype()・methods・SID_NAME_DOM_GRP.
参照元 pdb_init_ldapsam().
04429 { 04430 return ldapsam_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP); 04431 }
static BOOL ldapsam_search_aliases | ( | struct pdb_methods * | methods, | |
struct pdb_search * | search, | |||
const DOM_SID * | sid | |||
) | [static] |
pdb_ldap.c の 4433 行で定義されています。
参照先 ldapsam_search_grouptype()・methods・SID_NAME_ALIAS.
参照元 pdb_init_ldapsam().
04436 { 04437 return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS); 04438 }
static BOOL ldapsam_rid_algorithm | ( | struct pdb_methods * | methods | ) | [static] |
static NTSTATUS ldapsam_get_new_rid | ( | struct ldapsam_privates * | priv, | |
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 4445 行で定義されています。
参照先 get_global_sam_name()・LDAP_SUCCESS・nt_errstr()・priv2ld()・smbldap_make_mod()・smbldap_modify()・smbldap_search_domain_info()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・status・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg().
参照元 ldapsam_new_rid_internal().
04447 { 04448 struct smbldap_state *smbldap_state = priv->smbldap_state; 04449 04450 LDAPMessage *result = NULL; 04451 LDAPMessage *entry = NULL; 04452 LDAPMod **mods = NULL; 04453 NTSTATUS status; 04454 char *value; 04455 int rc; 04456 uint32 nextRid = 0; 04457 const char *dn; 04458 04459 TALLOC_CTX *mem_ctx; 04460 04461 mem_ctx = talloc_new(NULL); 04462 if (mem_ctx == NULL) { 04463 DEBUG(0, ("talloc_new failed\n")); 04464 return NT_STATUS_NO_MEMORY; 04465 } 04466 04467 status = smbldap_search_domain_info(smbldap_state, &result, 04468 get_global_sam_name(), False); 04469 if (!NT_STATUS_IS_OK(status)) { 04470 DEBUG(3, ("Could not get domain info: %s\n", 04471 nt_errstr(status))); 04472 goto done; 04473 } 04474 04475 talloc_autofree_ldapmsg(mem_ctx, result); 04476 04477 entry = ldap_first_entry(priv2ld(priv), result); 04478 if (entry == NULL) { 04479 DEBUG(0, ("Could not get domain info entry\n")); 04480 status = NT_STATUS_INTERNAL_DB_CORRUPTION; 04481 goto done; 04482 } 04483 04484 /* Find the largest of the three attributes "sambaNextRid", 04485 "sambaNextGroupRid" and "sambaNextUserRid". I gave up on the 04486 concept of differentiating between user and group rids, and will 04487 use only "sambaNextRid" in the future. But for compatibility 04488 reasons I look if others have chosen different strategies -- VL */ 04489 04490 value = smbldap_talloc_single_attribute(priv2ld(priv), entry, 04491 "sambaNextRid", mem_ctx); 04492 if (value != NULL) { 04493 uint32 tmp = (uint32)strtoul(value, NULL, 10); 04494 nextRid = MAX(nextRid, tmp); 04495 } 04496 04497 value = smbldap_talloc_single_attribute(priv2ld(priv), entry, 04498 "sambaNextUserRid", mem_ctx); 04499 if (value != NULL) { 04500 uint32 tmp = (uint32)strtoul(value, NULL, 10); 04501 nextRid = MAX(nextRid, tmp); 04502 } 04503 04504 value = smbldap_talloc_single_attribute(priv2ld(priv), entry, 04505 "sambaNextGroupRid", mem_ctx); 04506 if (value != NULL) { 04507 uint32 tmp = (uint32)strtoul(value, NULL, 10); 04508 nextRid = MAX(nextRid, tmp); 04509 } 04510 04511 if (nextRid == 0) { 04512 nextRid = BASE_RID-1; 04513 } 04514 04515 nextRid += 1; 04516 04517 smbldap_make_mod(priv2ld(priv), entry, &mods, "sambaNextRid", 04518 talloc_asprintf(mem_ctx, "%d", nextRid)); 04519 talloc_autofree_ldapmod(mem_ctx, mods); 04520 04521 if ((dn = smbldap_talloc_dn(mem_ctx, priv2ld(priv), entry)) == NULL) { 04522 status = NT_STATUS_NO_MEMORY; 04523 goto done; 04524 } 04525 04526 rc = smbldap_modify(smbldap_state, dn, mods); 04527 04528 /* ACCESS_DENIED is used as a placeholder for "the modify failed, 04529 * please retry" */ 04530 04531 status = (rc == LDAP_SUCCESS) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; 04532 04533 done: 04534 if (NT_STATUS_IS_OK(status)) { 04535 *rid = nextRid; 04536 } 04537 04538 TALLOC_FREE(mem_ctx); 04539 return status; 04540 }
static NTSTATUS ldapsam_new_rid_internal | ( | struct pdb_methods * | methods, | |
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 4542 行で定義されています。
参照先 ldapsam_get_new_rid()・methods.
参照元 ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_new_rid().
04543 { 04544 int i; 04545 04546 for (i=0; i<10; i++) { 04547 NTSTATUS result = ldapsam_get_new_rid( 04548 (struct ldapsam_privates *)methods->private_data, rid); 04549 if (NT_STATUS_IS_OK(result)) { 04550 return result; 04551 } 04552 04553 if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) { 04554 return result; 04555 } 04556 04557 /* The ldap update failed (maybe a race condition), retry */ 04558 } 04559 04560 /* Tried 10 times, fail. */ 04561 return NT_STATUS_ACCESS_DENIED; 04562 }
static BOOL ldapsam_new_rid | ( | struct pdb_methods * | methods, | |
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 4564 行で定義されています。
参照先 ldapsam_new_rid_internal()・methods・result.
参照元 pdb_init_ldapsam_common().
04565 { 04566 NTSTATUS result = ldapsam_new_rid_internal(methods, rid); 04567 return NT_STATUS_IS_OK(result) ? True : False; 04568 }
static BOOL ldapsam_sid_to_id | ( | struct pdb_methods * | methods, | |
const DOM_SID * | sid, | |||
union unid_t * | id, | |||
enum lsa_SidType * | type | |||
) | [static] |
pdb_ldap.c の 4570 行で定義されています。
参照先 methods.
参照元 pdb_init_ldapsam().
04573 { 04574 struct ldapsam_privates *priv = 04575 (struct ldapsam_privates *)methods->private_data; 04576 char *filter; 04577 const char *attrs[] = { "sambaGroupType", "gidNumber", "uidNumber", 04578 NULL }; 04579 LDAPMessage *result = NULL; 04580 LDAPMessage *entry = NULL; 04581 BOOL ret = False; 04582 char *value; 04583 int rc; 04584 04585 TALLOC_CTX *mem_ctx; 04586 04587 mem_ctx = talloc_new(NULL); 04588 if (mem_ctx == NULL) { 04589 DEBUG(0, ("talloc_new failed\n")); 04590 return False; 04591 } 04592 04593 filter = talloc_asprintf(mem_ctx, 04594 "(&(sambaSid=%s)" 04595 "(|(objectClass=%s)(objectClass=%s)))", 04596 sid_string_static(sid), 04597 LDAP_OBJ_GROUPMAP, LDAP_OBJ_SAMBASAMACCOUNT); 04598 if (filter == NULL) { 04599 DEBUG(5, ("talloc_asprintf failed\n")); 04600 goto done; 04601 } 04602 04603 rc = smbldap_search_suffix(priv->smbldap_state, filter, 04604 attrs, &result); 04605 if (rc != LDAP_SUCCESS) { 04606 goto done; 04607 } 04608 talloc_autofree_ldapmsg(mem_ctx, result); 04609 04610 if (ldap_count_entries(priv2ld(priv), result) != 1) { 04611 DEBUG(10, ("Got %d entries, expected one\n", 04612 ldap_count_entries(priv2ld(priv), result))); 04613 goto done; 04614 } 04615 04616 entry = ldap_first_entry(priv2ld(priv), result); 04617 04618 value = smbldap_talloc_single_attribute(priv2ld(priv), entry, 04619 "sambaGroupType", mem_ctx); 04620 04621 if (value != NULL) { 04622 const char *gid_str; 04623 /* It's a group */ 04624 04625 gid_str = smbldap_talloc_single_attribute( 04626 priv2ld(priv), entry, "gidNumber", mem_ctx); 04627 if (gid_str == NULL) { 04628 DEBUG(1, ("%s has sambaGroupType but no gidNumber\n", 04629 smbldap_talloc_dn(mem_ctx, priv2ld(priv), 04630 entry))); 04631 goto done; 04632 } 04633 04634 id->gid = strtoul(gid_str, NULL, 10); 04635 *type = (enum lsa_SidType)strtoul(value, NULL, 10); 04636 ret = True; 04637 goto done; 04638 } 04639 04640 /* It must be a user */ 04641 04642 value = smbldap_talloc_single_attribute(priv2ld(priv), entry, 04643 "uidNumber", mem_ctx); 04644 if (value == NULL) { 04645 DEBUG(1, ("Could not find uidNumber in %s\n", 04646 smbldap_talloc_dn(mem_ctx, priv2ld(priv), entry))); 04647 goto done; 04648 } 04649 04650 id->uid = strtoul(value, NULL, 10); 04651 *type = SID_NAME_USER; 04652 04653 ret = True; 04654 done: 04655 TALLOC_FREE(mem_ctx); 04656 return ret; 04657 }
static NTSTATUS ldapsam_create_user | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
const char * | name, | |||
uint32 | acb_info, | |||
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 4673 行で定義されています。
参照先 ldapsam_privates::domain_name・element_is_set_or_changed()・escape_ldap_string_alloc()・escape_rdn_val_string_alloc()・flush_pwnam_cache()・get_global_sam_name()・get_global_sam_sid()・init_ldap_from_sam()・LDAP_SUCCESS・ldapsam_new_rid_internal()・lp_ldap_machine_suffix()・lp_ldap_user_suffix()・PDB_SET・pdb_set_acct_ctrl()・pdb_set_domain()・pdb_set_user_sid()・pdb_set_username()・priv2ld()・pdb_methods::private_data・samu_new()・ldapsam_privates::schema_ver・sid_compose()・sid_to_gid()・smbldap_add()・smbldap_modify()・smbldap_search_suffix()・smbldap_set_mod()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg()・talloc_strdup()・talloc_sub_specified()・username・winbind_allocate_uid().
参照元 pdb_init_ldapsam().
04676 { 04677 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 04678 LDAPMessage *entry = NULL; 04679 LDAPMessage *result = NULL; 04680 uint32 num_result; 04681 BOOL is_machine = False; 04682 BOOL add_posix = False; 04683 LDAPMod **mods = NULL; 04684 struct samu *user; 04685 char *filter; 04686 char *username; 04687 char *homedir; 04688 char *gidstr; 04689 char *uidstr; 04690 char *shell; 04691 const char *dn = NULL; 04692 DOM_SID group_sid; 04693 DOM_SID user_sid; 04694 gid_t gid = -1; 04695 uid_t uid = -1; 04696 NTSTATUS ret; 04697 int rc; 04698 04699 if (((acb_info & ACB_NORMAL) && name[strlen(name)-1] == '$') || 04700 acb_info & ACB_WSTRUST || 04701 acb_info & ACB_SVRTRUST || 04702 acb_info & ACB_DOMTRUST) { 04703 is_machine = True; 04704 } 04705 04706 username = escape_ldap_string_alloc(name); 04707 filter = talloc_asprintf(tmp_ctx, "(&(uid=%s)(objectClass=%s))", 04708 username, LDAP_OBJ_POSIXACCOUNT); 04709 SAFE_FREE(username); 04710 04711 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 04712 if (rc != LDAP_SUCCESS) { 04713 DEBUG(0,("ldapsam_create_user: ldap search failed!\n")); 04714 return NT_STATUS_UNSUCCESSFUL; 04715 } 04716 talloc_autofree_ldapmsg(tmp_ctx, result); 04717 04718 num_result = ldap_count_entries(priv2ld(ldap_state), result); 04719 04720 if (num_result > 1) { 04721 DEBUG (0, ("ldapsam_create_user: More than one user with name [%s] ?!\n", name)); 04722 return NT_STATUS_INTERNAL_DB_CORRUPTION; 04723 } 04724 04725 if (num_result == 1) { 04726 char *tmp; 04727 /* check if it is just a posix account. 04728 * or if there is a sid attached to this entry 04729 */ 04730 04731 entry = ldap_first_entry(priv2ld(ldap_state), result); 04732 if (!entry) { 04733 return NT_STATUS_UNSUCCESSFUL; 04734 } 04735 04736 tmp = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "sambaSID", tmp_ctx); 04737 if (tmp) { 04738 DEBUG (1, ("ldapsam_create_user: The user [%s] already exist!\n", name)); 04739 return NT_STATUS_USER_EXISTS; 04740 } 04741 04742 /* it is just a posix account, retrieve the dn for later use */ 04743 dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry); 04744 if (!dn) { 04745 DEBUG(0,("ldapsam_create_user: Out of memory!\n")); 04746 return NT_STATUS_NO_MEMORY; 04747 } 04748 } 04749 04750 if (num_result == 0) { 04751 add_posix = True; 04752 } 04753 04754 /* Create the basic samu structure and generate the mods for the ldap commit */ 04755 if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) { 04756 DEBUG(1, ("ldapsam_create_user: Could not allocate a new RID\n")); 04757 return ret; 04758 } 04759 04760 sid_compose(&user_sid, get_global_sam_sid(), *rid); 04761 04762 user = samu_new(tmp_ctx); 04763 if (!user) { 04764 DEBUG(1,("ldapsam_create_user: Unable to allocate user struct\n")); 04765 return NT_STATUS_NO_MEMORY; 04766 } 04767 04768 if (!pdb_set_username(user, name, PDB_SET)) { 04769 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04770 return NT_STATUS_UNSUCCESSFUL; 04771 } 04772 if (!pdb_set_domain(user, get_global_sam_name(), PDB_SET)) { 04773 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04774 return NT_STATUS_UNSUCCESSFUL; 04775 } 04776 if (is_machine) { 04777 if (acb_info & ACB_NORMAL) { 04778 if (!pdb_set_acct_ctrl(user, ACB_WSTRUST, PDB_SET)) { 04779 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04780 return NT_STATUS_UNSUCCESSFUL; 04781 } 04782 } else { 04783 if (!pdb_set_acct_ctrl(user, acb_info, PDB_SET)) { 04784 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04785 return NT_STATUS_UNSUCCESSFUL; 04786 } 04787 } 04788 } else { 04789 if (!pdb_set_acct_ctrl(user, ACB_NORMAL | ACB_DISABLED, PDB_SET)) { 04790 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04791 return NT_STATUS_UNSUCCESSFUL; 04792 } 04793 } 04794 04795 if (!pdb_set_user_sid(user, &user_sid, PDB_SET)) { 04796 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04797 return NT_STATUS_UNSUCCESSFUL; 04798 } 04799 04800 if (!init_ldap_from_sam(ldap_state, NULL, &mods, user, element_is_set_or_changed)) { 04801 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 04802 return NT_STATUS_UNSUCCESSFUL; 04803 } 04804 04805 if (ldap_state->schema_ver != SCHEMAVER_SAMBASAMACCOUNT) { 04806 DEBUG(1,("ldapsam_create_user: Unsupported schema version\n")); 04807 } 04808 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT); 04809 04810 if (add_posix) { 04811 char *escape_name; 04812 04813 DEBUG(3,("ldapsam_create_user: Creating new posix user\n")); 04814 04815 /* retrieve the Domain Users group gid */ 04816 if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS) || 04817 !sid_to_gid(&group_sid, &gid)) { 04818 DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n")); 04819 return NT_STATUS_INVALID_PRIMARY_GROUP; 04820 } 04821 04822 /* lets allocate a new userid for this user */ 04823 if (!winbind_allocate_uid(&uid)) { 04824 DEBUG (0, ("ldapsam_create_user: Unable to allocate a new user id: bailing out!\n")); 04825 return NT_STATUS_UNSUCCESSFUL; 04826 } 04827 04828 04829 if (is_machine) { 04830 /* TODO: choose a more appropriate default for machines */ 04831 homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid); 04832 shell = talloc_strdup(tmp_ctx, "/bin/false"); 04833 } else { 04834 homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid); 04835 shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid); 04836 } 04837 uidstr = talloc_asprintf(tmp_ctx, "%d", uid); 04838 gidstr = talloc_asprintf(tmp_ctx, "%d", gid); 04839 04840 escape_name = escape_rdn_val_string_alloc(name); 04841 if (!escape_name) { 04842 DEBUG (0, ("ldapsam_create_user: Out of memory!\n")); 04843 return NT_STATUS_NO_MEMORY; 04844 } 04845 04846 if (is_machine) { 04847 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ()); 04848 } else { 04849 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ()); 04850 } 04851 04852 SAFE_FREE(escape_name); 04853 04854 if (!homedir || !shell || !uidstr || !gidstr || !dn) { 04855 DEBUG (0, ("ldapsam_create_user: Out of memory!\n")); 04856 return NT_STATUS_NO_MEMORY; 04857 } 04858 04859 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT); 04860 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT); 04861 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name); 04862 smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr); 04863 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 04864 smbldap_set_mod(&mods, LDAP_MOD_ADD, "homeDirectory", homedir); 04865 smbldap_set_mod(&mods, LDAP_MOD_ADD, "loginShell", shell); 04866 } 04867 04868 talloc_autofree_ldapmod(tmp_ctx, mods); 04869 04870 if (add_posix) { 04871 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); 04872 } else { 04873 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 04874 } 04875 04876 if (rc != LDAP_SUCCESS) { 04877 DEBUG(0,("ldapsam_create_user: failed to create a new user [%s] (dn = %s)\n", name ,dn)); 04878 return NT_STATUS_UNSUCCESSFUL; 04879 } 04880 04881 DEBUG(2,("ldapsam_create_user: added account [%s] in the LDAP database\n", name)); 04882 04883 flush_pwnam_cache(); 04884 04885 return NT_STATUS_OK; 04886 }
static NTSTATUS ldapsam_delete_user | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
struct samu * | sam_acct | |||
) | [static] |
pdb_ldap.c の 4888 行で定義されています。
参照先 flush_pwnam_cache()・LDAP_SUCCESS・pdb_get_username()・priv2ld()・pdb_methods::private_data・smbldap_delete()・smbldap_search_suffix()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・talloc_asprintf()・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam().
04889 { 04890 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 04891 LDAPMessage *result = NULL; 04892 LDAPMessage *entry = NULL; 04893 int num_result; 04894 const char *dn; 04895 char *filter; 04896 int rc; 04897 04898 DEBUG(0,("ldapsam_delete_user: Attempt to delete user [%s]\n", pdb_get_username(sam_acct))); 04899 04900 filter = talloc_asprintf(tmp_ctx, 04901 "(&(uid=%s)" 04902 "(objectClass=%s)" 04903 "(objectClass=%s))", 04904 pdb_get_username(sam_acct), 04905 LDAP_OBJ_POSIXACCOUNT, 04906 LDAP_OBJ_SAMBASAMACCOUNT); 04907 if (filter == NULL) { 04908 return NT_STATUS_NO_MEMORY; 04909 } 04910 04911 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 04912 if (rc != LDAP_SUCCESS) { 04913 DEBUG(0,("ldapsam_delete_user: user search failed!\n")); 04914 return NT_STATUS_UNSUCCESSFUL; 04915 } 04916 talloc_autofree_ldapmsg(tmp_ctx, result); 04917 04918 num_result = ldap_count_entries(priv2ld(ldap_state), result); 04919 04920 if (num_result == 0) { 04921 DEBUG(0,("ldapsam_delete_user: user not found!\n")); 04922 return NT_STATUS_NO_SUCH_USER; 04923 } 04924 04925 if (num_result > 1) { 04926 DEBUG (0, ("ldapsam_delete_user: More than one user with name [%s] ?!\n", pdb_get_username(sam_acct))); 04927 return NT_STATUS_INTERNAL_DB_CORRUPTION; 04928 } 04929 04930 entry = ldap_first_entry(priv2ld(ldap_state), result); 04931 if (!entry) { 04932 return NT_STATUS_UNSUCCESSFUL; 04933 } 04934 04935 /* it is just a posix account, retrieve the dn for later use */ 04936 dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry); 04937 if (!dn) { 04938 DEBUG(0,("ldapsam_delete_user: Out of memory!\n")); 04939 return NT_STATUS_NO_MEMORY; 04940 } 04941 04942 rc = smbldap_delete(ldap_state->smbldap_state, dn); 04943 if (rc != LDAP_SUCCESS) { 04944 return NT_STATUS_UNSUCCESSFUL; 04945 } 04946 04947 flush_pwnam_cache(); 04948 04949 return NT_STATUS_OK; 04950 }
static NTSTATUS ldapsam_create_dom_group | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
const char * | name, | |||
uint32 * | rid | |||
) | [static] |
pdb_ldap.c の 4960 行で定義されています。
参照先 escape_ldap_string_alloc()・escape_rdn_val_string_alloc()・get_global_sam_sid()・LDAP_SUCCESS・ldapsam_new_rid_internal()・lp_ldap_group_suffix()・priv2ld()・pdb_methods::private_data・sid_compose()・SID_NAME_DOM_GRP・sid_string_static()・smbldap_add()・smbldap_modify()・smbldap_search_suffix()・smbldap_set_mod()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg()・talloc_strdup()・winbind_allocate_gid().
参照元 pdb_init_ldapsam().
04964 { 04965 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 04966 NTSTATUS ret; 04967 LDAPMessage *entry = NULL; 04968 LDAPMessage *result = NULL; 04969 uint32 num_result; 04970 BOOL is_new_entry = False; 04971 LDAPMod **mods = NULL; 04972 char *filter; 04973 char *groupsidstr; 04974 char *groupname; 04975 char *grouptype; 04976 char *gidstr; 04977 const char *dn = NULL; 04978 DOM_SID group_sid; 04979 gid_t gid = -1; 04980 int rc; 04981 04982 groupname = escape_ldap_string_alloc(name); 04983 filter = talloc_asprintf(tmp_ctx, "(&(cn=%s)(objectClass=%s))", 04984 groupname, LDAP_OBJ_POSIXGROUP); 04985 SAFE_FREE(groupname); 04986 04987 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 04988 if (rc != LDAP_SUCCESS) { 04989 DEBUG(0,("ldapsam_create_group: ldap search failed!\n")); 04990 return NT_STATUS_UNSUCCESSFUL; 04991 } 04992 talloc_autofree_ldapmsg(tmp_ctx, result); 04993 04994 num_result = ldap_count_entries(priv2ld(ldap_state), result); 04995 04996 if (num_result > 1) { 04997 DEBUG (0, ("ldapsam_create_group: There exists more than one group with name [%s]: bailing out!\n", name)); 04998 return NT_STATUS_INTERNAL_DB_CORRUPTION; 04999 } 05000 05001 if (num_result == 1) { 05002 char *tmp; 05003 /* check if it is just a posix group. 05004 * or if there is a sid attached to this entry 05005 */ 05006 05007 entry = ldap_first_entry(priv2ld(ldap_state), result); 05008 if (!entry) { 05009 return NT_STATUS_UNSUCCESSFUL; 05010 } 05011 05012 tmp = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "sambaSID", tmp_ctx); 05013 if (tmp) { 05014 DEBUG (1, ("ldapsam_create_group: The group [%s] already exist!\n", name)); 05015 return NT_STATUS_GROUP_EXISTS; 05016 } 05017 05018 /* it is just a posix group, retrieve the gid and the dn for later use */ 05019 tmp = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx); 05020 if (!tmp) { 05021 DEBUG (1, ("ldapsam_create_group: Couldn't retrieve the gidNumber for [%s]?!?!\n", name)); 05022 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05023 } 05024 05025 gid = strtoul(tmp, NULL, 10); 05026 05027 dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry); 05028 if (!dn) { 05029 DEBUG(0,("ldapsam_create_group: Out of memory!\n")); 05030 return NT_STATUS_NO_MEMORY; 05031 } 05032 } 05033 05034 if (num_result == 0) { 05035 char *escape_name; 05036 05037 DEBUG(3,("ldapsam_create_user: Creating new posix group\n")); 05038 05039 is_new_entry = True; 05040 05041 /* lets allocate a new groupid for this group */ 05042 if (!winbind_allocate_gid(&gid)) { 05043 DEBUG (0, ("ldapsam_create_group: Unable to allocate a new group id: bailing out!\n")); 05044 return NT_STATUS_UNSUCCESSFUL; 05045 } 05046 05047 gidstr = talloc_asprintf(tmp_ctx, "%d", gid); 05048 05049 escape_name = escape_rdn_val_string_alloc(name); 05050 if (!escape_name) { 05051 DEBUG (0, ("ldapsam_create_group: Out of memory!\n")); 05052 return NT_STATUS_NO_MEMORY; 05053 } 05054 05055 dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix()); 05056 05057 SAFE_FREE(escape_name); 05058 05059 if (!gidstr || !dn) { 05060 DEBUG (0, ("ldapsam_create_group: Out of memory!\n")); 05061 return NT_STATUS_NO_MEMORY; 05062 } 05063 05064 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_POSIXGROUP); 05065 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name); 05066 smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr); 05067 } 05068 05069 if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) { 05070 DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n")); 05071 return ret; 05072 } 05073 05074 sid_compose(&group_sid, get_global_sam_sid(), *rid); 05075 05076 groupsidstr = talloc_strdup(tmp_ctx, sid_string_static(&group_sid)); 05077 grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP); 05078 05079 if (!groupsidstr || !grouptype) { 05080 DEBUG(0,("ldapsam_create_group: Out of memory!\n")); 05081 return NT_STATUS_NO_MEMORY; 05082 } 05083 05084 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 05085 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr); 05086 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype); 05087 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name); 05088 talloc_autofree_ldapmod(tmp_ctx, mods); 05089 05090 if (is_new_entry) { 05091 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); 05092 #if 0 05093 if (rc == LDAP_OBJECT_CLASS_VIOLATION) { 05094 /* This call may fail with rfc2307bis schema */ 05095 /* Retry adding a structural class */ 05096 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "????"); 05097 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); 05098 } 05099 #endif 05100 } else { 05101 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 05102 } 05103 05104 if (rc != LDAP_SUCCESS) { 05105 DEBUG(0,("ldapsam_create_group: failed to create a new group [%s] (dn = %s)\n", name ,dn)); 05106 return NT_STATUS_UNSUCCESSFUL; 05107 } 05108 05109 DEBUG(2,("ldapsam_create_group: added group [%s] in the LDAP database\n", name)); 05110 05111 return NT_STATUS_OK; 05112 }
static NTSTATUS ldapsam_delete_dom_group | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
uint32 | rid | |||
) | [static] |
pdb_ldap.c の 5114 行で定義されています。
参照先 get_global_sam_sid()・LDAP_SUCCESS・priv2ld()・pdb_methods::private_data・sid_compose()・sid_string_static()・smbldap_delete()・smbldap_search_suffix()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・talloc_asprintf()・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam().
05115 { 05116 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 05117 LDAPMessage *result = NULL; 05118 LDAPMessage *entry = NULL; 05119 int num_result; 05120 const char *dn; 05121 char *gidstr; 05122 char *filter; 05123 DOM_SID group_sid; 05124 int rc; 05125 05126 /* get the group sid */ 05127 sid_compose(&group_sid, get_global_sam_sid(), rid); 05128 05129 filter = talloc_asprintf(tmp_ctx, 05130 "(&(sambaSID=%s)" 05131 "(objectClass=%s)" 05132 "(objectClass=%s))", 05133 sid_string_static(&group_sid), 05134 LDAP_OBJ_POSIXGROUP, 05135 LDAP_OBJ_GROUPMAP); 05136 if (filter == NULL) { 05137 return NT_STATUS_NO_MEMORY; 05138 } 05139 05140 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 05141 if (rc != LDAP_SUCCESS) { 05142 DEBUG(1,("ldapsam_delete_dom_group: group search failed!\n")); 05143 return NT_STATUS_UNSUCCESSFUL; 05144 } 05145 talloc_autofree_ldapmsg(tmp_ctx, result); 05146 05147 num_result = ldap_count_entries(priv2ld(ldap_state), result); 05148 05149 if (num_result == 0) { 05150 DEBUG(1,("ldapsam_delete_dom_group: group not found!\n")); 05151 return NT_STATUS_NO_SUCH_GROUP; 05152 } 05153 05154 if (num_result > 1) { 05155 DEBUG (0, ("ldapsam_delete_dom_group: More than one group with the same SID ?!\n")); 05156 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05157 } 05158 05159 entry = ldap_first_entry(priv2ld(ldap_state), result); 05160 if (!entry) { 05161 return NT_STATUS_UNSUCCESSFUL; 05162 } 05163 05164 /* here it is, retrieve the dn for later use */ 05165 dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry); 05166 if (!dn) { 05167 DEBUG(0,("ldapsam_delete_dom_group: Out of memory!\n")); 05168 return NT_STATUS_NO_MEMORY; 05169 } 05170 05171 gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx); 05172 if (!gidstr) { 05173 DEBUG (0, ("ldapsam_delete_dom_group: Unable to find the group's gid!\n")); 05174 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05175 } 05176 05177 /* check no user have this group marked as primary group */ 05178 filter = talloc_asprintf(tmp_ctx, 05179 "(&(gidNumber=%s)" 05180 "(objectClass=%s)" 05181 "(objectClass=%s))", 05182 gidstr, 05183 LDAP_OBJ_POSIXACCOUNT, 05184 LDAP_OBJ_SAMBASAMACCOUNT); 05185 05186 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 05187 if (rc != LDAP_SUCCESS) { 05188 DEBUG(1,("ldapsam_delete_dom_group: accounts search failed!\n")); 05189 return NT_STATUS_UNSUCCESSFUL; 05190 } 05191 talloc_autofree_ldapmsg(tmp_ctx, result); 05192 05193 num_result = ldap_count_entries(priv2ld(ldap_state), result); 05194 05195 if (num_result != 0) { 05196 DEBUG(3,("ldapsam_delete_dom_group: Can't delete group, it is a primary group for %d users\n", num_result)); 05197 return NT_STATUS_MEMBERS_PRIMARY_GROUP; 05198 } 05199 05200 rc = smbldap_delete(ldap_state->smbldap_state, dn); 05201 if (rc != LDAP_SUCCESS) { 05202 return NT_STATUS_UNSUCCESSFUL; 05203 } 05204 05205 return NT_STATUS_OK; 05206 }
static NTSTATUS ldapsam_change_groupmem | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
uint32 | group_rid, | |||
uint32 | member_rid, | |||
int | modop | |||
) | [static] |
pdb_ldap.c の 5208 行で定義されています。
参照先 get_global_sam_sid()・LDAP_SUCCESS・priv2ld()・pdb_methods::private_data・sid_compose()・sid_string_static()・sid_to_gid()・smbldap_modify()・smbldap_search_suffix()・smbldap_set_mod()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・smbldap_talloc_single_attribute()・talloc_asprintf()・talloc_autofree_ldapmod()・talloc_autofree_ldapmsg().
参照元 ldapsam_add_groupmem()・ldapsam_del_groupmem().
05213 { 05214 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 05215 LDAPMessage *entry = NULL; 05216 LDAPMessage *result = NULL; 05217 uint32 num_result; 05218 LDAPMod **mods = NULL; 05219 char *filter; 05220 char *uidstr; 05221 const char *dn = NULL; 05222 DOM_SID group_sid; 05223 DOM_SID member_sid; 05224 int rc; 05225 05226 switch (modop) { 05227 case LDAP_MOD_ADD: 05228 DEBUG(1,("ldapsam_change_groupmem: add new member(rid=%d) to a domain group(rid=%d)", member_rid, group_rid)); 05229 break; 05230 case LDAP_MOD_DELETE: 05231 DEBUG(1,("ldapsam_change_groupmem: delete member(rid=%d) from a domain group(rid=%d)", member_rid, group_rid)); 05232 break; 05233 default: 05234 return NT_STATUS_UNSUCCESSFUL; 05235 } 05236 05237 /* get member sid */ 05238 sid_compose(&member_sid, get_global_sam_sid(), member_rid); 05239 05240 /* get the group sid */ 05241 sid_compose(&group_sid, get_global_sam_sid(), group_rid); 05242 05243 filter = talloc_asprintf(tmp_ctx, 05244 "(&(sambaSID=%s)" 05245 "(objectClass=%s)" 05246 "(objectClass=%s))", 05247 sid_string_static(&member_sid), 05248 LDAP_OBJ_POSIXACCOUNT, 05249 LDAP_OBJ_SAMBASAMACCOUNT); 05250 if (filter == NULL) { 05251 return NT_STATUS_NO_MEMORY; 05252 } 05253 05254 /* get the member uid */ 05255 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 05256 if (rc != LDAP_SUCCESS) { 05257 DEBUG(1,("ldapsam_change_groupmem: member search failed!\n")); 05258 return NT_STATUS_UNSUCCESSFUL; 05259 } 05260 talloc_autofree_ldapmsg(tmp_ctx, result); 05261 05262 num_result = ldap_count_entries(priv2ld(ldap_state), result); 05263 05264 if (num_result == 0) { 05265 DEBUG(1,("ldapsam_change_groupmem: member not found!\n")); 05266 return NT_STATUS_NO_SUCH_MEMBER; 05267 } 05268 05269 if (num_result > 1) { 05270 DEBUG (0, ("ldapsam_change_groupmem: More than one account with the same SID ?!\n")); 05271 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05272 } 05273 05274 entry = ldap_first_entry(priv2ld(ldap_state), result); 05275 if (!entry) { 05276 return NT_STATUS_UNSUCCESSFUL; 05277 } 05278 05279 if (modop == LDAP_MOD_DELETE) { 05280 /* check if we are trying to remove the member from his primary group */ 05281 char *gidstr; 05282 gid_t user_gid, group_gid; 05283 05284 gidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "gidNumber", tmp_ctx); 05285 if (!gidstr) { 05286 DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's gid!\n")); 05287 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05288 } 05289 05290 user_gid = strtoul(gidstr, NULL, 10); 05291 05292 if (!sid_to_gid(&group_sid, &group_gid)) { 05293 DEBUG (0, ("ldapsam_change_groupmem: Unable to get group gid from SID!\n")); 05294 return NT_STATUS_UNSUCCESSFUL; 05295 } 05296 05297 if (user_gid == group_gid) { 05298 DEBUG (3, ("ldapsam_change_groupmem: can't remove user from it's own primary group!\n")); 05299 return NT_STATUS_MEMBERS_PRIMARY_GROUP; 05300 } 05301 } 05302 05303 /* here it is, retrieve the uid for later use */ 05304 uidstr = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "uid", tmp_ctx); 05305 if (!uidstr) { 05306 DEBUG (0, ("ldapsam_change_groupmem: Unable to find the member's name!\n")); 05307 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05308 } 05309 05310 filter = talloc_asprintf(tmp_ctx, 05311 "(&(sambaSID=%s)" 05312 "(objectClass=%s)" 05313 "(objectClass=%s))", 05314 sid_string_static(&group_sid), 05315 LDAP_OBJ_POSIXGROUP, 05316 LDAP_OBJ_GROUPMAP); 05317 05318 /* get the group */ 05319 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 05320 if (rc != LDAP_SUCCESS) { 05321 DEBUG(1,("ldapsam_change_groupmem: group search failed!\n")); 05322 return NT_STATUS_UNSUCCESSFUL; 05323 } 05324 talloc_autofree_ldapmsg(tmp_ctx, result); 05325 05326 num_result = ldap_count_entries(priv2ld(ldap_state), result); 05327 05328 if (num_result == 0) { 05329 DEBUG(1,("ldapsam_change_groupmem: group not found!\n")); 05330 return NT_STATUS_NO_SUCH_GROUP; 05331 } 05332 05333 if (num_result > 1) { 05334 DEBUG (0, ("ldapsam_change_groupmem: More than one group with the same SID ?!\n")); 05335 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05336 } 05337 05338 entry = ldap_first_entry(priv2ld(ldap_state), result); 05339 if (!entry) { 05340 return NT_STATUS_UNSUCCESSFUL; 05341 } 05342 05343 /* here it is, retrieve the dn for later use */ 05344 dn = smbldap_talloc_dn(tmp_ctx, priv2ld(ldap_state), entry); 05345 if (!dn) { 05346 DEBUG(0,("ldapsam_change_groupmem: Out of memory!\n")); 05347 return NT_STATUS_NO_MEMORY; 05348 } 05349 05350 smbldap_set_mod(&mods, modop, "memberUid", uidstr); 05351 05352 talloc_autofree_ldapmod(tmp_ctx, mods); 05353 05354 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 05355 if (rc != LDAP_SUCCESS) { 05356 if (rc == LDAP_TYPE_OR_VALUE_EXISTS && modop == LDAP_MOD_ADD) { 05357 DEBUG(1,("ldapsam_change_groupmem: member is already in group, add failed!\n")); 05358 return NT_STATUS_MEMBER_IN_GROUP; 05359 } 05360 if (rc == LDAP_NO_SUCH_ATTRIBUTE && modop == LDAP_MOD_DELETE) { 05361 DEBUG(1,("ldapsam_change_groupmem: member is not in group, delete failed!\n")); 05362 return NT_STATUS_MEMBER_NOT_IN_GROUP; 05363 } 05364 return NT_STATUS_UNSUCCESSFUL; 05365 } 05366 05367 return NT_STATUS_OK; 05368 }
static NTSTATUS ldapsam_add_groupmem | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
uint32 | group_rid, | |||
uint32 | member_rid | |||
) | [static] |
pdb_ldap.c の 5370 行で定義されています。
参照先 ldapsam_change_groupmem().
参照元 pdb_init_ldapsam().
05374 { 05375 return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_ADD); 05376 }
static NTSTATUS ldapsam_del_groupmem | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | tmp_ctx, | |||
uint32 | group_rid, | |||
uint32 | member_rid | |||
) | [static] |
pdb_ldap.c の 5377 行で定義されています。
参照先 ldapsam_change_groupmem().
参照元 pdb_init_ldapsam().
05381 { 05382 return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_DELETE); 05383 }
static NTSTATUS ldapsam_set_primary_group | ( | struct pdb_methods * | my_methods, | |
TALLOC_CTX * | mem_ctx, | |||
struct samu * | sampass | |||
) | [static] |
pdb_ldap.c の 5385 行で定義されています。
参照先 escape_ldap_string_alloc()・flush_pwnam_cache()・LDAP_SUCCESS・pdb_get_group_sid()・pdb_get_username()・priv2ld()・pdb_methods::private_data・sid_to_gid()・smbldap_make_mod()・smbldap_modify()・smbldap_search_suffix()・ldapsam_privates::smbldap_state・smbldap_talloc_dn()・talloc_asprintf()・talloc_autofree_ldapmsg().
参照元 pdb_init_ldapsam().
05388 { 05389 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 05390 LDAPMessage *entry = NULL; 05391 LDAPMessage *result = NULL; 05392 uint32 num_result; 05393 LDAPMod **mods = NULL; 05394 char *filter; 05395 char *escape_username; 05396 char *gidstr; 05397 const char *dn = NULL; 05398 gid_t gid; 05399 int rc; 05400 05401 DEBUG(0,("ldapsam_set_primary_group: Attempt to set primary group for user [%s]\n", pdb_get_username(sampass))); 05402 05403 if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) { 05404 DEBUG(0,("ldapsam_set_primary_group: failed to retieve gid from user's group SID!\n")); 05405 return NT_STATUS_UNSUCCESSFUL; 05406 } 05407 gidstr = talloc_asprintf(mem_ctx, "%d", gid); 05408 if (!gidstr) { 05409 DEBUG(0,("ldapsam_set_primary_group: Out of Memory!\n")); 05410 return NT_STATUS_NO_MEMORY; 05411 } 05412 05413 escape_username = escape_ldap_string_alloc(pdb_get_username(sampass)); 05414 if (escape_username== NULL) { 05415 return NT_STATUS_NO_MEMORY; 05416 } 05417 05418 filter = talloc_asprintf(mem_ctx, 05419 "(&(uid=%s)" 05420 "(objectClass=%s)" 05421 "(objectClass=%s))", 05422 escape_username, 05423 LDAP_OBJ_POSIXACCOUNT, 05424 LDAP_OBJ_SAMBASAMACCOUNT); 05425 05426 SAFE_FREE(escape_username); 05427 05428 if (filter == NULL) { 05429 return NT_STATUS_NO_MEMORY; 05430 } 05431 05432 rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL, &result); 05433 if (rc != LDAP_SUCCESS) { 05434 DEBUG(0,("ldapsam_set_primary_group: user search failed!\n")); 05435 return NT_STATUS_UNSUCCESSFUL; 05436 } 05437 talloc_autofree_ldapmsg(mem_ctx, result); 05438 05439 num_result = ldap_count_entries(priv2ld(ldap_state), result); 05440 05441 if (num_result == 0) { 05442 DEBUG(0,("ldapsam_set_primary_group: user not found!\n")); 05443 return NT_STATUS_NO_SUCH_USER; 05444 } 05445 05446 if (num_result > 1) { 05447 DEBUG (0, ("ldapsam_set_primary_group: More than one user with name [%s] ?!\n", pdb_get_username(sampass))); 05448 return NT_STATUS_INTERNAL_DB_CORRUPTION; 05449 } 05450 05451 entry = ldap_first_entry(priv2ld(ldap_state), result); 05452 if (!entry) { 05453 return NT_STATUS_UNSUCCESSFUL; 05454 } 05455 05456 /* retrieve the dn for later use */ 05457 dn = smbldap_talloc_dn(mem_ctx, priv2ld(ldap_state), entry); 05458 if (!dn) { 05459 DEBUG(0,("ldapsam_set_primary_group: Out of memory!\n")); 05460 return NT_STATUS_NO_MEMORY; 05461 } 05462 05463 /* remove the old one, and add the new one, this way we do not risk races */ 05464 smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "gidNumber", gidstr); 05465 05466 if (mods == NULL) { 05467 return NT_STATUS_OK; 05468 } 05469 05470 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); 05471 05472 if (rc != LDAP_SUCCESS) { 05473 DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group to [%s]\n", 05474 pdb_get_username(sampass), gidstr)); 05475 return NT_STATUS_UNSUCCESSFUL; 05476 } 05477 05478 flush_pwnam_cache(); 05479 05480 return NT_STATUS_OK; 05481 }
static void free_private_data | ( | void ** | vp | ) | [static] |
pdb_ldap.c の 5487 行で定義されています。
05488 { 05489 struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp; 05490 05491 smbldap_free_struct(&(*ldap_state)->smbldap_state); 05492 05493 if ((*ldap_state)->result != NULL) { 05494 ldap_msgfree((*ldap_state)->result); 05495 (*ldap_state)->result = NULL; 05496 } 05497 if ((*ldap_state)->domain_dn != NULL) { 05498 SAFE_FREE((*ldap_state)->domain_dn); 05499 } 05500 05501 *ldap_state = NULL; 05502 05503 /* No need to free any further, as it is talloc()ed */ 05504 }
static NTSTATUS pdb_init_ldapsam_common | ( | struct pdb_methods ** | pdb_method, | |
const char * | location | |||
) | [static] |
pdb_ldap.c の 5511 行で定義されています。
参照先 ldapsam_privates::domain_name・free_private_data()・get_global_sam_name()・ldapsam_add_group_mapping_entry()・ldapsam_add_sam_account()・ldapsam_delete_group_mapping_entry()・ldapsam_delete_sam_account()・ldapsam_endsampwent()・ldapsam_enum_group_mapping()・ldapsam_get_account_policy()・ldapsam_get_seq_num()・ldapsam_getgrgid()・ldapsam_getgrnam()・ldapsam_getgrsid()・ldapsam_getsampwent()・ldapsam_getsampwnam()・ldapsam_getsampwsid()・ldapsam_new_rid()・ldapsam_rename_sam_account()・ldapsam_rid_algorithm()・ldapsam_set_account_policy()・ldapsam_setsampwent()・ldapsam_update_group_mapping_entry()・ldapsam_update_sam_account()・make_pdb_method()・smbldap_init()・ldapsam_privates::smbldap_state・talloc_strdup().
参照元 pdb_init_ldapsam()・pdb_init_ldapsam_compat().
05512 { 05513 NTSTATUS nt_status; 05514 struct ldapsam_privates *ldap_state; 05515 05516 if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) { 05517 return nt_status; 05518 } 05519 05520 (*pdb_method)->name = "ldapsam"; 05521 05522 (*pdb_method)->setsampwent = ldapsam_setsampwent; 05523 (*pdb_method)->endsampwent = ldapsam_endsampwent; 05524 (*pdb_method)->getsampwent = ldapsam_getsampwent; 05525 (*pdb_method)->getsampwnam = ldapsam_getsampwnam; 05526 (*pdb_method)->getsampwsid = ldapsam_getsampwsid; 05527 (*pdb_method)->add_sam_account = ldapsam_add_sam_account; 05528 (*pdb_method)->update_sam_account = ldapsam_update_sam_account; 05529 (*pdb_method)->delete_sam_account = ldapsam_delete_sam_account; 05530 (*pdb_method)->rename_sam_account = ldapsam_rename_sam_account; 05531 05532 (*pdb_method)->getgrsid = ldapsam_getgrsid; 05533 (*pdb_method)->getgrgid = ldapsam_getgrgid; 05534 (*pdb_method)->getgrnam = ldapsam_getgrnam; 05535 (*pdb_method)->add_group_mapping_entry = ldapsam_add_group_mapping_entry; 05536 (*pdb_method)->update_group_mapping_entry = ldapsam_update_group_mapping_entry; 05537 (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; 05538 (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; 05539 05540 (*pdb_method)->get_account_policy = ldapsam_get_account_policy; 05541 (*pdb_method)->set_account_policy = ldapsam_set_account_policy; 05542 05543 (*pdb_method)->get_seq_num = ldapsam_get_seq_num; 05544 05545 (*pdb_method)->rid_algorithm = ldapsam_rid_algorithm; 05546 (*pdb_method)->new_rid = ldapsam_new_rid; 05547 05548 /* TODO: Setup private data and free */ 05549 05550 if ( !(ldap_state = TALLOC_ZERO_P(*pdb_method, struct ldapsam_privates)) ) { 05551 DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n")); 05552 return NT_STATUS_NO_MEMORY; 05553 } 05554 05555 nt_status = smbldap_init(*pdb_method, location, &ldap_state->smbldap_state); 05556 05557 if ( !NT_STATUS_IS_OK(nt_status) ) { 05558 return nt_status; 05559 } 05560 05561 if ( !(ldap_state->domain_name = talloc_strdup(*pdb_method, get_global_sam_name()) ) ) { 05562 return NT_STATUS_NO_MEMORY; 05563 } 05564 05565 (*pdb_method)->private_data = ldap_state; 05566 05567 (*pdb_method)->free_private_data = free_private_data; 05568 05569 return NT_STATUS_OK; 05570 }
NTSTATUS pdb_init_ldapsam_compat | ( | struct pdb_methods ** | pdb_method, | |
const char * | location | |||
) |
pdb_ldap.c の 5576 行で定義されています。
参照先 ldapsam_privates::domain_sid・get_global_sam_sid()・pdb_init_ldapsam_common()・ldapsam_privates::schema_ver・sid_copy()・talloc_strdup()・trim_char().
参照元 pdb_init_NDS_ldapsam_compat()・pdb_ldap_init().
05577 { 05578 NTSTATUS nt_status; 05579 struct ldapsam_privates *ldap_state; 05580 char *uri = talloc_strdup( NULL, location ); 05581 05582 trim_char( uri, '\"', '\"' ); 05583 nt_status = pdb_init_ldapsam_common( pdb_method, uri ); 05584 if ( uri ) 05585 TALLOC_FREE( uri ); 05586 05587 if ( !NT_STATUS_IS_OK(nt_status) ) { 05588 return nt_status; 05589 } 05590 05591 (*pdb_method)->name = "ldapsam_compat"; 05592 05593 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); 05594 ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT; 05595 05596 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 05597 05598 return NT_STATUS_OK; 05599 }
NTSTATUS pdb_init_ldapsam | ( | struct pdb_methods ** | pdb_method, | |
const char * | location | |||
) |
pdb_ldap.c の 5605 行で定義されています。
参照先 algorithmic_rid_base()・ldapsam_privates::domain_dn・ldapsam_privates::domain_name・ldapsam_privates::domain_sid・dominfo_attr_list・get_attr_key2string()・get_global_sam_sid()・get_userattr_key2string()・smbldap_state::ldap_struct・ldapsam_add_aliasmem()・ldapsam_add_groupmem()・ldapsam_alias_memberships()・ldapsam_create_dom_group()・ldapsam_create_user()・ldapsam_del_aliasmem()・ldapsam_del_groupmem()・ldapsam_delete_dom_group()・ldapsam_delete_user()・ldapsam_enum_aliasmem()・ldapsam_enum_group_members()・ldapsam_enum_group_memberships()・ldapsam_lookup_rids()・ldapsam_search_aliases()・ldapsam_search_groups()・ldapsam_search_users()・ldapsam_set_primary_group()・ldapsam_sid_to_id()・lp_parm_bool()・pdb_init_ldapsam_common()・ldapsam_privates::schema_ver・secrets_fetch_domain_sid()・secrets_store_domain_sid()・sid_copy()・sid_equal()・sid_to_string()・smb_xstrdup()・smbldap_get_dn()・smbldap_get_single_pstring()・smbldap_search_domain_info()・ldapsam_privates::smbldap_state・string_to_sid()・talloc_strdup()・trim_char().
参照元 pdb_init_NDS_ldapsam()・pdb_ldap_init().
05606 { 05607 NTSTATUS nt_status; 05608 struct ldapsam_privates *ldap_state; 05609 uint32 alg_rid_base; 05610 pstring alg_rid_base_string; 05611 LDAPMessage *result = NULL; 05612 LDAPMessage *entry = NULL; 05613 DOM_SID ldap_domain_sid; 05614 DOM_SID secrets_domain_sid; 05615 pstring domain_sid_string; 05616 char *dn; 05617 char *uri = talloc_strdup( NULL, location ); 05618 05619 trim_char( uri, '\"', '\"' ); 05620 nt_status = pdb_init_ldapsam_common(pdb_method, uri); 05621 if ( uri ) 05622 TALLOC_FREE( uri ); 05623 05624 if (!NT_STATUS_IS_OK(nt_status)) { 05625 return nt_status; 05626 } 05627 05628 (*pdb_method)->name = "ldapsam"; 05629 05630 (*pdb_method)->add_aliasmem = ldapsam_add_aliasmem; 05631 (*pdb_method)->del_aliasmem = ldapsam_del_aliasmem; 05632 (*pdb_method)->enum_aliasmem = ldapsam_enum_aliasmem; 05633 (*pdb_method)->enum_alias_memberships = ldapsam_alias_memberships; 05634 (*pdb_method)->search_users = ldapsam_search_users; 05635 (*pdb_method)->search_groups = ldapsam_search_groups; 05636 (*pdb_method)->search_aliases = ldapsam_search_aliases; 05637 05638 if (lp_parm_bool(-1, "ldapsam", "trusted", False)) { 05639 (*pdb_method)->enum_group_members = ldapsam_enum_group_members; 05640 (*pdb_method)->enum_group_memberships = 05641 ldapsam_enum_group_memberships; 05642 (*pdb_method)->lookup_rids = ldapsam_lookup_rids; 05643 (*pdb_method)->sid_to_id = ldapsam_sid_to_id; 05644 05645 if (lp_parm_bool(-1, "ldapsam", "editposix", False)) { 05646 (*pdb_method)->create_user = ldapsam_create_user; 05647 (*pdb_method)->delete_user = ldapsam_delete_user; 05648 (*pdb_method)->create_dom_group = ldapsam_create_dom_group; 05649 (*pdb_method)->delete_dom_group = ldapsam_delete_dom_group; 05650 (*pdb_method)->add_groupmem = ldapsam_add_groupmem; 05651 (*pdb_method)->del_groupmem = ldapsam_del_groupmem; 05652 (*pdb_method)->set_unix_primary_group = ldapsam_set_primary_group; 05653 } 05654 } 05655 05656 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); 05657 ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; 05658 05659 /* Try to setup the Domain Name, Domain SID, algorithmic rid base */ 05660 05661 nt_status = smbldap_search_domain_info(ldap_state->smbldap_state, 05662 &result, 05663 ldap_state->domain_name, True); 05664 05665 if ( !NT_STATUS_IS_OK(nt_status) ) { 05666 DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain " 05667 "info, nor add one to the domain\n")); 05668 DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, " 05669 "will be unable to allocate new users/groups, " 05670 "and will risk BDCs having inconsistant SIDs\n")); 05671 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 05672 return NT_STATUS_OK; 05673 } 05674 05675 /* Given that the above might fail, everything below this must be 05676 * optional */ 05677 05678 entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, 05679 result); 05680 if (!entry) { 05681 DEBUG(0, ("pdb_init_ldapsam: Could not get domain info " 05682 "entry\n")); 05683 ldap_msgfree(result); 05684 return NT_STATUS_UNSUCCESSFUL; 05685 } 05686 05687 dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); 05688 if (!dn) { 05689 ldap_msgfree(result); 05690 return NT_STATUS_UNSUCCESSFUL; 05691 } 05692 05693 ldap_state->domain_dn = smb_xstrdup(dn); 05694 ldap_memfree(dn); 05695 05696 if (smbldap_get_single_pstring( 05697 ldap_state->smbldap_state->ldap_struct, 05698 entry, 05699 get_userattr_key2string(ldap_state->schema_ver, 05700 LDAP_ATTR_USER_SID), 05701 domain_sid_string)) { 05702 BOOL found_sid; 05703 if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) { 05704 DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be " 05705 "read as a valid SID\n", domain_sid_string)); 05706 ldap_msgfree(result); 05707 return NT_STATUS_INVALID_PARAMETER; 05708 } 05709 found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, 05710 &secrets_domain_sid); 05711 if (!found_sid || !sid_equal(&secrets_domain_sid, 05712 &ldap_domain_sid)) { 05713 fstring new_sid_str, old_sid_str; 05714 DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain " 05715 "%s based on pdb_ldap results %s -> %s\n", 05716 ldap_state->domain_name, 05717 sid_to_string(old_sid_str, 05718 &secrets_domain_sid), 05719 sid_to_string(new_sid_str, 05720 &ldap_domain_sid))); 05721 05722 /* reset secrets.tdb sid */ 05723 secrets_store_domain_sid(ldap_state->domain_name, 05724 &ldap_domain_sid); 05725 DEBUG(1, ("New global sam SID: %s\n", 05726 sid_to_string(new_sid_str, 05727 get_global_sam_sid()))); 05728 } 05729 sid_copy(&ldap_state->domain_sid, &ldap_domain_sid); 05730 } 05731 05732 if (smbldap_get_single_pstring( 05733 ldap_state->smbldap_state->ldap_struct, 05734 entry, 05735 get_attr_key2string( dominfo_attr_list, 05736 LDAP_ATTR_ALGORITHMIC_RID_BASE ), 05737 alg_rid_base_string)) { 05738 alg_rid_base = (uint32)atol(alg_rid_base_string); 05739 if (alg_rid_base != algorithmic_rid_base()) { 05740 DEBUG(0, ("The value of 'algorithmic RID base' has " 05741 "changed since the LDAP\n" 05742 "database was initialised. Aborting. \n")); 05743 ldap_msgfree(result); 05744 return NT_STATUS_UNSUCCESSFUL; 05745 } 05746 } 05747 ldap_msgfree(result); 05748 05749 return NT_STATUS_OK; 05750 }
NTSTATUS pdb_ldap_init | ( | void | ) |
pdb_ldap.c の 5752 行で定義されています。
参照先 pdb_init_ldapsam()・pdb_init_ldapsam_compat()・pdb_nds_init()・smb_register_passdb().
05753 { 05754 NTSTATUS nt_status; 05755 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam))) 05756 return nt_status; 05757 05758 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat))) 05759 return nt_status; 05760 05761 /* Let pdb_nds register backends */ 05762 pdb_nds_init(); 05763 05764 return NT_STATUS_OK; 05765 }