From 3bdfd57a2dc590896a2e45652ad4f5e3c2358108 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 5 Jun 2003 02:34:30 +0000 Subject: working draft of the idmap_ldap code. Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350) --- source3/include/smbldap.h | 101 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 source3/include/smbldap.h (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h new file mode 100644 index 0000000000..13451fa24f --- /dev/null +++ b/source3/include/smbldap.h @@ -0,0 +1,101 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Gerald Carter 2001-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#ifndef _SMBLDAP_H +#define _SMBLDAP_H + +/* specify schema versions between 2.2. and 3.0 */ + +#define SCHEMAVER_SAMBAACCOUNT 1 +#define SCHEMAVER_SAMBASAMACCOUNT 2 + +/* objectclass names */ + +#define LDAP_OBJ_SAMBASAMACCOUNT "sambaSamAccount" +#define LDAP_OBJ_SAMBAACCOUNT "sambaAccount" +#define LDAP_OBJ_GROUPMAP "sambaGroupMapping" +#define LDAP_OBJ_DOMINFO "sambaDomain" +#define LDAP_OBJ_IDPOOL "sambaUnixIdPool" +#define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" + +#define LDAP_OBJ_ACCOUNT "account" +#define LDAP_OBJ_POSIXACCOUNT "posixAccount" +#define LDAP_OBJ_POSIXGROUP "posixGroup" + +/* some generic attributes that get reused a lot */ + +#define LDAP_ATTRIBUTE_SID "sambaSID" +#define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" +#define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" + +/* attribute map table indexes */ + +#define LDAP_ATTR_LIST_END 0 +#define LDAP_ATTR_UID 1 +#define LDAP_ATTR_UIDNUMBER 2 +#define LDAP_ATTR_GIDNUMBER 3 +#define LDAP_ATTR_UNIX_HOME 4 +#define LDAP_ATTR_PWD_LAST_SET 5 +#define LDAP_ATTR_PWD_CAN_CHANGE 6 +#define LDAP_ATTR_PWD_MUST_CHANGE 7 +#define LDAP_ATTR_LOGON_TIME 8 +#define LDAP_ATTR_LOGOFF_TIME 9 +#define LDAP_ATTR_KICKOFF_TIME 10 +#define LDAP_ATTR_CN 11 +#define LDAP_ATTR_DISPLAY_NAME 12 +#define LDAP_ATTR_HOME_PATH 13 +#define LDAP_ATTR_LOGON_SCRIPT 14 +#define LDAP_ATTR_PROFILE_PATH 15 +#define LDAP_ATTR_DESC 16 +#define LDAP_ATTR_USER_WKS 17 +#define LDAP_ATTR_USER_SID 18 +#define LDAP_ATTR_USER_RID 18 +#define LDAP_ATTR_PRIMARY_GROUP_SID 19 +#define LDAP_ATTR_PRIMARY_GROUP_RID 20 +#define LDAP_ATTR_LMPW 21 +#define LDAP_ATTR_NTPW 22 +#define LDAP_ATTR_DOMAIN 23 +#define LDAP_ATTR_OBJCLASS 24 +#define LDAP_ATTR_ACB_INFO 25 +#define LDAP_ATTR_NEXT_USERRID 26 +#define LDAP_ATTR_NEXT_GROUPRID 27 +#define LDAP_ATTR_DOM_SID 28 +#define LDAP_ATTR_HOME_DRIVE 29 +#define LDAP_ATTR_GROUP_SID 30 +#define LDAP_ATTR_GROUP_TYPE 31 + + +typedef struct _attrib_map_entry { + int attrib; + const char *name; +} ATTRIB_MAP_ENTRY; + +/* structures */ + +extern ATTRIB_MAP_ENTRY attrib_map_v22[]; +extern ATTRIB_MAP_ENTRY attrib_map_v30[]; +extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; +extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; +extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; +extern ATTRIB_MAP_ENTRY idpool_attr_list[]; +extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; + +#endif /* _SMBLDAP_H */ -- cgit From 711f8d0a13c6854f8c552a9561571d26fa5e9884 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 6 Jun 2003 13:48:39 +0000 Subject: * break out more common code used between pdb_ldap and idmap_ldap * remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f) --- source3/include/smbldap.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 13451fa24f..c669f77425 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -39,6 +39,7 @@ #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" #define LDAP_OBJ_POSIXGROUP "posixGroup" +#define LDAP_OBJ_OU "organizationalUnit" /* some generic attributes that get reused a lot */ @@ -81,6 +82,7 @@ #define LDAP_ATTR_HOME_DRIVE 29 #define LDAP_ATTR_GROUP_SID 30 #define LDAP_ATTR_GROUP_TYPE 31 +#define LDAP_ATTR_SID 32 typedef struct _attrib_map_entry { -- cgit From 70da79f8a8abf615ce0bb938853e31192c079534 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 6 Jun 2003 20:31:19 +0000 Subject: fix build on systems w/o LDAP libs (This used to be commit f33aeaa039d49b4eef884b27dc81d3418a051f1a) --- source3/include/smbldap.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index c669f77425..987206b450 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -19,6 +19,8 @@ */ +#ifdef HAVE_LDAP + #ifndef _SMBLDAP_H #define _SMBLDAP_H @@ -100,4 +102,16 @@ extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; +/* Function declarations -- not included in proto.h so we don't + have to worry about LDAP structure types */ + +const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); +char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); +void free_attr_list( char **list ); +BOOL fetch_ldap_pw(char **dn, char** pw); +void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); + + #endif /* _SMBLDAP_H */ + +#endif /* HAVE_LDAP */ -- cgit From f70cc4cdc188fd8bf9f8f84cb55d15c122e463dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 21 Jun 2003 00:45:03 +0000 Subject: This patch works towards to goal of common code shared between idmap_ldap and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff) --- source3/include/smbldap.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 987206b450..31f8d33b88 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -92,6 +92,18 @@ typedef struct _attrib_map_entry { const char *name; } ATTRIB_MAP_ENTRY; + +struct smbldap_state { + LDAP *ldap_struct; + time_t last_ping; + /* retrive-once info */ + const char *uri; + char *bind_dn; + char *bind_secret; + + unsigned int num_failures; +}; + /* structures */ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; @@ -109,8 +121,7 @@ const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); void free_attr_list( char **list ); BOOL fetch_ldap_pw(char **dn, char** pw); -void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); - +void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); #endif /* _SMBLDAP_H */ -- cgit From eb61c8238298e97644202139e6d7f55e46eb9c26 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Jun 2003 12:51:58 +0000 Subject: Patch to move functions directly from pdb_ldap.c into lib/smbldap.c The functions are unchanged. Next step is to make idmap_ldap use them. Andrew Bartlett (This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e) --- source3/include/smbldap.h | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 31f8d33b88..5f3606aa32 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -19,11 +19,11 @@ */ -#ifdef HAVE_LDAP - #ifndef _SMBLDAP_H #define _SMBLDAP_H +#ifdef HAVE_LDAP + /* specify schema versions between 2.2. and 3.0 */ #define SCHEMAVER_SAMBAACCOUNT 1 @@ -93,17 +93,6 @@ typedef struct _attrib_map_entry { } ATTRIB_MAP_ENTRY; -struct smbldap_state { - LDAP *ldap_struct; - time_t last_ping; - /* retrive-once info */ - const char *uri; - char *bind_dn; - char *bind_secret; - - unsigned int num_failures; -}; - /* structures */ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; @@ -120,9 +109,30 @@ extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); void free_attr_list( char **list ); -BOOL fetch_ldap_pw(char **dn, char** pw); void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); +void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, const char *newval); -#endif /* _SMBLDAP_H */ +/** + * Struct to keep the state for all the ldap stuff + * + */ + +struct smbldap_state { + LDAP *ldap_struct; + time_t last_ping; + /* retrive-once info */ + const char *uri; + char *bind_dn; + char *bind_secret; + + unsigned int num_failures; +}; #endif /* HAVE_LDAP */ + +struct smbldap_state; + +#endif /* _SMBLDAP_H */ + -- cgit From 4168d61fb22e19a248a6c3d3ad43e2f73e37fc6a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Jul 2003 13:29:42 +0000 Subject: This patch cleans up some of our ldap code, for better behaviour: We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e) --- source3/include/smbldap.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 5f3606aa32..589d01aa6d 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -37,6 +37,7 @@ #define LDAP_OBJ_DOMINFO "sambaDomain" #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" +#define LDAP_OBJ_SID_ENTRY "sambaSidEntry" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -85,7 +86,8 @@ #define LDAP_ATTR_GROUP_SID 30 #define LDAP_ATTR_GROUP_TYPE 31 #define LDAP_ATTR_SID 32 - +#define LDAP_ATTR_ALGORITHMIC_RID_BASE 33 +#define LDAP_ATTR_NEXT_RID 34 typedef struct _attrib_map_entry { int attrib; @@ -113,6 +115,8 @@ void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, con void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval); +BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, + const char *attribute, pstring value); /** * Struct to keep the state for all the ldap stuff -- cgit From 9ec9df5fe42cebca8db5cdb01a0dbfc563c815fc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Jul 2003 11:24:54 +0000 Subject: Disconnect an idle LDAP connection after 150 seconds. Not strictly a bugfix, but it should considerably reduce the load we put on LDAP servers given that at least nss_ldap on Linux keeps a connection open. And it should also stress our reconnect-code a bit more ;-) Thanks to metze for this! Volker (This used to be commit e68d8eabeb9c64dc45d057619f9b3dd0cd507444) --- source3/include/smbldap.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 589d01aa6d..826fc3c55a 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -132,6 +132,9 @@ struct smbldap_state { char *bind_secret; unsigned int num_failures; + + time_t last_use; + smb_event_id_t event_id; }; #endif /* HAVE_LDAP */ -- cgit From 3a48e4b2875a6cb1c143377d7f6fb0be50ea80d2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Sep 2003 23:53:48 +0000 Subject: The "unknown_5" 32 bit field in the user structs is actually 2 16-bit fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94) --- source3/include/smbldap.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 826fc3c55a..9765b9fbd6 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -88,6 +88,8 @@ #define LDAP_ATTR_SID 32 #define LDAP_ATTR_ALGORITHMIC_RID_BASE 33 #define LDAP_ATTR_NEXT_RID 34 +#define LDAP_ATTR_BAD_PASSWORD_COUNT 35 +#define LDAP_ATTR_LOGON_COUNT 36 typedef struct _attrib_map_entry { int attrib; -- cgit From 5df2fd4175049247bf105698e9abfd32272bf96e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Dec 2003 04:52:00 +0000 Subject: support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800 (This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 9765b9fbd6..17584c4fe4 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -90,6 +90,7 @@ #define LDAP_ATTR_NEXT_RID 34 #define LDAP_ATTR_BAD_PASSWORD_COUNT 35 #define LDAP_ATTR_LOGON_COUNT 36 +#define LDAP_ATTR_MUNGED_DIAL 37 typedef struct _attrib_map_entry { int attrib; -- cgit From 3a1b189a9f3d2dab1fcadc5277546baa2f88cdfa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 25 Dec 2003 22:42:15 +0000 Subject: This is metze's LDAP rebind sleep patch: When smb.conf tells us to write to a read-only LDAP replica and we are redirected by the LDAP server, the replication might take some seconds, especially over slow links. This patch delays the next read after a rebind for 'ldap rebind sleep' milliseconds. Metze, thanks for your patience. Volker (This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc) --- source3/include/smbldap.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 17584c4fe4..14ea2de012 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -138,6 +138,8 @@ struct smbldap_state { time_t last_use; smb_event_id_t event_id; + + struct timeval last_rebind; }; #endif /* HAVE_LDAP */ -- cgit From 401959b7d7b3a29dbd1734318e5f6eb1248859f8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 23 Feb 2004 02:47:33 +0000 Subject: Add bad password count/time attributes (This used to be commit 003318939f7e476f5f2a5f345e8a81a228fc89a7) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 14ea2de012..9ef66a14ef 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -91,6 +91,7 @@ #define LDAP_ATTR_BAD_PASSWORD_COUNT 35 #define LDAP_ATTR_LOGON_COUNT 36 #define LDAP_ATTR_MUNGED_DIAL 37 +#define LDAP_ATTR_BAD_PASSWORD_TIME 38 typedef struct _attrib_map_entry { int attrib; -- cgit From 3d18997afda94504e9db24115aaa56a58086a653 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 11 Mar 2004 16:32:19 +0000 Subject: Get MungedDial actually working with full TS strings in it for pdb_ldap. I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6) --- source3/include/smbldap.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 9ef66a14ef..2f71f971d9 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -120,7 +120,10 @@ void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval); BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value); + const char *attribute, char *value, + int max_len); +BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, + const char *attribute, pstring value); /** * Struct to keep the state for all the ldap stuff -- cgit From 357998ddbdeb2fae0a30c578e747154fec22c180 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 18 Mar 2004 19:22:51 +0000 Subject: Password lockout for LDAP backend. Caches autolock flag, bad count, and bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 2f71f971d9..68a2c00afe 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -92,6 +92,7 @@ #define LDAP_ATTR_LOGON_COUNT 36 #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 +#define LDAP_ATTR_MOD_TIMESTAMP 39 typedef struct _attrib_map_entry { int attrib; -- cgit From a15393a3d9cdefc776cd7adb42ff50f61b9eff69 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 5 Apr 2004 14:45:24 +0000 Subject: r53: Remove modifyTimestamp from list of our attributes. We just check it for cache entry time comparisons in password lockout. Fixes problems where pdb_ldap tries to delete the operational attribute modifyTimestamp when deleting a user account. (This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f) --- source3/include/smbldap.h | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 68a2c00afe..2f71f971d9 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -92,7 +92,6 @@ #define LDAP_ATTR_LOGON_COUNT 36 #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 -#define LDAP_ATTR_MOD_TIMESTAMP 39 typedef struct _attrib_map_entry { int attrib; -- cgit From 7af3777ab32ee220700ed3367d07ca18b2bbdd47 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 7 Apr 2004 12:43:44 +0000 Subject: r116: volker's patch for local group and group nesting (This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f) --- source3/include/smbldap.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 2f71f971d9..61b8df0f0e 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -49,6 +49,7 @@ #define LDAP_ATTRIBUTE_SID "sambaSID" #define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" #define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" +#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList" /* attribute map table indexes */ @@ -93,6 +94,8 @@ #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 +#define LDAP_ATTR_SID_LIST 40 + typedef struct _attrib_map_entry { int attrib; const char *name; -- cgit From 569177a194ef990b55d3ad5d5243ca0f2659f25c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jul 2004 16:35:43 +0000 Subject: r1317: Patch from Joe Meadows "Joe Meadows" to add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac) --- source3/include/smbldap.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 61b8df0f0e..c7de7d84b3 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -153,5 +153,6 @@ struct smbldap_state { struct smbldap_state; -#endif /* _SMBLDAP_H */ +#define LDAP_CONNECT_DEFAULT_TIMEOUT 5 +#endif /* _SMBLDAP_H */ -- cgit From 1c5867502a47371e24519ffeb4165c69cab63482 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Jul 2004 22:46:51 +0000 Subject: r1388: Adding password history code for ldap backend, based on a patch from "Jianliang Lu" . Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9) --- source3/include/smbldap.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index c7de7d84b3..b94577178b 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -93,8 +93,9 @@ #define LDAP_ATTR_LOGON_COUNT 36 #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 - -#define LDAP_ATTR_SID_LIST 40 +#define LDAP_ATTR_PWD_HISTORY 39 +#define LDAP_ATTR_SID_LIST 40 +#define LDAP_ATTR_MOD_TIMESTAMP 41 typedef struct _attrib_map_entry { int attrib; -- cgit From ec1bbbf85890dee1fa68046f5c7f15967536079e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 26 Jul 2004 07:41:16 +0000 Subject: r1588: This is one of the more pathetic patches I ever checked in. Many hours of coding have passed, but I could not find a way to get the OpenLDAP libraries to reliably time out on any of the queries we make, *and* get correct error returns. No, async calls and ldap_result does NOT work, or I was simply too stupid to correctly interpret the OpenLDAP manpage and source. We can not allow to hang indefinitely in an ldap query, especially not for winbindd. "ldap timeout" now specifies the overall timeout for the complete operation, that's why I increased that to 15 seconds. Volker (This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd) --- source3/include/smbldap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index b94577178b..6046af464e 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -154,6 +154,6 @@ struct smbldap_state { struct smbldap_state; -#define LDAP_CONNECT_DEFAULT_TIMEOUT 5 +#define LDAP_CONNECT_DEFAULT_TIMEOUT 15 #endif /* _SMBLDAP_H */ -- cgit From bdab948fcfee56871e7a21825c09a116b4274f37 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Aug 2004 18:02:58 +0000 Subject: r1810: Patch from Richard Renard to store logon hours attributes in an LDAP database. Jeremy. (This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 6046af464e..953937fb75 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -96,6 +96,7 @@ #define LDAP_ATTR_PWD_HISTORY 39 #define LDAP_ATTR_SID_LIST 40 #define LDAP_ATTR_MOD_TIMESTAMP 41 +#define LDAP_ATTR_LOGON_HOURS 42 typedef struct _attrib_map_entry { int attrib; -- cgit From ec62d5a96896ed38894282cd7547d012f604c597 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 20 Sep 2004 11:02:14 +0000 Subject: r2444: Based on jmcd's patch, implement special lists for the ldap user attributes to delete. Richard, IMHO this is the better solution to the problem you currently have. Please review. Thanks, Volker (This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4) --- source3/include/smbldap.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 953937fb75..58502ec34e 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -107,7 +107,9 @@ typedef struct _attrib_map_entry { /* structures */ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; +extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v22[]; extern ATTRIB_MAP_ENTRY attrib_map_v30[]; +extern ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[]; extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; -- cgit From 55fe875a44bd63de766d4fbdb91bcc26be146a21 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Nov 2004 22:53:35 +0000 Subject: r3563: During a typical logon a modern workstation makes a lot of anonymous session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 58502ec34e..47f336cdb7 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -139,6 +139,7 @@ BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, struct smbldap_state { LDAP *ldap_struct; + pid_t pid; time_t last_ping; /* retrive-once info */ const char *uri; -- cgit From c3ba8b9a53617c75ffbcfa8ef32044cb1691d693 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 14 Jan 2005 19:26:13 +0000 Subject: r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458) --- source3/include/smbldap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 47f336cdb7..d980d08280 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS mplementation. + Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA Copyright (C) Gerald Carter 2001-2003 -- cgit From 0c6010238d5eda73bbd6b9e81e2261d19bc01bb7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Jan 2005 09:58:29 +0000 Subject: r4840: * Add more generic root-dse inspection function to check for given controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index d980d08280..adb51430dc 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -145,6 +145,7 @@ struct smbldap_state { const char *uri; char *bind_dn; char *bind_secret; + BOOL paged_results; unsigned int num_failures; -- cgit From b4afdc08d5336e4a337e453443d7af1d8655a31a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 22 Jan 2005 03:37:09 +0000 Subject: r4925: Migrate Account Policies to passdb (esp. replicating ldapsam). Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5) --- source3/include/smbldap.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index adb51430dc..9a116ab7e7 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -38,6 +38,7 @@ #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" +#define LDAP_OBJ_ACCOUNT_POLICY "sambaAccountPolicy" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -97,6 +98,8 @@ #define LDAP_ATTR_SID_LIST 40 #define LDAP_ATTR_MOD_TIMESTAMP 41 #define LDAP_ATTR_LOGON_HOURS 42 +#define LDAP_ATTR_ACCOUNT_POLICY_NAME 43 +#define LDAP_ATTR_ACCOUNT_POLICY_VAL 44 typedef struct _attrib_map_entry { int attrib; @@ -115,6 +118,7 @@ extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; +extern ATTRIB_MAP_ENTRY acctpol_attr_list[]; /* Function declarations -- not included in proto.h so we don't have to worry about LDAP structure types */ -- cgit From 6c84ecb55657ae28eb739a72164f6d7251dc627f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Feb 2005 00:51:31 +0000 Subject: r5349: After talking with Jerry, reverted the addition of account policies to passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1) --- source3/include/smbldap.h | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 9a116ab7e7..adb51430dc 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -38,7 +38,6 @@ #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" -#define LDAP_OBJ_ACCOUNT_POLICY "sambaAccountPolicy" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -98,8 +97,6 @@ #define LDAP_ATTR_SID_LIST 40 #define LDAP_ATTR_MOD_TIMESTAMP 41 #define LDAP_ATTR_LOGON_HOURS 42 -#define LDAP_ATTR_ACCOUNT_POLICY_NAME 43 -#define LDAP_ATTR_ACCOUNT_POLICY_VAL 44 typedef struct _attrib_map_entry { int attrib; @@ -118,7 +115,6 @@ extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; -extern ATTRIB_MAP_ENTRY acctpol_attr_list[]; /* Function declarations -- not included in proto.h so we don't have to worry about LDAP structure types */ -- cgit From f51677051cc139bdeb9d66196ca5405cecce1a35 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Feb 2005 14:27:34 +0000 Subject: r5428: Apply some const. LDAP attribs should now be declared const char *attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403) --- source3/include/smbldap.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index adb51430dc..d005104dea 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -120,8 +120,8 @@ extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; have to worry about LDAP structure types */ const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); -char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); -void free_attr_list( char **list ); +const char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); +void free_attr_list( const char **list ); void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, -- cgit From a5f84481e38ffc79043bfbac5f0353856b77b141 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 5 Mar 2005 01:22:53 +0000 Subject: r5655: Added support for Novell NDS universal password. Code donated by Vince Brimhall - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy. (This used to be commit 6f5ea963abe8e19d17a1803d4bedd9d87a317e58) --- source3/include/smbldap.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index d005104dea..e6a6a1b7c6 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -155,6 +155,31 @@ struct smbldap_state { struct timeval last_rebind; }; +/* struct used by both pdb_ldap.c and pdb_nds.c */ + +struct ldapsam_privates { + struct smbldap_state *smbldap_state; + + /* Former statics */ + LDAPMessage *result; + LDAPMessage *entry; + int index; + + const char *domain_name; + DOM_SID domain_sid; + + /* configuration items */ + int schema_ver; + + char *domain_dn; + + /* Is this NDS ldap? */ + int is_nds_ldap; + + /* ldap server location parameter */ + char *location; +}; + #endif /* HAVE_LDAP */ struct smbldap_state; -- cgit From d3d6126d94d55a69c45b2f7a63a7fa9b561baf48 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 15 Apr 2005 13:41:49 +0000 Subject: r6351: This is quite a large and intrusive patch, but there are not many pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index e6a6a1b7c6..b54b3f4325 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -185,5 +185,6 @@ struct ldapsam_privates { struct smbldap_state; #define LDAP_CONNECT_DEFAULT_TIMEOUT 15 +#define LDAP_PAGE_SIZE 1024 #endif /* _SMBLDAP_H */ -- cgit From 2c425096732d6693b4388ad0167e566d8378ff79 Mon Sep 17 00:00:00 2001 From: James Peach Date: Sat, 13 Aug 2005 12:05:54 +0000 Subject: r9303: Clobber compiler warnings. Patch from Jason Mader plus some extra function declarations. Bugzilla bug #2523. (This used to be commit 98d364459daa48aca3d239926cf40a0655e27e97) --- source3/include/smbldap.h | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index b54b3f4325..df56f60bf3 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -22,6 +22,8 @@ #ifndef _SMBLDAP_H #define _SMBLDAP_H +struct smbldap_state; + #ifdef HAVE_LDAP /* specify schema versions between 2.2. and 3.0 */ @@ -119,6 +121,10 @@ extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; /* Function declarations -- not included in proto.h so we don't have to worry about LDAP structure types */ +NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, + const char *location, + struct smbldap_state **smbldap_state); + const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); const char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); void free_attr_list( const char **list ); @@ -131,6 +137,10 @@ BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, int max_len); BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, pstring value); +char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry); +int smbldap_modify(struct smbldap_state *ldap_state, + const char *dn, + LDAPMod *attrs[]); /** * Struct to keep the state for all the ldap stuff @@ -180,9 +190,21 @@ struct ldapsam_privates { char *location; }; -#endif /* HAVE_LDAP */ +/* Functions shared between pdb_ldap.c and pdb_nds.c. */ +NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, + PDB_METHODS **pdb_method, + const char *location); +void private_data_free_fn(void **result); +int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state, + const char *user, + LDAPMessage ** result, + const char **attr); +NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, + PDB_METHODS **pdb_method, + const char *location); +const char** get_userattr_list( int schema_ver ); -struct smbldap_state; +#endif /* HAVE_LDAP */ #define LDAP_CONNECT_DEFAULT_TIMEOUT 15 #define LDAP_PAGE_SIZE 1024 -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/include/smbldap.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index df56f60bf3..bea1a6d84a 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/CIFS mplementation. LDAP protocol helper functions for SAMBA Copyright (C) Gerald Carter 2001-2003 @@ -40,6 +40,7 @@ struct smbldap_state; #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" +#define LDAP_OBJ_TRUST_PASSWORD "sambaTrustPassword" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -95,10 +96,12 @@ struct smbldap_state; #define LDAP_ATTR_LOGON_COUNT 36 #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 -#define LDAP_ATTR_PWD_HISTORY 39 +#define LDAP_ATTR_PWD_HISTORY 39 #define LDAP_ATTR_SID_LIST 40 -#define LDAP_ATTR_MOD_TIMESTAMP 41 -#define LDAP_ATTR_LOGON_HOURS 42 +#define LDAP_ATTR_MOD_TIMESTAMP 41 +#define LDAP_ATTR_LOGON_HOURS 42 +#define LDAP_ATTR_TRUST_PASSWD_FLAGS 43 + typedef struct _attrib_map_entry { int attrib; @@ -117,6 +120,8 @@ extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; +extern ATTRIB_MAP_ENTRY trustpw_attr_list[]; + /* Function declarations -- not included in proto.h so we don't have to worry about LDAP structure types */ -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/include/smbldap.h | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index bea1a6d84a..8870205bbb 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -131,8 +131,7 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct smbldap_state **smbldap_state); const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ); -const char** get_attr_list( ATTRIB_MAP_ENTRY table[] ); -void free_attr_list( const char **list ); +const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] ); void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value); void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, @@ -207,7 +206,17 @@ int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state, NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location); -const char** get_userattr_list( int schema_ver ); +const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver ); + +char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, + const char *attribute, + TALLOC_CTX *mem_ctx); +void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result); +void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod); +const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, + LDAPMessage *entry); + + #endif /* HAVE_LDAP */ -- cgit From 75ef18fa7510d894ccc4540d82616110c3166db3 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 11 Feb 2006 21:27:08 +0000 Subject: r13460: by popular demand.... * remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285) --- source3/include/smbldap.h | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 8870205bbb..6cfde13f4a 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -195,17 +195,13 @@ struct ldapsam_privates { }; /* Functions shared between pdb_ldap.c and pdb_nds.c. */ -NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, - PDB_METHODS **pdb_method, - const char *location); +NTSTATUS pdb_init_ldapsam_compat( struct pdb_methods **pdb_method, const char *location); void private_data_free_fn(void **result); int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state, const char *user, LDAPMessage ** result, const char **attr); -NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, - PDB_METHODS **pdb_method, - const char *location); +NTSTATUS pdb_init_ldapsam( struct pdb_methods **pdb_method, const char *location); const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver ); char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, @@ -217,7 +213,6 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry); - #endif /* HAVE_LDAP */ #define LDAP_CONNECT_DEFAULT_TIMEOUT 15 -- cgit From 38060f70a561ee9b71038bf5909b6fdf4872c4c4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 9 Jun 2006 13:04:47 +0000 Subject: r16122: As we use 'inetOrgPerson' as structural objectclass for new accounts for eDir, we already add 'sn' as required attribute on LDAP add operations. When we modify an entry, we need to request 'sn' as well in our attribute lists, so that we don't try to add it a second time. Guenther (This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 6cfde13f4a..ae54e66b36 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -101,6 +101,7 @@ struct smbldap_state; #define LDAP_ATTR_MOD_TIMESTAMP 41 #define LDAP_ATTR_LOGON_HOURS 42 #define LDAP_ATTR_TRUST_PASSWD_FLAGS 43 +#define LDAP_ATTR_SN 44 typedef struct _attrib_map_entry { -- cgit From 4225f9a4bd5eece4d57820bbabb7b882610aa7cc Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 12 Dec 2006 14:52:13 +0000 Subject: r20116: Start merging in the work done to create the new idmap subsystem. Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b) --- source3/include/smbldap.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index ae54e66b36..b261ca82fd 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -158,8 +158,12 @@ struct smbldap_state { time_t last_ping; /* retrive-once info */ const char *uri; + + /* credentials */ + BOOL anonimous; char *bind_dn; char *bind_secret; + BOOL paged_results; unsigned int num_failures; -- cgit From 55e70f69871f43328cc05104c150f76212eb369a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 16 Dec 2006 17:54:16 +0000 Subject: r20215: Next step trying to fix the Solaris build. I think "anonimous" is correctly spelled "anonymous". The Solaris compile is referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check. Thanks, Volker (This used to be commit a77d8fa08e5a7c9c0c7c415ce3b7848b265b4b95) --- source3/include/smbldap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index b261ca82fd..390b8f681a 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -160,7 +160,7 @@ struct smbldap_state { const char *uri; /* credentials */ - BOOL anonimous; + BOOL anonymous; char *bind_dn; char *bind_secret; -- cgit From 0d91334fe799f6b50a8265f9dc097411c3a29e18 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Mar 2007 16:49:16 +0000 Subject: r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997) --- source3/include/smbldap.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 390b8f681a..67061fec86 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -128,6 +128,7 @@ extern ATTRIB_MAP_ENTRY trustpw_attr_list[]; have to worry about LDAP structure types */ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, const char *location, struct smbldap_state **smbldap_state); @@ -169,7 +170,8 @@ struct smbldap_state { unsigned int num_failures; time_t last_use; - smb_event_id_t event_id; + struct event_context *event_context; + struct timed_event *idle_event; struct timeval last_rebind; }; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/include/smbldap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 67061fec86..54807d2c27 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/include/smbldap.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 54807d2c27..bc438a98de 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From e16f8188eaee0d4b8e059bea755100a98ac1867d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 11 Sep 2007 16:50:32 +0000 Subject: r25092: Add support for storing trusted domain passwords in LDAP for passdb backend = ldapsam. Along with reproducing the functionality of the secrets.tdb code, I have prepared the handling of the previous trust password (in case we are contacting a dc which does not yet know of a recent password change). This information has still to be propagated to the outside, but this requires a change of the api and also a change of the secrets.tdb code. Michael (This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f) --- source3/include/smbldap.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index bc438a98de..c05f53ae31 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -40,6 +40,7 @@ struct smbldap_state; #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" #define LDAP_OBJ_TRUST_PASSWORD "sambaTrustPassword" +#define LDAP_OBJ_TRUSTDOM_PASSWORD "sambaTrustedDomainPassword" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/include/smbldap.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index c05f53ae31..3e2c878dbe 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -138,10 +138,10 @@ void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, con void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval); -BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, +bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, char *value, int max_len); -BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, +bool smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, pstring value); char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry); int smbldap_modify(struct smbldap_state *ldap_state, @@ -161,11 +161,11 @@ struct smbldap_state { const char *uri; /* credentials */ - BOOL anonymous; + bool anonymous; char *bind_dn; char *bind_secret; - BOOL paged_results; + bool paged_results; unsigned int num_failures; -- cgit From 1cd1c9db3f3350dd4585d96457e918652557855c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Nov 2007 22:22:35 -0800 Subject: Remove unused prototype for smbldap_get_single_pstring(). Don't use pstr_sprintf() on an fstring - change to talloc. Jeremy. (This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274) --- source3/include/smbldap.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 3e2c878dbe..d9d7aca98e 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -141,8 +141,6 @@ void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, char *value, int max_len); -bool smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value); char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry); int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, -- cgit From d8b234648cbc18c02d2c79a32be766080c61b42a Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Mon, 26 May 2008 11:29:24 +0200 Subject: Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can be controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544 (This used to be commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06) --- source3/include/smbldap.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index d9d7aca98e..79e0a38b0e 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -220,7 +220,8 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, #endif /* HAVE_LDAP */ -#define LDAP_CONNECT_DEFAULT_TIMEOUT 15 +#define LDAP_DEFAULT_TIMEOUT 15 +#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2 #define LDAP_PAGE_SIZE 1024 #endif /* _SMBLDAP_H */ -- cgit From 799252f635a4cf1790a24f9ba8765dba9fb7df86 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 26 Jun 2008 19:46:18 -0700 Subject: Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings. Jeremy. (This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366) --- source3/include/smbldap.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/include/smbldap.h') diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 79e0a38b0e..a2cb8c5eea 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -218,6 +218,13 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry); +#else +#define LDAP void +#define LDAPMod void +#define LDAP_CONST const +#define LDAPControl void +struct berval; +struct ldapsam_privates; #endif /* HAVE_LDAP */ #define LDAP_DEFAULT_TIMEOUT 15 -- cgit