summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_ldap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-2/+2
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-11-27Remove unused prototype for smbldap_get_single_pstring().Jeremy Allison1-2/+8
Don't use pstr_sprintf() on an fstring - change to talloc. Jeremy. (This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274)
2007-11-26Fix bug 5055Volker Lendecke1-1/+1
(This used to be commit 8bcd2df841bae63e7d58c35d4728b7d853471697)
2007-11-26Improve debug messageVolker Lendecke1-1/+2
Fix bug 5056, thanks to debian package maintainer (This used to be commit 5b4ba4bfc54e2fa468abe15383e5b33eb5bd1324)
2007-11-14Remove smbldap_get_single_pstring() and all pstringsJeremy Allison1-461/+802
from pdb_ldap.c. I don't have an LDAP passdb setup here, so I'm going to need some help on testing this. Jeremy. (This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
2007-11-05static pstring removalVolker Lendecke1-2/+6
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-41/+41
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-1/+1
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r25165: Use talloc_asprintf_append_buffer with an unmodifiedJeremy Allison1-3/+3
string. Jeremy. (This used to be commit fe30a523dfc77cc373145624246fd3ad5c62b9ac)
2007-10-10r25092: Add support for storing trusted domain passwords in LDAP forMichael Adam1-5/+277
passdb backend = ldapsam. Along with reproducing the functionality of the secrets.tdb code, I have prepared the handling of the previous trust password (in case we are contacting a dc which does not yet know of a recent password change). This information has still to be propagated to the outside, but this requires a change of the api and also a change of the secrets.tdb code. Michael (This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
2007-10-10r25091: Start adding support for storing trusted domain passwords in LDAPMichael Adam1-0/+44
(for passdb backen = ldapsam). At a first step, add the hooks, calling the secrets_ functions. Michael (This used to be commit 9c03cdf3a449149c50451a44deb420341e65af34)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23688: Fix bug #4759 reported by Raul <ismell@ismell.org>.Jeremy Allison1-1/+1
"N" is not a valid format entry for ber_printf, should be "n" Jeremy. (This used to be commit f3bb102c24018f0a91f8b51de6fe646c091da6be)
2007-10-10r23194: cherry pick two fixes from SAMBA_3_0_26Gerald Carter1-2/+6
* strptime() failure check * make legcacy sid/uid/gid calls static (This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
2007-10-10r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke1-1/+2
winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
2007-10-10r21609: Fix memory leaks in error code paths (and one in winbindd_group.c).Jeremy Allison1-0/+2
Patch from Zack Kirsch <zack.kirsch@isilon.com>. Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
2007-10-10r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison1-0/+1
Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce1-8/+60
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r20402: Fix spelling: samba bug #4292 debian #402392Andrew Bartlett1-1/+1
(This used to be commit e43aa4e03d8d2d3ffa3a0383b0b0835dd1a51cda)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-13/+38
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r19943: Fix bug 4267 -- Thanks to David!Volker Lendecke1-0/+2
(This used to be commit 714971b34aad01cd855484d550c41bc0265ef051)
2007-10-10r19083: Fix objectclassVolker Lendecke1-1/+1
(This used to be commit 6c4d68d84987a88f91bca976a0396dff720043e5)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner1-0/+4
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r18313: Nobody said "no" (yet.... gd?), so commit it:Volker Lendecke1-10/+0
Remove the account_policy_migrated() thingy, and make cache_account_policy_set use gencache. Account policies are now handled like groups and users are with respect to "passdb backend". Volker (This used to be commit fa8b2e2a585ab0c00a5fbde7aa790043261caf2e)
2007-10-10r18271: Big change:Gerald Carter1-11/+11
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17554: CleanupVolker Lendecke1-2/+2
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke1-2/+2
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r17271: Fix a regression in the ldapsam uri syntax.Gerald Carter1-7/+12
Allow multiple LDAP URIs to be grouped by "" (This used to be commit 21d69dcb3c5361f94d15b2d186e1aae6e246a24e)
2007-10-10r17150: MMC User & group plugins fixes:Gerald Carter1-3/+11
* Make sure to lower case all usernames before calling the create, delete, or rename hooks. * Preserve case for usernames in passdb * Flush the getpwnam cache after renaming a user * Add become/unbecome root block in _samr_delete_dom_user() when trying to verify the account's existence. (This used to be commit bbe11b7a950e7d85001f042bbd1ea3bf33ecda7b)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-25/+33
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16683: Fix bug #3900 reported by jason@ncac.gwu.edu.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 8c7e40f2a469df34aff0e63270a78e669d240b59)
2007-10-10r16681: Fix bug #3899 reported by jason@ncac.gwu.edu.Jeremy Allison1-5/+0
Jeremy. (This used to be commit 1cd9a0ef834f8062500d1aea6183e147fc5e42f4)
2007-10-10r16628: Fix bug #3880, reported by jason@ncac.gwu.eduJeremy Allison1-1/+1
by ensuring we return the correct enum for sid type, not a uint32. Jeremy. (This used to be commit 98a5e20ff4ceacda65dcc0ce5498ed4ffde520f8)
2007-10-10r16427: Fix bug # 3848. Thanks to Wilco Baan Hofman for testing the release ↵Volker Lendecke1-0/+13
candidate! Volker (This used to be commit adf2dcce09ae29a8c1677b25e1cd5f022b804d01)
2007-10-10r16350: Fix the build.Günther Deschner1-19/+0
GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2007-10-10r16334: Fix Klocwork ID's 1087, 1095, 1096, 1098, 1099, 1101, 1102, 1105, ↵Volker Lendecke1-4/+49
1107, 1109, 1111 Volker (This used to be commit d3f5acb16e14ec394f1af41fa2f9e27fdca937db)
2007-10-10r16121: Fix a eDir related memory leak.Günther Deschner1-2/+9
Guenther (This used to be commit 322f1664df553d95fcdfc24f19bd7f34ce9b834b)
2007-10-10r15895: Ensure all new rid allocation goes throughJeremy Allison1-6/+12
the same function (deals with races). Jeremy. (This used to be commit 4962548dfe8ec2854e209217066556f339d3186e)
2007-10-10r15649: Allow to store 24 password history entries in ldapsam (same limit as onGünther Deschner1-6/+7
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
2007-10-10r15633: Minor smbldap/pdb_ldap cleanupGünther Deschner1-7/+4
Guenther (This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0)
2007-10-10r15571: Fix Coverity bug #285Volker Lendecke1-3/+7
(This used to be commit 2cf503d7da08319f318217f6fe8f85c18bf0dffb)
2007-10-10r15547: say goodbye to --with-ldapsam (although the ldapsam_compat passdb ↵Gerald Carter1-17/+0
backend still exists (This used to be commit 7d99e05ee8f60b2b4d18405dc8be6f9ff822c3ad)
2007-10-10r15444: Fix from Jim to ensure we do a wildcard search for SID'sJeremy Allison1-1/+1
starting with the global SAM sid, not an exact search. Jeremy. (This used to be commit 755c272ebf5d0f4de15178814f998d1ec5ecb718)
2007-10-10r14758: Fix broken LDAP search filter.Günther Deschner1-1/+1
Guenther (This used to be commit 25970a54298f2888b5c3cd64496dbd0c9d627a05)
2007-10-10r14756: Make smbpasswd -a root work for eDirectory where there is no "account"Günther Deschner1-5/+18
structural objectclass. Guenther (This used to be commit 7eefeaad352597b6f97160b1abc0dc032c0b46b2)
2007-10-10r14452: Sorry. Need more coffee....Gerald Carter1-1/+1
* Fix sprintf() args when createing the group search filter. (This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)
2007-10-10r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter1-42/+16
groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-1/+1
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)