summaryrefslogtreecommitdiff
path: root/source3/passdb/ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce1-7/+12
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-08-08Change all realloc() statements to Realloc() (ecxept for tdb.c)Simo Sorce1-2/+2
changed some code to exploit the fact that Realloc(NULL, size) == malloc(size) fixed some possible mem leaks, or seg faults. thanks to andreas moroder (mallocs not checked in client/client.c, client/smbumount.c) (This used to be commit 7f33c01688b825ab2fa9bbb2730bff4f2fa352be)
2001-03-02Merged JF's fixes into HEAD. These are for string parsing and SAMR fixes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit c3a1904564175a7a5cf71e88540b96f7daa59730)
2000-02-25client/client.c:Jeremy Allison1-0/+6
libsmb/clientgen.c: Fixes for Win2k smbclient browsing. Other fixes implement smbpasswd -x user to delete users. Also allows swat to do the same. Jeremy. (This used to be commit 9f6ad046761adecafba59040baa3abc9f0959e65)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-346/+814
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-03-25SAM database "set user info".Luke Leighton1-2/+2
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-01-15Finally committing my LDAP changes.Matthew Chapman1-23/+100
* Added new APIs for modifying groups. * RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1 for each new user/group. * RIDs are now consistently in hex * Fixed bugs reported by Allan Bjorklund <allan@umich.edu>: - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect - Missing ldap_connect() in getusergroups functions - ldap_next_entry was being called too early while retrieving a sam_struct - LDAP globals should be extern in sampassldap.c * Fixed bugs reported by Martin Hofbauer <mh@bacher.at> - Newly added workstation trust accounts had attributes DU rather than W. - User dn's were forced to start with "uid=XX" rather than using the existing dn. (This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)
1998-12-08ldap_getpw() also needs to be (void)Luke Leighton1-3/+2
(This used to be commit f36cf3b6a70d0a91bce923ab51780d20d69e3bd6)
1998-12-08compilation warnings due to missing (void) in ldap_close_connection.Luke Leighton1-2/+6
(This used to be commit f11eb4165836ce8d15a453d37c4e07913562d778)
1998-12-07matthew chapman's ldap code, to date. plus docs!Luke Leighton1-815/+287
(This used to be commit 2c438c86cbb38833b3abd4fbead6324687633b25)
1998-11-29weekend work. user / group database API.Luke Leighton1-5/+5
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-24initialise not initialize...Luke Leighton1-1/+1
(This used to be commit b67d66a1e9d879cd5960380c94422c0af8dedaad)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-18/+18
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-13Makefile.in configure configure.in include/config.h.in: Changes for DGUX and ↵Jeremy Allison1-1/+1
UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c)
1998-10-21the next dialog: user-groups. it's not very sensible what appears, but hey:Luke Leighton1-0/+6
it appears! (This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
1998-10-17Small tidyups for gcc in 'preen' mode....Jeremy Allison1-0/+1
Jeremy. (This used to be commit 60dc1a4a00a22088d33369588b0d5eb292cf084a)
1998-09-25Makefile.in: Fixed bug with continuation line causing proto to fail.Jeremy Allison1-1/+1
Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy. (This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)
1998-09-24Integration of Anders Blomdell <anders.blomdell@control.lth.se>'sJeremy Allison1-1/+1
smbpasswd changes. Not exactly the same as his code - several changes. Jeremy. (This used to be commit e96747a8e3b9ea5a79c4258e55d7e8f3bf0bf193)
1998-09-17configure configure.in: Added checks for statvfs64. Last bit of 64 bit ↵Jeremy Allison1-5/+5
widening (I hope :-). include/config.h.in: Added #undef STAT_STATVFS64. include/includes.h: Added SMB_STRUCT_STATVFS type, Changed SMB_BIG_INTEGER to SMB_BIG_UINT and SMB_BIG_INT types. include/smb.h: Added flag defines from CIFS spec. lib/debug.c: Fixed one more mode_t issue. lib/system.c: Added sys_statvfs wrapper. lib/util.c: Changed trim_string to use size_t. param/loadparm.c: Moved "blocking locks" into locking section. Alphabetised locking options. Question - shuld we do this for all options ? passdb/ldap.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. passdb/nispass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. passdb/smbpass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. smbd/dfree.c: Changed to use 64 bit types if available. Moved to use unsigned types. smbd/dosmode.c: Fixed one more mode_t issue. smbd/negprot.c: Changed literals to be FLAG_ #defines. smbd/nttrans.c: Removed dead code. smbd/open.c: Changed disk_free call. smbd/process.c: Changed literals to be FLAG_ #defines. smbd/reply.c: Changed disk_free call. smbd/trans2.c: Fixed but in SMB_QUERY_FS_VOLUME_INFO call. Was using UNICODE - should use ascii. tests/summary.c: Added STAT_STATVFS64 check. Jeremy. (This used to be commit c512b1b91fb7f2a7a93b9033a33e06d966daadb4)
1998-09-17configure configure.in: Added tests for fseek64 and ftell64.Jeremy Allison1-4/+4
config.h.in: Added fseek64 and ftell64. includes.h: Added definition of SMB_BIG_INTEGER. smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. access.c: Tidyup of dbug statement. system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t. asyncdns.c: Tidyup of comment. loadparm.c: Tidyup of set_default_server_announce_type() function definition. ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpassfile.c: Use sys_fseek(). chgpasswd.c: Tidyup of debug statement. dosmode.c: Changed mode calls to use mode_t. ipc.c: Removal of dead code. nttrans.c: Changed mode calls to use mode_t. open.c: Changed mode calls to use mode_t. pipes.c: Removal of dead code. reply.c: Removal of dead code. trans2.c: Removal of dead code. Changed mode calls to use mode_t. Jeremy. (This used to be commit c381d32e3dc23fe887408016cae821aceb30da2c)
1998-07-31As per a Andrew's message, I went through and removed the timestring()Christopher R. Hertel1-6/+6
timestamps from several DEBUG messages. The timestamps are redundant now that DEBUG() provides them automatically. There are still a few more files to do, but I've got to get home for dinner. Chris -)----- (This used to be commit 60286ccecaa6028d687e6406755016455e3b3a26)
1998-07-29merge from the autoconf2 branch to the main branchAndrew Tridgell1-1/+1
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
1998-05-19removed "default" system for password database api: all functions mustLuke Leighton1-7/+28
be supported. there are some stub routines in passdb.c which can be copied into a password database api which do conversion. the module writer can choose which of these to provide full support for instead of using the conversion routines. (This used to be commit d906ac5941fa22f93a38d65906b89a80f971b83c)
1998-05-19ldap.c :Luke Leighton1-15/+19
- added support for some of the new passdb_ops functions. - removed functions that are supported "indirectly" through passdb.c nisppass.c : - modified make_nisname_from_xxx() functions to take a "file" arg. - turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid() functionality is available through "indirect" support in passdb.c - removed functions that are supported "indirectly" through passdb.c - added support for some of the new passdb_ops functions. passdb.c : - created getsam21pwrid() function to go alongside getsam21pwuid. it is not expected that getsam21pwuid ever be used, certainly not from the lib/rpc code. - created getsamdisprid() and getsamdispent(). these are primarily for support of SamrQueryDisplayInfo, however given that they [struct sam_disp_info] return username, rid and fullname, there may be further instances where these functions will be useful. - added support where either the get/add/mod-smb or get/add/mod-sam21 functions are optional. this can be done very easily by checking whether the struct passdb_ops table functions are NULL or not. documented this capability in the notes at the top of the module. - where unix uid was referenced, use uid_t. - where unix gid was referenced, use gid_t. smb.h : - added sam_disp_info functions to passdb_ops. - added getsam21pwrid() function. smbpass.c : - added reference to iterate_getsam21pwrid(). lib/rpc/server/srv_samr.c : - removed group rid code added to get_user_info_21() code: this had been added in the wrong place. the client / server should already know whether it wants to do a lookup by user rid or by group rid. the test of whether the rid is a user or group rid has been left in because this may become useful consistency-check code. - converted back to getsam21pwrid() not getsam21pwuid(pdb_user_rid_to_uid()). this is because the unix uid to user rid mapping can be non-monotonic in some password database systems, and monotonic in others. imposing the restriction by converting immediately from rid to uid at this point is inadviseable, and will place this potential restriction on _all_ password database systems, not just some which, for whatever reason, do not support user rids. it should be up to the individual password database writer to convert from user rid to unix uid, should that module not support rids. lib/rpc/server/srv_util.c : - got lookup_user_name() to call getsamdisprid() not getsmbpwuid(). a bug was introduced (or at least the bug already there was not fixed) whereby the nt user rid was converted to a unix uid, and then not used. (This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-18Abstracted all the crappy password interfaces through an indirectJeremy Allison1-10/+61
function table, selectable at compile time. This should make the code that implements all the password functions much cleaner, as it's now very clear exactly what a particular password database needs to provide to Samba. Jeremy. (This used to be commit 27ca536ad974242524c12f7100e419d9e7f9647f)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison1-1/+1
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-18creating and using some pdb_init_(sam/smb) routines. putting ldap headersLuke Leighton1-13/+4
back in (they had been taken out of includes.h because they are only local to ldap.c. (This used to be commit 98ab085b93fb25a4d9275c0d54a863fd9fae2548)
1998-05-18no include headers in ldap.c.Luke Leighton1-0/+3
passdb.c sam_passwd <-> smb_passwd conversion routines (This used to be commit 8082239c81dfed5e3cc34a4d0a4e7195398ae627)
1998-05-18resolving compilation errorsLuke Leighton1-1/+3
(This used to be commit dea0c06eec44a7c2860f97d8f23584d30e482e0a)
1998-05-18received update from jean francois for ldap.c: he is doing add / modLuke Leighton1-71/+424
functions (This used to be commit 381df1e52bfc97b80422de2703db8cb521dc47e1)
1998-05-18Makefile:Luke Leighton1-9/+38
- added nisppass.c and NISPLUS_FLAGS includes.h: - renamed USE_LDAP to USE_LDAP_DB. renamed NISPLUS to USE_NISPLUS_DB. added default define of USE_SMBPASS_DB. - removed ldap headers: they are local only to ldap.c ldap.c : - made all ldap-specific functions static. - added dummy sam21 functions loadparm.c : - renamed NISPLUS to NISPLUS_HOME mkproto.awk - commented out ldap-specific #ifdef generation code: it's not needed now that ldap-specific functions in ldap.c are static nisppass.c : - first attempt at an add function from (This used to be commit f215d375f0f1e12894c2a9e86bd28d4776d337c1)
1998-05-12- removed ldap_get_trust()Luke Leighton1-101/+74
- #ifdef around putting 16 byte hashes instead of plaintext password. (This used to be commit ca7bf597e4781ee1a82dc231584b16624d99e9f3)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-6/+6
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11password back-end database supportLuke Leighton1-3/+28
ldap.c : - added getldap21pwent() function passdb.c : - getsam21pwent() no longer a stub: calls ldap21 or smb21 smbpass.c : - added getsmb21pwent() function (he he :-) lib/rpc/server/srv_samr.c : - removed "specific" calls to ldap functions; replaced with call to get_sampwd_entries instead (which is unfinished). - rewrote get_user_info_21 function to call getsam21pwrid. (This used to be commit c760ebbf127796427c4602aae61952df938c6def)
1998-05-11ldap back-end database developmentLuke Leighton1-175/+159
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-08renamed last_change_time to pass_must_change_time. removed "if (bool==True)"Luke Leighton1-11/+10
and "if (bool==False)" code from ldap.c - a boolean test may not necessarily return exactly True or exactly False: True may be defined to be -1: you never know... (This used to be commit 9bf9752134a92b9a6e8895300d986cfa23547c03)
1998-05-07added first pass at start/get/end-ldappwent functions. unfortunately, lotsLuke Leighton1-10/+65
of information will be lost as these functions currently return struct smb_passwd not SAM_USER_INFO_21 or any other type of structure... (This used to be commit ad3097099cba524c9ec7c3ffc6d5647019efeaab)
1998-05-07remove unused ldap functions: add stub start/get/endldappwent routines.Luke Leighton1-145/+97
(This used to be commit a827412effe75029622cc3c822b1d581dd374fda)
1998-05-07moving gethexpwd into util.c, because it's used in both smbpass.c and ldap.cLuke Leighton1-28/+0
(This used to be commit abe261b2f5ea7036e7be6230876176d134ef4ee4)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton1-1/+21
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-05-06jean-francois micouleau's well-alpha code for ldap password database stuff!Luke Leighton1-0/+563
he's going to hate me for checking this in so early, but... (This used to be commit ad9ba0a1cbac5c4e6cbcbcadefe8f1df72231f74)