summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16350: Fix the build.Günther Deschner1-19/+0
GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2007-10-10r16334: Fix Klocwork ID's 1087, 1095, 1096, 1098, 1099, 1101, 1102, 1105, ↵Volker Lendecke1-4/+49
1107, 1109, 1111 Volker (This used to be commit d3f5acb16e14ec394f1af41fa2f9e27fdca937db)
2007-10-10r16121: Fix a eDir related memory leak.Günther Deschner1-2/+9
Guenther (This used to be commit 322f1664df553d95fcdfc24f19bd7f34ce9b834b)
2007-10-10r15895: Ensure all new rid allocation goes throughJeremy Allison1-6/+12
the same function (deals with races). Jeremy. (This used to be commit 4962548dfe8ec2854e209217066556f339d3186e)
2007-10-10r15649: Allow to store 24 password history entries in ldapsam (same limit as onGünther Deschner1-6/+7
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
2007-10-10r15633: Minor smbldap/pdb_ldap cleanupGünther Deschner1-7/+4
Guenther (This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0)
2007-10-10r15571: Fix Coverity bug #285Volker Lendecke1-3/+7
(This used to be commit 2cf503d7da08319f318217f6fe8f85c18bf0dffb)
2007-10-10r15547: say goodbye to --with-ldapsam (although the ldapsam_compat passdb ↵Gerald Carter1-17/+0
backend still exists (This used to be commit 7d99e05ee8f60b2b4d18405dc8be6f9ff822c3ad)
2007-10-10r15444: Fix from Jim to ensure we do a wildcard search for SID'sJeremy Allison1-1/+1
starting with the global SAM sid, not an exact search. Jeremy. (This used to be commit 755c272ebf5d0f4de15178814f998d1ec5ecb718)
2007-10-10r14758: Fix broken LDAP search filter.Günther Deschner1-1/+1
Guenther (This used to be commit 25970a54298f2888b5c3cd64496dbd0c9d627a05)
2007-10-10r14756: Make smbpasswd -a root work for eDirectory where there is no "account"Günther Deschner1-5/+18
structural objectclass. Guenther (This used to be commit 7eefeaad352597b6f97160b1abc0dc032c0b46b2)
2007-10-10r14452: Sorry. Need more coffee....Gerald Carter1-1/+1
* Fix sprintf() args when createing the group search filter. (This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)
2007-10-10r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter1-42/+16
groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-1/+1
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r13979: We've dereferenced my_methods already, so there's no point in ↵Volker Lendecke1-1/+1
checking for != NULL. Coverity #149. Volker (This used to be commit d38e05329a77650d8fbb8611ca148964f62c9ba4)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-7/+3
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13843: Merge in net sam provision and some pdb_ldap fixesSimo Sorce1-82/+130
(This used to be commit 705d8118081784e9907648fd1daaaa5ec0285972)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce1-108/+891
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-6/+6
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-24/+0
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13622: Allow to rename machine accounts in a Samba Domain. This still uses theGünther Deschner1-2/+5
"rename user script" to do the rename of the posix machine account (this might be changed later). Fixes #2331. Guenther (This used to be commit b2eac2e6eb6ddd1bcb4ed5172e7cd64144c18d16)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-61/+1
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-38/+34
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-24/+24
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13460: by popular demand....Gerald Carter1-20/+27
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13389: get_ldap_filter is only used once, make it staticVolker Lendecke1-1/+1
(This used to be commit d3b66fb8712e41a331ccfb0f52f187382769b41e)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-561/+969
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12663: Fix a memleakVolker Lendecke1-0/+4
(This used to be commit 3ee6b732f4210e6de6716364ec166f44f29f4463)
2007-10-10r12645: Fix some memleaks. This will also be in the trunk checkin that comes ↵Volker Lendecke1-0/+9
next. Volker (This used to be commit dc167037b0f3bada390dfdb820cb84ed9a4cfdcf)
2007-10-10r12400: one line patch for Sun LDAP libs pointed out by Nicholas Brealey ↵Gerald Carter1-1/+1
<nick@brealey.org> (This used to be commit 5121d3806992da79d194717ef7a9da810b5ff679)
2007-10-10r12398: adding Guenther's account policy migration fixGerald Carter1-7/+22
(This used to be commit be32f10609f2274903cb3b2c6b84c9aa62962151)
2007-10-10r12313: Introduce yet another copy of the string_sub function:Volker Lendecke1-2/+1
talloc_string_sub. Someone with time on his hands could convert all the callers of all_string_sub to this. realloc_string_sub is *only* called from within substitute.c, it could be moved there I think. Volker (This used to be commit be6c9012da174d5d5116e5172a53bbe6486d6c38)
2007-10-10r12129: Fix uninitialized variables.Volker Lendecke1-1/+1
Volker (This used to be commit 8a7d6eb2c081c0d74b62aa76dc243946df62ced2)
2007-10-10r11999: Re-add "passdb expand explicit".Volker Lendecke1-3/+13
We came to the conclusion that changing the default is something that has to wait one or two more releases, but it will happen one way or the other. Volker (This used to be commit 30fcdf84d8943e630af78a96320607c42e4d15aa)
2007-10-10r11947: Back out passdb:expand_explicit until we find consensus. I'll file ↵Volker Lendecke1-14/+3
this as a bugzilla entry. Volker (This used to be commit d228cb62a7be6ae128d3418aeb0ea466c7329802)
2007-10-10r11922: Looks bigger than it is: There's no point in allocating arrays inVolker Lendecke1-17/+10
samr_lookup_rids twice. It was done in the srv_samr_nt.c code as well as in the pdb module. Remove the latter, this might happen more often. Volker (This used to be commit 57f0cf8cdd6928f4759036e5dd53d41736aa910d)
2007-10-10r11914: After talking to Jeremy, implement passdb:expand_explicit with a ↵Volker Lendecke1-3/+14
default of no. This changes our default behaviour. Sorry, Ingo, this *is* a bug that needs fixing. Jerry, you might want to put a marker into the WHATSNEW.txt when this is due. Volker (This used to be commit 6622db97bb575b028b3c0bc016b91f62a8c561a2)
2007-10-10r11847: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit 6aefb3aebbbba486ea44ec9ef7bc46e0776eeba8)
2007-10-10r11236: Implement user rename for smbpasswd and ldap backends. Some cleanup onJim McDonough1-0/+47
tdb as well to make naming consistent. (This used to be commit ee91eb9a39cc5e3edd9e97eb040e7557930e4e62)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-51/+53
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-13/+341
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9661: fallback to cn attribubte if displayName is not availableGerald Carter1-14/+14
(This used to be commit b1524999e0b4fc99d213fc6e56182a8fa8e88ef1)
2007-10-10r9660: real fix for group enumeration bug in 3.0.20; only affected the ↵Gerald Carter1-4/+5
ldapsam code (This used to be commit 62f9fb5e3a9bce539c9fedc5fdec1b8741a922c7)
2007-10-10r8797: avoid unset rids for builtin-aliases.Günther Deschner1-1/+2
Guenther (This used to be commit c2810bcf662771113dccdd603cd658d19a09de80)
2007-10-10r8787: Make enumeration of builtin-aliases work again.Günther Deschner1-5/+41
Guenther (This used to be commit 0c8859474da609c69435c2acdfa4fa012d87eed3)
2007-10-10r8542: - (re-)add better search-semantics: look for Interdomain trust accountsGünther Deschner1-2/+2
below the machine-suffix (this is where we create them)) to avoid digging through thousands of user-accounts just to find a handful of trust-accounts in the enumdomusers-samr-call. - don't access freed data in DEBUG-statement Guenther (This used to be commit 793c82c0172c4f834e43d04bf3f9d39858761e88)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-6/+6
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7142: removing 'ldap filter' smb.conf optionGerald Carter1-4/+4
(This used to be commit e2f8eeb4e26e8f7bec4d9dc820b86a7b548f82da)
2007-10-10r6770: Fix bug 2705. Thanks, John, for beating my stuff :-)Volker Lendecke1-2/+0
Volker (This used to be commit f406dda687b457b8247151cf86d39f03608b5503)
2007-10-10r6748: With reconnects, state->connection->ldap_struct can change in ↵Volker Lendecke1-3/+8
smbldap_search and friends. This should be a fix for bug 2701. Thanks to jht for giving me access to his box! Volker (This used to be commit 85320c12578f183d4ed0450949e0aee8d020e036)