static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, const char *domain_name) { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; int i, rc; uint32_t policy_default; const char *policy_attr = NULL; char *dn = NULL; LDAPMod **mods = NULL; char *escape_domain_name; DEBUG(3,("add_new_domain_account_policies: Adding new account policies for domain\n")); escape_domain_name = escape_rdn_val_string_alloc(domain_name); if (!escape_domain_name) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (asprintf(&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), escape_domain_name, lp_ldap_suffix(talloc_tos())) < 0) { SAFE_FREE(escape_domain_name); return NT_STATUS_NO_MEMORY; } SAFE_FREE(escape_domain_name); for (i=1; decode_account_policy_name(i) != NULL; i++) { char *val = NULL; policy_attr = get_account_policy_attr(i); if (!policy_attr) { DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n")); continue; } if (!account_policy_get_default(i, &policy_default)) { DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); SAFE_FREE(dn); return ntstatus; } DEBUG(10,("add_new_domain_account_policies: adding \"%s\" with value: %d\n", policy_attr, policy_default)); if (asprintf(&val, "%d", policy_default) < 0) { SAFE_FREE(dn); return NT_STATUS_NO_MEMORY; } smbldap_set_mod( &mods, LDAP_MOD_REPLACE, policy_attr, val); rc = smbldap_modify(ldap_state, dn, mods); SAFE_FREE(val); if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); DEBUG(1,("add_new_domain_account_policies: failed to add account policies to dn= %s with: %s\n\t%s\n", dn, ldap_err2string(rc), ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); SAFE_FREE(dn); ldap_mods_free(mods, True); return ntstatus; } } SAFE_FREE(dn); ldap_mods_free(mods, True); return NT_STATUS_OK; }
static NTSTATUS verify_idpool(struct idmap_domain *dom) { NTSTATUS ret; TALLOC_CTX *mem_ctx; LDAPMessage *result = NULL; LDAPMod **mods = NULL; const char **attr_list; char *filter; int count; int rc; struct idmap_ldap_context *ctx; ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); mem_ctx = talloc_new(ctx); if (mem_ctx == NULL) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } filter = talloc_asprintf(mem_ctx, "(objectclass=%s)", LDAP_OBJ_IDPOOL); CHECK_ALLOC_DONE(filter); attr_list = get_attr_list(mem_ctx, idpool_attr_list); CHECK_ALLOC_DONE(attr_list); rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); if (rc != LDAP_SUCCESS) { DEBUG(1, ("Unable to verify the idpool, " "cannot continue initialization!\n")); return NT_STATUS_UNSUCCESSFUL; } count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result); ldap_msgfree(result); if ( count > 1 ) { DEBUG(0,("Multiple entries returned from %s (base == %s)\n", filter, ctx->suffix)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } else if (count == 0) { char *uid_str, *gid_str; uid_str = talloc_asprintf(mem_ctx, "%lu", (unsigned long)dom->low_id); gid_str = talloc_asprintf(mem_ctx, "%lu", (unsigned long)dom->low_id); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDPOOL); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER), uid_str); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER), gid_str); if (mods) { rc = smbldap_modify(ctx->smbldap_state, ctx->suffix, mods); ldap_mods_free(mods, True); } else { ret = NT_STATUS_UNSUCCESSFUL; goto done; } } ret = (rc == LDAP_SUCCESS)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL; done: talloc_free(mem_ctx); return ret; }
static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom, struct unixid *xid) { TALLOC_CTX *mem_ctx; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; int rc = LDAP_SERVER_DOWN; int count = 0; LDAPMessage *result = NULL; LDAPMessage *entry = NULL; LDAPMod **mods = NULL; char *id_str; char *new_id_str; char *filter = NULL; const char *dn = NULL; const char **attr_list; const char *type; struct idmap_ldap_context *ctx; /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context); mem_ctx = talloc_new(ctx); if (!mem_ctx) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } /* get type */ switch (xid->type) { case ID_TYPE_UID: type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); break; default: DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type)); return NT_STATUS_INVALID_PARAMETER; } filter = talloc_asprintf(mem_ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL); CHECK_ALLOC_DONE(filter); attr_list = get_attr_list(mem_ctx, idpool_attr_list); CHECK_ALLOC_DONE(attr_list); DEBUG(10, ("Search of the id pool (filter: %s)\n", filter)); rc = smbldap_search(ctx->smbldap_state, ctx->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } smbldap_talloc_autofree_ldapmsg(mem_ctx, result); count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result); dn = smbldap_talloc_dn(mem_ctx, ctx->smbldap_state->ldap_struct, entry); if ( ! dn) { goto done; } id_str = smbldap_talloc_single_attribute( ctx->smbldap_state->ldap_struct, entry, type, mem_ctx); if (id_str == NULL) { DEBUG(0,("%s attribute not found\n", type)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } xid->id = strtoul(id_str, NULL, 10); /* make sure we still have room to grow */ switch (xid->type) { case ID_TYPE_UID: if (xid->id > dom->high_id) { DEBUG(0,("Cannot allocate uid above %lu!\n", (unsigned long)dom->high_id)); goto done; } break; case ID_TYPE_GID: if (xid->id > dom->high_id) { DEBUG(0,("Cannot allocate gid above %lu!\n", (unsigned long)dom->high_id)); goto done; } break; default: /* impossible */ goto done; } new_id_str = talloc_asprintf(mem_ctx, "%lu", (unsigned long)xid->id + 1); if ( ! new_id_str) { DEBUG(0,("Out of memory\n")); ret = NT_STATUS_NO_MEMORY; goto done; } smbldap_set_mod(&mods, LDAP_MOD_DELETE, type, id_str); smbldap_set_mod(&mods, LDAP_MOD_ADD, type, new_id_str); if (mods == NULL) { DEBUG(0,("smbldap_set_mod() failed.\n")); goto done; } DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n", id_str, new_id_str)); rc = smbldap_modify(ctx->smbldap_state, dn, mods); ldap_mods_free(mods, True); if (rc != LDAP_SUCCESS) { DEBUG(1,("Failed to allocate new %s. " "smbldap_modify() failed.\n", type)); goto done; } ret = NT_STATUS_OK; done: talloc_free(mem_ctx); return ret; }
static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid) { TALLOC_CTX *ctx; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; int rc = LDAP_SERVER_DOWN; int count = 0; LDAPMessage *result = NULL; LDAPMessage *entry = NULL; LDAPMod **mods = NULL; char *new_id_str; char *filter = NULL; const char *dn = NULL; const char **attr_list; const char *type; /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } if ( ! idmap_alloc_ldap) { return NT_STATUS_UNSUCCESSFUL; } ctx = talloc_new(idmap_alloc_ldap); if ( ! ctx) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } /* get type */ switch (xid->type) { case ID_TYPE_UID: type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); break; case ID_TYPE_GID: type = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); break; default: DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type)); return NT_STATUS_INVALID_PARAMETER; } filter = talloc_asprintf(ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL); CHECK_ALLOC_DONE(filter); attr_list = get_attr_list(ctx, idpool_attr_list); CHECK_ALLOC_DONE(attr_list); rc = smbldap_search(idmap_alloc_ldap->smbldap_state, idmap_alloc_ldap->suffix, LDAP_SCOPE_SUBTREE, filter, attr_list, 0, &result); if (rc != LDAP_SUCCESS) { DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } talloc_autofree_ldapmsg(ctx, result); count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct, result); if (count != 1) { DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL)); goto done; } entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct, result); dn = smbldap_talloc_dn(ctx, idmap_alloc_ldap->smbldap_state->ldap_struct, entry); if ( ! dn) { goto done; } new_id_str = talloc_asprintf(ctx, "%lu", (unsigned long)xid->id); if ( ! new_id_str) { DEBUG(0,("Out of memory\n")); ret = NT_STATUS_NO_MEMORY; goto done; } smbldap_set_mod(&mods, LDAP_MOD_REPLACE, type, new_id_str); if (mods == NULL) { DEBUG(0,("smbldap_set_mod() failed.\n")); goto done; } rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods); ldap_mods_free(mods, True); if (rc != LDAP_SUCCESS) { DEBUG(1,("Failed to allocate new %s. " "smbldap_modify() failed.\n", type)); goto done; } ret = NT_STATUS_OK; done: talloc_free(ctx); return ret; }