summaryrefslogtreecommitdiff
path: root/source3/lib/smbldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6351: This is quite a large and intrusive patch, but there are not many ↵Volker Lendecke1-14/+144
pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-2/+5
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r6127: Eliminated all compiler warnings pertaining to mismatched ↵Derrell Lipman1-2/+2
"qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>, but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
2007-10-10r5565: fix breakage on gcc 2.96Gerald Carter1-1/+1
(This used to be commit 67f8a1e3bc545d4ebbe0f7d05ea16c6231f2e82c)
2007-10-10r5556: Fix the build on AIX.Günther Deschner1-4/+14
use AF_UNIX instead of AF_LOCAL (thanks to Doug VanLeuven <roamdad-at-sonic.net>) and make smbldap_open() a bit more readable. Guenther (This used to be commit 526d6a9493cd091f2a9b8e072f11e673133fe5c1)
2007-10-10r5522: Better handling of LDAP over IPC connections that have expired on theGünther Deschner1-4/+1
LDAP-Server. Guenther (This used to be commit 8017a7a150023dc3353181f7737b2363d38593fa)
2007-10-10r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke1-8/+8
*attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-87/+1
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4989: Display failed LDAP-server-uri.Günther Deschner1-1/+2
Guenther (This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-1/+87
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4840: * Add more generic root-dse inspection function to check for givenGünther Deschner1-0/+101
controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-1/+1
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4289: Close LDAP-Connection before retrying to open a new connection in theGünther Deschner1-0/+1
retry-loop. This fixes a deadlock-situation when ldapsam is used with the ldapi interface: getpeername won't fail while trying to detect dead connections on unix domain sockets. When the ldapi-connection was closed server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP connection. Guenther (This used to be commit ac8032bacff10451fa03f155d43f0d20389512fa)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-13/+12
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3563: During a typical logon a modern workstation makes a lot of anonymous ↵Volker Lendecke1-0/+4
session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
2007-10-10r2729: Fix ldapsam_compat homeDrive. Thanks to jason@env.leeds.ac.ukVolker Lendecke1-1/+1
Volker (This used to be commit ef057e9534cc3713d3bcd7427cf34c74f7e3ea13)
2007-10-10r2444: Based on jmcd's patch, implement special lists for the ldap user ↵Volker Lendecke1-0/+48
attributes to delete. Richard, IMHO this is the better solution to the problem you currently have. Please review. Thanks, Volker (This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4)
2007-10-10r2258: Attempt to fix Bug 1715. Not sure if all of ldapsam_compat works now, ↵Volker Lendecke1-0/+7
but this definitely fixes two segfaults. Volker (This used to be commit 270740189995c56c4d0341aeded364efffec86f2)
2007-10-10r1810: Patch from Richard Renard <rrenard@idealx.com> to storeJeremy Allison1-0/+1
logon hours attributes in an LDAP database. Jeremy. (This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af)
2007-10-10r1588: This is one of the more pathetic patches I ever checked in. Many hours ofVolker Lendecke1-95/+72
coding have passed, but I could not find a way to get the OpenLDAP libraries to reliably time out on any of the queries we make, *and* get correct error returns. No, async calls and ldap_result does NOT work, or I was simply too stupid to correctly interpret the OpenLDAP manpage and source. We can not allow to hang indefinitely in an ldap query, especially not for winbindd. "ldap timeout" now specifies the overall timeout for the complete operation, that's why I increased that to 15 seconds. Volker (This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd)
2007-10-10r1392: Added password history code to tdbsam backend. Not yet tested (ie. mayJeremy Allison1-1/+1
core dump) but compiles and links correctly. I will run the full set of tests on the ldap sam and the tdb sam for password history tomorrow. Jeremy. (This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-13/+11
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2007-10-10r1325: Always use GetTimeOfDay() (wrapper). Ensure ldap replicationJeremy Allison1-12/+11
sleep time is not more than 5 seconds. Should fix issue reported by Chris Garrigues <cwg@deepeddy.com>. Jeremy. (This used to be commit fbc06831d3a7e8645409158ee1ae1f9f192913a7)
2007-10-10r1317: Patch from Joe Meadows "Joe Meadows" <jameadows@webopolis.com> toJeremy Allison1-1/+1
add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+2
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r53: Remove modifyTimestamp from list of our attributes. We just check it forJim McDonough1-1/+0
cache entry time comparisons in password lockout. Fixes problems where pdb_ldap tries to delete the operational attribute modifyTimestamp when deleting a user account. (This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
2004-03-18Password lockout for LDAP backend. Caches autolock flag, bad count, andJim McDonough1-0/+2
bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
2004-03-11Restore the contract on all convert_stringXX() interfaces. Add a ↵Jeremy Allison1-1/+1
"allow_bad_conv" boolean parameter that allows broken iconv conversions to work. Gets rid of the nasty errno checks in mangle_hash2 and check_path_syntax and allows correct return code checking. Jeremy. (This used to be commit 7b96765c23637613f079d37566d95d5edd511f05)
2004-03-11Get MungedDial actually working with full TS strings in it for pdb_ldap.Jim McDonough1-4/+13
I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
2004-03-07Fix typo.Tim Potter1-1/+1
(This used to be commit e6e8b59f53d5ac618dcec13a46c356f0abe5950a)
2004-02-23Janitor for tpot...bugzilla #1098, msleep already exists on aixJim McDonough1-2/+2
(This used to be commit 4319df7fdc2d878c509381923cc1db4d731620ba)
2004-02-23Add bad password count/time attributesJim McDonough1-0/+2
(This used to be commit 003318939f7e476f5f2a5f345e8a81a228fc89a7)
2004-02-08Another static function.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 128c328ddbc9f2283badde95ce743e696f94f6a4)
2004-01-25Fix removal of attributes in LDAP - we would not actually remove the oldAndrew Bartlett1-16/+16
value in the previous code. Andrew Bartlett (This used to be commit c97d3eb1622ee25c24b0cd81b65ec7d4b854e604)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter1-4/+9
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
2003-12-31auth/auth_util.c:Andrew Bartlett1-1/+1
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. Andrew Bartlett (This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
2003-12-26Based on patch by Petri Asikainen <paca@sci.fi> fix bug #387 and #330.Andrew Bartlett1-14/+15
This patch will change order how attributes are modified from: add, delete to: delete, add This is needed to update single valued attributes in Novell NDS and should not harm anyone else. (This used to be commit fabf80169079483a1378aa0177d8d8335bd98bb3)
2003-12-25ldap rebind sleep -> ldap replication sleepAndrew Bartlett1-1/+1
While writing documentation for metze's patch, it became clear that this is a better name. Andrew Bartlett (This used to be commit 6f828ff3d3622c56ee732b976e7ab90b7897a8d3)
2003-12-25This is metze's LDAP rebind sleep patch:Volker Lendecke1-0/+28
When smb.conf tells us to write to a read-only LDAP replica and we are redirected by the LDAP server, the replication might take some seconds, especially over slow links. This patch delays the next read after a rebind for 'ldap rebind sleep' milliseconds. Metze, thanks for your patience. Volker (This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc)
2003-12-25Fix our parsing of the LDAP url. We get around it as all decent systems seemVolker Lendecke1-1/+1
to have ldap_initialize. Thanks to abartlet for the fix (and the bug in the first place ;-)) Volker (This used to be commit 17473a65eb119ca2240b40a8c029d9a499cde177)
2003-12-04support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800Gerald Carter1-0/+1
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
2003-10-29Fixes to check for wraps which could cause coredumps.Jeremy Allison1-0/+1
Jeremy. (This used to be commit ad06edd1bb58cc5e2c38a364b1af96a933b770af)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-2/+2
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-09-15This ldap_value_free() looks like it was part of Jeremy's recent rampageTim Potter1-2/+0
so I'm putting it back in. (This used to be commit ec49fc8ab73b26f86da155475df90843650f0e63)
2003-09-15I think this is a bugfix that somehow was dropped from the 3.0 tree.Tim Potter1-0/+2
(This used to be commit 299eb0abd36072af51cbcb761fa9fb6a77584585)
2003-09-10Still on my mb rampage. Ensure smbldap_make_mod() correctly detects oldJeremy Allison1-15/+13
values. Jeremy. (This used to be commit 41e4479aa9f186d68300086984d6f4c8f9fd2a27)
2003-09-10Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not convertingJeremy Allison1-0/+20
to/from utf8 for some calls. The libads code gets this right. Wonder why the passdb code doesn't use it ? Jeremy. (This used to be commit 910d21d3164c2c64773031fddaad35ea88e72a04)
2003-08-132 fixesGerald Carter1-0/+27
* bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter1-2/+2
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-17Disconnect an idle LDAP connection after 150 seconds.Volker Lendecke1-1/+43
Not strictly a bugfix, but it should considerably reduce the load we put on LDAP servers given that at least nss_ldap on Linux keeps a connection open. And it should also stress our reconnect-code a bit more ;-) Thanks to metze for this! Volker (This used to be commit e68d8eabeb9c64dc45d057619f9b3dd0cd507444)