ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, const char *container, const char *fullname) { TALLOC_CTX *ctx; ADS_MODLIST mods; ADS_STATUS status; const char *upn, *new_dn, *name, *controlstr; char *name_escaped = NULL; const char *objectClass[] = {"top", "person", "organizationalPerson", "user", NULL}; if (fullname && *fullname) name = fullname; else name = user; if (!(ctx = talloc_init("ads_add_user_acct"))) return ADS_ERROR(LDAP_NO_MEMORY); status = ADS_ERROR(LDAP_NO_MEMORY); if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->config.realm))) goto done; if (!(name_escaped = escape_rdn_val_string_alloc(name))) goto done; if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container, ads->config.bind_path))) goto done; if (!(controlstr = talloc_asprintf(ctx, "%u", (UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE)))) goto done; if (!(mods = ads_init_mods(ctx))) goto done; ads_mod_str(ctx, &mods, "cn", name); ads_mod_strlist(ctx, &mods, "objectClass", objectClass); ads_mod_str(ctx, &mods, "userPrincipalName", upn); ads_mod_str(ctx, &mods, "name", name); ads_mod_str(ctx, &mods, "displayName", name); ads_mod_str(ctx, &mods, "sAMAccountName", user); ads_mod_str(ctx, &mods, "userAccountControl", controlstr); status = ads_gen_add(ads, new_dn, mods); done: SAFE_FREE(name_escaped); talloc_destroy(ctx); return status; }
ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, const char *container, const char *comment) { TALLOC_CTX *ctx; ADS_MODLIST mods; ADS_STATUS status; char *new_dn; char *name_escaped = NULL; const char *objectClass[] = {"top", "group", NULL}; if (!(ctx = talloc_init("ads_add_group_acct"))) return ADS_ERROR(LDAP_NO_MEMORY); status = ADS_ERROR(LDAP_NO_MEMORY); if (!(name_escaped = escape_rdn_val_string_alloc(group))) goto done; if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container, ads->config.bind_path))) goto done; if (!(mods = ads_init_mods(ctx))) goto done; ads_mod_str(ctx, &mods, "cn", group); ads_mod_strlist(ctx, &mods, "objectClass",objectClass); ads_mod_str(ctx, &mods, "name", group); if (comment && *comment) ads_mod_str(ctx, &mods, "description", comment); ads_mod_str(ctx, &mods, "sAMAccountName", group); status = ads_gen_add(ads, new_dn, mods); done: SAFE_FREE(name_escaped); talloc_destroy(ctx); return status; }
static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, const char *domain_name) { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; int i, rc; uint32_t policy_default; const char *policy_attr = NULL; char *dn = NULL; LDAPMod **mods = NULL; char *escape_domain_name; DEBUG(3,("add_new_domain_account_policies: Adding new account policies for domain\n")); escape_domain_name = escape_rdn_val_string_alloc(domain_name); if (!escape_domain_name) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (asprintf(&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), escape_domain_name, lp_ldap_suffix(talloc_tos())) < 0) { SAFE_FREE(escape_domain_name); return NT_STATUS_NO_MEMORY; } SAFE_FREE(escape_domain_name); for (i=1; decode_account_policy_name(i) != NULL; i++) { char *val = NULL; policy_attr = get_account_policy_attr(i); if (!policy_attr) { DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n")); continue; } if (!account_policy_get_default(i, &policy_default)) { DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); SAFE_FREE(dn); return ntstatus; } DEBUG(10,("add_new_domain_account_policies: adding \"%s\" with value: %d\n", policy_attr, policy_default)); if (asprintf(&val, "%d", policy_default) < 0) { SAFE_FREE(dn); return NT_STATUS_NO_MEMORY; } smbldap_set_mod( &mods, LDAP_MOD_REPLACE, policy_attr, val); rc = smbldap_modify(ldap_state, dn, mods); SAFE_FREE(val); if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); DEBUG(1,("add_new_domain_account_policies: failed to add account policies to dn= %s with: %s\n\t%s\n", dn, ldap_err2string(rc), ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); SAFE_FREE(dn); ldap_mods_free(mods, True); return ntstatus; } } SAFE_FREE(dn); ldap_mods_free(mods, True); return NT_STATUS_OK; }
static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, const char *domain_name) { fstring sid_string; fstring algorithmic_rid_base_string; char *filter = NULL; char *dn = NULL; LDAPMod **mods = NULL; int rc; LDAPMessage *result = NULL; int num_result; const char **attr_list; char *escape_domain_name; /* escape for filter */ escape_domain_name = escape_ldap_string(talloc_tos(), domain_name); if (!escape_domain_name) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (asprintf(&filter, "(&(%s=%s)(objectclass=%s))", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), escape_domain_name, LDAP_OBJ_DOMINFO) < 0) { TALLOC_FREE(escape_domain_name); return NT_STATUS_NO_MEMORY; } TALLOC_FREE(escape_domain_name); attr_list = get_attr_list(NULL, dominfo_attr_list ); rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); TALLOC_FREE( attr_list ); SAFE_FREE(filter); if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; } num_result = ldap_count_entries(ldap_state->ldap_struct, result); if (num_result > 1) { DEBUG (0, ("add_new_domain_info: More than domain with that name exists: bailing " "out!\n")); ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } /* Check if we need to add an entry */ DEBUG(3,("add_new_domain_info: Adding new domain\n")); /* this time escape for DN */ escape_domain_name = escape_rdn_val_string_alloc(domain_name); if (!escape_domain_name) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (asprintf(&dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), escape_domain_name, lp_ldap_suffix(talloc_tos())) < 0) { SAFE_FREE(escape_domain_name); return NT_STATUS_NO_MEMORY; } SAFE_FREE(escape_domain_name); /* Free original search */ ldap_msgfree(result); /* make the changes - the entry *must* not already have samba * attributes */ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), domain_name); /* If we don't have an entry, then ask secrets.tdb for what it thinks. It may choose to make it up */ sid_to_fstring(sid_string, get_global_sam_sid()); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), algorithmic_rid_base_string); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); /* add the sambaNextUserRid attributes. */ { uint32_t rid = BASE_RID; fstring rid_str; fstr_sprintf( rid_str, "%i", rid ); DEBUG(10,("add_new_domain_info: setting next available user rid [%s]\n", rid_str)); smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), rid_str); } rc = smbldap_add(ldap_state, dn, mods); if (rc!=LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); DEBUG(1,("add_new_domain_info: failed to add domain dn= %s with: %s\n\t%s\n", dn, ldap_err2string(rc), ld_error?ld_error:"unknown")); SAFE_FREE(ld_error); SAFE_FREE(dn); ldap_mods_free(mods, True); return NT_STATUS_UNSUCCESSFUL; } DEBUG(2,("add_new_domain_info: added: domain = %s in the LDAP database\n", domain_name)); ldap_mods_free(mods, True); SAFE_FREE(dn); return NT_STATUS_OK; }
static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, ADS_STRUCT *ads, struct spoolss_PrinterInfo2 *pinfo2) { ADS_STATUS ads_rc; LDAPMessage *res; char *prt_dn = NULL, *srv_dn, *srv_cn_0, *srv_cn_escaped, *sharename_escaped; char *srv_dn_utf8, **srv_cn_utf8; TALLOC_CTX *ctx; ADS_MODLIST mods; const char *attrs[] = {"objectGUID", NULL}; struct GUID guid; WERROR win_rc = WERR_OK; size_t converted_size; const char *printer = pinfo2->sharename; /* build the ads mods */ ctx = talloc_init("nt_printer_publish_ads"); if (ctx == NULL) { return WERR_NOMEM; } DEBUG(5, ("publishing printer %s\n", printer)); /* figure out where to publish */ ads_find_machine_acct(ads, &res, lp_netbios_name()); /* We use ldap_get_dn here as we need the answer * in utf8 to call ldap_explode_dn(). JRA. */ srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); if (!srv_dn_utf8) { TALLOC_FREE(ctx); return WERR_SERVER_UNAVAILABLE; } ads_msgfree(ads, res); srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1); if (!srv_cn_utf8) { TALLOC_FREE(ctx); ldap_memfree(srv_dn_utf8); return WERR_SERVER_UNAVAILABLE; } /* Now convert to CH_UNIX. */ if (!pull_utf8_talloc(ctx, &srv_dn, srv_dn_utf8, &converted_size)) { TALLOC_FREE(ctx); ldap_memfree(srv_dn_utf8); ldap_memfree(srv_cn_utf8); return WERR_SERVER_UNAVAILABLE; } if (!pull_utf8_talloc(ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size)) { TALLOC_FREE(ctx); ldap_memfree(srv_dn_utf8); ldap_memfree(srv_cn_utf8); TALLOC_FREE(srv_dn); return WERR_SERVER_UNAVAILABLE; } ldap_memfree(srv_dn_utf8); ldap_memfree(srv_cn_utf8); srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0); if (!srv_cn_escaped) { TALLOC_FREE(ctx); return WERR_SERVER_UNAVAILABLE; } sharename_escaped = escape_rdn_val_string_alloc(printer); if (!sharename_escaped) { SAFE_FREE(srv_cn_escaped); TALLOC_FREE(ctx); return WERR_SERVER_UNAVAILABLE; } prt_dn = talloc_asprintf(ctx, "cn=%s-%s,%s", srv_cn_escaped, sharename_escaped, srv_dn); SAFE_FREE(srv_cn_escaped); SAFE_FREE(sharename_escaped); mods = ads_init_mods(ctx); if (mods == NULL) { SAFE_FREE(prt_dn); TALLOC_FREE(ctx); return WERR_NOMEM; } ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME, printer); /* publish it */ ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods); if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) { int i; for (i=0; mods[i] != 0; i++) ; mods[i] = (LDAPMod *)-1; ads_rc = ads_add_printer_entry(ads, prt_dn, ctx, &mods); } if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("error publishing %s: %s\n", printer, ads_errstr(ads_rc))); } /* retreive the guid and store it locally */ if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) { bool guid_ok; ZERO_STRUCT(guid); guid_ok = ads_pull_guid(ads, res, &guid); ads_msgfree(ads, res); if (guid_ok) { store_printer_guid(msg_ctx, printer, guid); } } TALLOC_FREE(ctx); return win_rc; }
static WERROR nt_printer_dn_lookup(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *printer, char **pprinter_dn) { char *printer_dn = NULL; char *srv_dn = NULL; char *srv_cn_0 = NULL; char *srv_cn_escaped = NULL; char *sharename_escaped = NULL; char *srv_dn_utf8 = NULL; char **srv_cn_utf8 = NULL; size_t converted_size; ADS_STATUS ads_status; LDAPMessage *res; WERROR result; bool ok; ads_status = ads_find_machine_acct(ads, &res, lp_netbios_name()); if (!ADS_ERR_OK(ads_status)) { DEBUG(2, ("Failed to find machine account for %s\n", lp_netbios_name())); result = WERR_NOT_FOUND; goto err_out; } /* * We use ldap_get_dn here as we need the answer in utf8 to call * ldap_explode_dn(). JRA. */ srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); ads_msgfree(ads, res); if (srv_dn_utf8 == NULL) { result = WERR_SERVER_UNAVAILABLE; goto err_out; } srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1); if (srv_cn_utf8 == NULL) { ldap_memfree(srv_dn_utf8); result = WERR_SERVER_UNAVAILABLE; goto err_out; } /* Now convert to CH_UNIX. */ ok = pull_utf8_talloc(mem_ctx, &srv_dn, srv_dn_utf8, &converted_size); ldap_memfree(srv_dn_utf8); if (!ok) { ldap_memfree(srv_cn_utf8); result = WERR_SERVER_UNAVAILABLE; goto err_out; } ok = pull_utf8_talloc(mem_ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size); ldap_memfree(srv_cn_utf8); if (!ok) { result = WERR_SERVER_UNAVAILABLE; goto err_out; } srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0); if (srv_cn_escaped == NULL) { result = WERR_SERVER_UNAVAILABLE; goto err_out; } sharename_escaped = escape_rdn_val_string_alloc(printer); if (sharename_escaped == NULL) { result = WERR_SERVER_UNAVAILABLE; goto err_out; } printer_dn = talloc_asprintf(mem_ctx, "cn=%s-%s,%s", srv_cn_escaped, sharename_escaped, srv_dn); if (printer_dn == NULL) { result = WERR_NOMEM; goto err_out; } *pprinter_dn = printer_dn; result = WERR_OK; err_out: SAFE_FREE(sharename_escaped); SAFE_FREE(srv_cn_escaped); TALLOC_FREE(srv_cn_0); TALLOC_FREE(srv_dn); return result; }