static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state,
const char *domain_name)
{
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
int i, rc;
uint32_t policy_default;
const char *policy_attr = NULL;
char *dn = NULL;
LDAPMod **mods = NULL;
char *escape_domain_name;
DEBUG(3,("add_new_domain_account_policies: Adding new account policies for domain\n"));
escape_domain_name = escape_rdn_val_string_alloc(domain_name);
if (!escape_domain_name) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (asprintf(&dn, "%s=%s,%s",
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
escape_domain_name, lp_ldap_suffix(talloc_tos())) < 0) {
SAFE_FREE(escape_domain_name);
return NT_STATUS_NO_MEMORY;
}
SAFE_FREE(escape_domain_name);
for (i=1; decode_account_policy_name(i) != NULL; i++) {
char *val = NULL;
policy_attr = get_account_policy_attr(i);
if (!policy_attr) {
DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n"));
continue;
}
if (!account_policy_get_default(i, &policy_default)) {
DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n"));
SAFE_FREE(dn);
return ntstatus;
}
DEBUG(10,("add_new_domain_account_policies: adding \"%s\" with value: %d\n", policy_attr, policy_default));
if (asprintf(&val, "%d", policy_default) < 0) {
SAFE_FREE(dn);
return NT_STATUS_NO_MEMORY;
}
smbldap_set_mod( &mods, LDAP_MOD_REPLACE, policy_attr, val);
rc = smbldap_modify(ldap_state, dn, mods);
SAFE_FREE(val);
if (rc!=LDAP_SUCCESS) {
char *ld_error = NULL;
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG(1,("add_new_domain_account_policies: failed to add account policies to dn= %s with: %s\n\t%s\n",
dn, ldap_err2string(rc),
ld_error ? ld_error : "unknown"));
SAFE_FREE(ld_error);
SAFE_FREE(dn);
ldap_mods_free(mods, True);
return ntstatus;
}
}
SAFE_FREE(dn);
ldap_mods_free(mods, True);
return NT_STATUS_OK;
}
static NTSTATUS verify_idpool(struct idmap_domain *dom)
{
NTSTATUS ret;
TALLOC_CTX *mem_ctx;
LDAPMessage *result = NULL;
LDAPMod **mods = NULL;
const char **attr_list;
char *filter;
int count;
int rc;
struct idmap_ldap_context *ctx;
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
mem_ctx = talloc_new(ctx);
if (mem_ctx == NULL) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
filter = talloc_asprintf(mem_ctx, "(objectclass=%s)", LDAP_OBJ_IDPOOL);
CHECK_ALLOC_DONE(filter);
attr_list = get_attr_list(mem_ctx, idpool_attr_list);
CHECK_ALLOC_DONE(attr_list);
rc = smbldap_search(ctx->smbldap_state,
ctx->suffix,
LDAP_SCOPE_SUBTREE,
filter,
attr_list,
0,
&result);
if (rc != LDAP_SUCCESS) {
DEBUG(1, ("Unable to verify the idpool, "
"cannot continue initialization!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result);
ldap_msgfree(result);
if ( count > 1 ) {
DEBUG(0,("Multiple entries returned from %s (base == %s)\n",
filter, ctx->suffix));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
else if (count == 0) {
char *uid_str, *gid_str;
uid_str = talloc_asprintf(mem_ctx, "%lu",
(unsigned long)dom->low_id);
gid_str = talloc_asprintf(mem_ctx, "%lu",
(unsigned long)dom->low_id);
smbldap_set_mod(&mods, LDAP_MOD_ADD,
"objectClass", LDAP_OBJ_IDPOOL);
smbldap_set_mod(&mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list,
LDAP_ATTR_UIDNUMBER),
uid_str);
smbldap_set_mod(&mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list,
LDAP_ATTR_GIDNUMBER),
gid_str);
if (mods) {
rc = smbldap_modify(ctx->smbldap_state,
ctx->suffix,
mods);
ldap_mods_free(mods, True);
} else {
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
}
ret = (rc == LDAP_SUCCESS)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
done:
talloc_free(mem_ctx);
return ret;
}
static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom,
struct unixid *xid)
{
TALLOC_CTX *mem_ctx;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
int rc = LDAP_SERVER_DOWN;
int count = 0;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
LDAPMod **mods = NULL;
char *id_str;
char *new_id_str;
char *filter = NULL;
const char *dn = NULL;
const char **attr_list;
const char *type;
struct idmap_ldap_context *ctx;
/* Only do query if we are online */
if (idmap_is_offline()) {
return NT_STATUS_FILE_IS_OFFLINE;
}
ctx = talloc_get_type(dom->private_data, struct idmap_ldap_context);
mem_ctx = talloc_new(ctx);
if (!mem_ctx) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
/* get type */
switch (xid->type) {
case ID_TYPE_UID:
type = get_attr_key2string(idpool_attr_list,
LDAP_ATTR_UIDNUMBER);
break;
case ID_TYPE_GID:
type = get_attr_key2string(idpool_attr_list,
LDAP_ATTR_GIDNUMBER);
break;
default:
DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
return NT_STATUS_INVALID_PARAMETER;
}
filter = talloc_asprintf(mem_ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
CHECK_ALLOC_DONE(filter);
attr_list = get_attr_list(mem_ctx, idpool_attr_list);
CHECK_ALLOC_DONE(attr_list);
DEBUG(10, ("Search of the id pool (filter: %s)\n", filter));
rc = smbldap_search(ctx->smbldap_state,
ctx->suffix,
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL));
goto done;
}
smbldap_talloc_autofree_ldapmsg(mem_ctx, result);
count = ldap_count_entries(ctx->smbldap_state->ldap_struct, result);
if (count != 1) {
DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL));
goto done;
}
entry = ldap_first_entry(ctx->smbldap_state->ldap_struct, result);
dn = smbldap_talloc_dn(mem_ctx,
ctx->smbldap_state->ldap_struct,
entry);
if ( ! dn) {
goto done;
}
id_str = smbldap_talloc_single_attribute(
ctx->smbldap_state->ldap_struct,
entry, type, mem_ctx);
if (id_str == NULL) {
DEBUG(0,("%s attribute not found\n", type));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
xid->id = strtoul(id_str, NULL, 10);
/* make sure we still have room to grow */
switch (xid->type) {
case ID_TYPE_UID:
if (xid->id > dom->high_id) {
DEBUG(0,("Cannot allocate uid above %lu!\n",
(unsigned long)dom->high_id));
goto done;
}
break;
case ID_TYPE_GID:
if (xid->id > dom->high_id) {
DEBUG(0,("Cannot allocate gid above %lu!\n",
(unsigned long)dom->high_id));
goto done;
}
break;
default:
/* impossible */
goto done;
}
new_id_str = talloc_asprintf(mem_ctx, "%lu", (unsigned long)xid->id + 1);
if ( ! new_id_str) {
DEBUG(0,("Out of memory\n"));
ret = NT_STATUS_NO_MEMORY;
goto done;
}
smbldap_set_mod(&mods, LDAP_MOD_DELETE, type, id_str);
smbldap_set_mod(&mods, LDAP_MOD_ADD, type, new_id_str);
if (mods == NULL) {
DEBUG(0,("smbldap_set_mod() failed.\n"));
goto done;
}
DEBUG(10, ("Try to atomically increment the id (%s -> %s)\n",
id_str, new_id_str));
rc = smbldap_modify(ctx->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
DEBUG(1,("Failed to allocate new %s. "
"smbldap_modify() failed.\n", type));
goto done;
}
ret = NT_STATUS_OK;
done:
talloc_free(mem_ctx);
return ret;
}
static NTSTATUS idmap_ldap_set_hwm(struct unixid *xid)
{
TALLOC_CTX *ctx;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
int rc = LDAP_SERVER_DOWN;
int count = 0;
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
LDAPMod **mods = NULL;
char *new_id_str;
char *filter = NULL;
const char *dn = NULL;
const char **attr_list;
const char *type;
/* Only do query if we are online */
if (idmap_is_offline()) {
return NT_STATUS_FILE_IS_OFFLINE;
}
if ( ! idmap_alloc_ldap) {
return NT_STATUS_UNSUCCESSFUL;
}
ctx = talloc_new(idmap_alloc_ldap);
if ( ! ctx) {
DEBUG(0, ("Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
/* get type */
switch (xid->type) {
case ID_TYPE_UID:
type = get_attr_key2string(idpool_attr_list,
LDAP_ATTR_UIDNUMBER);
break;
case ID_TYPE_GID:
type = get_attr_key2string(idpool_attr_list,
LDAP_ATTR_GIDNUMBER);
break;
default:
DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
return NT_STATUS_INVALID_PARAMETER;
}
filter = talloc_asprintf(ctx, "(objectClass=%s)", LDAP_OBJ_IDPOOL);
CHECK_ALLOC_DONE(filter);
attr_list = get_attr_list(ctx, idpool_attr_list);
CHECK_ALLOC_DONE(attr_list);
rc = smbldap_search(idmap_alloc_ldap->smbldap_state,
idmap_alloc_ldap->suffix,
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("%s object not found\n", LDAP_OBJ_IDPOOL));
goto done;
}
talloc_autofree_ldapmsg(ctx, result);
count = ldap_count_entries(idmap_alloc_ldap->smbldap_state->ldap_struct,
result);
if (count != 1) {
DEBUG(0,("Single %s object not found\n", LDAP_OBJ_IDPOOL));
goto done;
}
entry = ldap_first_entry(idmap_alloc_ldap->smbldap_state->ldap_struct,
result);
dn = smbldap_talloc_dn(ctx,
idmap_alloc_ldap->smbldap_state->ldap_struct,
entry);
if ( ! dn) {
goto done;
}
new_id_str = talloc_asprintf(ctx, "%lu", (unsigned long)xid->id);
if ( ! new_id_str) {
DEBUG(0,("Out of memory\n"));
ret = NT_STATUS_NO_MEMORY;
goto done;
}
smbldap_set_mod(&mods, LDAP_MOD_REPLACE, type, new_id_str);
if (mods == NULL) {
DEBUG(0,("smbldap_set_mod() failed.\n"));
goto done;
}
rc = smbldap_modify(idmap_alloc_ldap->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
DEBUG(1,("Failed to allocate new %s. "
"smbldap_modify() failed.\n", type));
goto done;
}
ret = NT_STATUS_OK;
done:
talloc_free(ctx);
return ret;
}
