3 files changed, 79 insertions, 46 deletions
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index a043a355347..512735fdd8d 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -737,7 +737,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
 static void select_name(pstring string, const UNISTR2 *from)
 {
 	if (from->buffer != 0)
-		unistr2_to_ascii(string, from, sizeof(pstring));
+		unistr2_to_dos(string, from, sizeof(pstring));
 }
 
 /*************************************************************
@@ -900,7 +900,7 @@ account without a valid local system user.\n", user_name);
 		}
 
 		sam_pass = NULL;
-		if (!pdb_init_sam_pw(&sam_pass, pwd)) {
+		if (!pdb_init_sam_pw(&sam_pass, sys_getpwnam(user_name))) {
 			return False;
 		}
 
@@ -1729,7 +1729,8 @@ BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
 	 */
 	 
 	if ((pw=sys_getpwuid(uid)) == NULL)  {
-		DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid));
+		DEBUG(0,("pdb_getsampwuid: getpwuid(%u) return NULL. User does not exist in Unix accounts!\n",
+					(unsigned int)uid));
 		return False;
 	}
 	
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index a747ca40b1b..a214d51d14b 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -48,6 +48,10 @@
 #include <lber.h>
 #include <ldap.h>
 
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS LDAP_SUCCESS
+#endif
+
 #ifndef SAM_ACCOUNT
 #define SAM_ACCOUNT struct sam_passwd
 #endif
@@ -72,21 +76,40 @@ extern BOOL sam_logon_in_ssb;
 static BOOL ldap_open_connection (LDAP ** ldap_struct)
 {
 	int port;
-	int version, rc;
-	int tls = LDAP_OPT_X_TLS_HARD;
+	int version;
+	int tls;
+	uid_t uid = geteuid();
+	struct passwd* pass;
+	
+	DEBUG(5,("ldap_open_connection: starting...\n"));
+	/*
+	 * using sys_getpwnam() here since I'm assuming that the 
+ 	 * ldapsam is only used on a standalone server or PDC.
+	 * winbind not in the picture....
+	 */
 	
-	if (geteuid() != 0) {
-		DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n"));
+	if ( (pass=sys_getpwuid(uid)) == NULL ) {
+		DEBUG(0,("ldap_open_connection: Can't determine user of running process!\n"));
 		return False;
 	}
 
-	if (lp_ldap_ssl() == LDAP_SSL_ON && lp_ldap_port() == 389) {
-		port = 636;
+	/* check that the user is in the domain admin group for connecting */
+
+	if ( (uid != 0) && !user_in_list(pass->pw_name, lp_domain_admin_group()) ) {
+		DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root or a member of domain admin group..\n"));
+		return False;
 	}
-	else {
-		port = lp_ldap_port();
+
+	port = lp_ldap_port();
+	
+	/* remap default port is no SSL */
+	if ( (lp_ldap_ssl() == LDAP_SSL_OFF) && (lp_ldap_port() == 636) ) {
+		port = 389;
 	}
 
+	DEBUG(10,("Initializing connection to %s on port %d\n", 
+		lp_ldap_server(), port ));
+		
 	if ((*ldap_struct = ldap_init(lp_ldap_server(), port)) == NULL)	{
 		DEBUG(0, ("The LDAP server is not responding !\n"));
 		return False;
@@ -105,6 +128,7 @@ static BOOL ldap_open_connection (LDAP ** ldap_struct)
 	switch (lp_ldap_ssl())
 	{
 		case LDAP_SSL_START_TLS:
+#ifdef HAVE_LDAP_START_TLS_S
 			if (ldap_get_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, 
 				&version) == LDAP_OPT_SUCCESS)
 			{
@@ -122,13 +146,25 @@ static BOOL ldap_open_connection (LDAP ** ldap_struct)
 				return False;
 			}
 			DEBUG (2, ("StartTLS issued: using a TLS connection\n"));
+#else
+			DEBUG(0,("ldap_open_connection: StartTLS not supported by LDAP client libraries!\n"));
+                        return False;
+#endif
 			break;
 			
 		case LDAP_SSL_ON:
+#ifdef LDAP_OPT_X_TLS
+			tls = LDAP_OPT_X_TLS_HARD;
 			if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
 			{
 				DEBUG(0, ("Failed to setup a TLS session\n"));
 			}
+			
+			DEBUG(0,("LDAPS option set...!\n"));
+#else
+			DEBUG(0,("ldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
+			return False;
+#endif
 			break;
 			
 		case LDAP_SSL_OFF:
@@ -188,7 +224,7 @@ static int ldap_search_one_user (LDAP * ldap_struct, const char *filter, LDAPMes
 
 	DEBUG(2, ("ldap_search_one_user: searching for:[%s]\n", filter));
 
-	rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result);
+	rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, (char*)filter, NULL, 0, result);
 
 	if (rc != LDAP_SUCCESS)	{
 		DEBUG(0,("ldap_search_one_user: Problem during the LDAP search: %s\n", 
@@ -268,17 +304,17 @@ static int ldap_search_one_user_by_rid (LDAP * ldap_struct, uint32 rid,
 }
 
 /*******************************************************************
-search an attribute and return the first value found.
+ search an attribute and return the first value found.
+ the string in 'value' is unchanged if the attribute does not exist
 ******************************************************************/
+
 static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
 		     char *attribute, char *value)
 {
 	char **values;
 
 	if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
-		value = NULL;
-		DEBUG (2, ("get_single_attribute: [%s] = [<does not exist>]\n", attribute));
-		
+		DEBUG (2, ("get_single_attribute: [%s] = [<does not exist>]\n", attribute));	
 		return False;
 	}
 
@@ -290,10 +326,10 @@ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
 }
 
 /************************************************************************
-Routine to manage the LDAPMod structure array
-manage memory used by the array, by each struct, and values
-
+ Routine to manage the LDAPMod structure array
+ manage memory used by the array, by each struct, and values
 ************************************************************************/
+
 static void make_a_mod (LDAPMod *** modlist, int modop, char *attribute, char *value)
 {
 	LDAPMod **mods;
@@ -427,23 +463,31 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass,
 
 	pstrcpy(domain, lp_workgroup());
 
-	get_single_attribute(ldap_struct, entry, "pwdLastSet", temp);
-	pass_last_set_time = (time_t) atol(temp);
+	pass_last_set_time 	= TIME_T_MAX;
+	logon_time 		= TIME_T_MAX;
+	logoff_time 		= TIME_T_MAX;
+	kickoff_time 		= TIME_T_MAX;
+	pass_can_change_time 	= TIME_T_MAX;
+	pass_must_change_time 	= TIME_T_MAX;
+	
+
+	if (get_single_attribute(ldap_struct, entry, "pwdLastSet", temp))
+		pass_last_set_time = (time_t) atol(temp);
 
-	get_single_attribute(ldap_struct, entry, "logonTime", temp);
-	logon_time = (time_t) atol(temp);
+	if (get_single_attribute(ldap_struct, entry, "logonTime", temp))
+		logon_time = (time_t) atol(temp);
 
-	get_single_attribute(ldap_struct, entry, "logoffTime", temp);
-	logoff_time = (time_t) atol(temp);
+	if (get_single_attribute(ldap_struct, entry, "logoffTime", temp))
+		logoff_time = (time_t) atol(temp);
 
-	get_single_attribute(ldap_struct, entry, "kickoffTime", temp);
-	kickoff_time = (time_t) atol(temp);
+	if (get_single_attribute(ldap_struct, entry, "kickoffTime", temp))
+		kickoff_time = (time_t) atol(temp);
 
-	get_single_attribute(ldap_struct, entry, "pwdCanChange", temp);
-	pass_can_change_time = (time_t) atol(temp);
+	if (get_single_attribute(ldap_struct, entry, "pwdCanChange", temp))
+		pass_can_change_time = (time_t) atol(temp);
 
-	get_single_attribute(ldap_struct, entry, "pwdMustChange", temp);
-	pass_must_change_time = (time_t) atol(temp);
+	if (get_single_attribute(ldap_struct, entry, "pwdMustChange", temp))
+		pass_must_change_time = (time_t) atol(temp);
 
 	/* recommend that 'gecos' and 'displayName' should refer to the same
 	 * attribute OID.  userFullName depreciated, only used by Samba
diff --git a/source/passdb/pdb_nisplus.c b/source/passdb/pdb_nisplus.c
index 21be4b88fba..0bcae57c2b4 100644
--- a/source/passdb/pdb_nisplus.c
+++ b/source/passdb/pdb_nisplus.c
@@ -57,7 +57,7 @@ struct nisp_enum_info
 };
 
 static struct nisp_enum_info global_nisp_ent;
-static VOLATILE sig_atomic_t gotalarm;
+static SIG_ATOMIC_T gotalarm;
 
 /***************************************************************
 
@@ -130,19 +130,7 @@ static char *make_nisname_from_user_rid(uint32 rid, char *pfile)
 {
 	static pstring nisname;
 
-	slprintf(nisname, sizeof(nisname)-1, "[user_rid=%d]%s", rid, pfile);
-
-	return nisname;
-}
-
-/***************************************************************
- make_nisname_from_uid
- ****************************************************************/
-static char *make_nisname_from_uid(int uid, char *pfile)
-{
-	static pstring nisname;
-
-	slprintf(nisname, sizeof(nisname)-1, "[uid=%d]%s", uid, pfile);
+       slprintf(nisname, sizeof(nisname)-1, "[user_rid=%d],%s", rid, pfile);
 
 	return nisname;
 }
@@ -154,7 +142,7 @@ static char *make_nisname_from_name(char *user_name, char *pfile)
 {
 	static pstring nisname;
 
-	slprintf(nisname, sizeof(nisname)-1, "[name=%s]%s", user_name, pfile);
+       slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s", user_name, pfile);
 
 	return nisname;
 }