Merge tridge's fixes to pdb_ldap (don't look for number of results in a

failed query) and my fixes to those fixes to use better NT_STATUS codes.

Andrew Bartlett
(This used to be commit 6040171cabe3ca215149708a6244e24bc9c2c4fa)

source3/passdb/pdb_ldap.c

@@ -507,7 +507,10 @@ static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts
 }
 
 
-static int ldapsam_search(struct ldapsam_privates *ldap_state, const char *base, int scope, const char *filter, const char *attrs[], int attrsonly, LDAPMessage **res)
+static int ldapsam_search(struct ldapsam_privates *ldap_state, 
+			  const char *base, int scope, const char *filter, 
+			  const char *attrs[], int attrsonly, 
+			  LDAPMessage **res)
 {
 	int 		rc = LDAP_SERVER_DOWN;
 	int 		attempts = 0;
@@ -519,7 +522,8 @@ static int ldapsam_search(struct ldapsam_privates *ldap_state, const char *base,
 		if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
 			continue;
 		
-		rc = ldap_search_s(ldap_state->ldap_struct, base, scope, filter, attrs, attrsonly, res);
+		rc = ldap_search_s(ldap_state->ldap_struct, base, scope, 
+				   filter, attrs, attrsonly, res);
 	}
 	
 	if (rc == LDAP_SERVER_DOWN) {
@@ -1349,7 +1353,6 @@ static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32
 
 	if (ldapsam_search_one_user_by_rid(ldap_state, final_rid, &result) != LDAP_SUCCESS) {
 		DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
-		ldap_msgfree(result);
 		return 0;
 	}
 
@@ -1420,7 +1423,6 @@ static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state)
 		DEBUGADD(3, ("Query was: %s, %s\n", lp_ldap_suffix(), final_filter));
 
 		free(final_filter);
-		ldap_msgfree(result);
 		result = NULL;
 		return 0;
 	}
@@ -1558,20 +1560,20 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT
 	LDAPMessage *entry;
 
 	if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	}
 	if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
 		DEBUG(4,
 		      ("We don't find this user [%s] count=%d\n", sname,
 		       ldap_count_entries(ldap_state->ldap_struct, result)));
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	}
 	entry = ldap_first_entry(ldap_state->ldap_struct, result);
 	if (entry) {
 		if (!init_sam_from_ldap(ldap_state, user, entry)) {
 			DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
 			ldap_msgfree(result);
-			return NT_STATUS_UNSUCCESSFUL;
+			return NT_STATUS_NO_SUCH_USER;
 		}
 		ldap_msgfree(result);
 		ret = NT_STATUS_OK;
@@ -1587,19 +1589,20 @@ Get SAM_ACCOUNT entry from LDAP by rid
 static NTSTATUS ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *user, uint32 rid)
 {
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
+	struct ldapsam_privates *ldap_state = 
+		(struct ldapsam_privates *)my_methods->private_data;
 	LDAPMessage *result;
 	LDAPMessage *entry;
 
 	if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
 		DEBUG(4,
 		      ("We don't find this rid [%i] count=%d\n", rid,
 		       ldap_count_entries(ldap_state->ldap_struct, result)));
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	entry = ldap_first_entry(ldap_state->ldap_struct, result);
@@ -1607,7 +1610,7 @@ static NTSTATUS ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT
 		if (!init_sam_from_ldap(ldap_state, user, entry)) {
 			DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
 			ldap_msgfree(result);
-			return NT_STATUS_UNSUCCESSFUL;
+			return NT_STATUS_NO_SUCH_USER;
 		}
 		ldap_msgfree(result);
 		ret = NT_STATUS_OK;
@@ -1621,7 +1624,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
 {
 	uint32 rid;
 	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	return ldapsam_getsampwrid(my_methods, user, rid);
 }	
 
@@ -1731,7 +1734,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A
 
 	if (!sam_acct) {
 		DEBUG(0, ("sam_acct was NULL!\n"));
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	sname = pdb_get_username(sam_acct);
@@ -1739,10 +1742,14 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A
 	DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
 
 	rc = ldapsam_search_one_user_by_name(ldap_state, sname, &result);
+	if (rc != LDAP_SUCCESS) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
 	if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) {
 		DEBUG (0, ("User doesn't exit!\n"));
 		ldap_msgfree (result);
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	entry = ldap_first_entry (ldap_state->ldap_struct, result);
@@ -1758,7 +1765,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A
 		DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
 			sname, ldap_err2string (rc), ld_error));
 		free (ld_error);
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_CANNOT_DELETE;
 	}
 
 	DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
@@ -1790,6 +1797,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
 	}
 	
 	rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
+	if (rc != LDAP_SUCCESS) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
 	if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
 		DEBUG(0, ("No user to modify!\n"));
@@ -1835,10 +1845,13 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
 	const char *username = pdb_get_username(newpwd);
 	if (!username || !*username) {
 		DEBUG(0, ("Cannot add user without a username!\n"));
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	rc = ldapsam_search_one_user_by_name (ldap_state, username, &result);
+	if (rc != LDAP_SUCCESS) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
 	if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
 		DEBUG(0,("User already in the base, with samba properties\n"));
@@ -1849,6 +1862,10 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
 
 	slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
 	rc = ldapsam_search_one_user(ldap_state, filter, &result);
+	if (rc != LDAP_SUCCESS) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	num_result = ldap_count_entries(ldap_state->ldap_struct, result);
 	
 	if (num_result > 1) {
@@ -1890,7 +1907,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
 	if (mods == NULL) {
 		DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
 		return NT_STATUS_UNSUCCESSFUL;
-	}	
+	}
 	
 	make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");