From 3bdfd57a2dc590896a2e45652ad4f5e3c2358108 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 5 Jun 2003 02:34:30 +0000 Subject: working draft of the idmap_ldap code. Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350) --- source3/lib/smbldap.c | 259 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 259 insertions(+) create mode 100644 source3/lib/smbldap.c (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c new file mode 100644 index 0000000000..5dbea0669f --- /dev/null +++ b/source3/lib/smbldap.c @@ -0,0 +1,259 @@ +/* + Unix SMB/CIFS mplementation. + LDAP protocol helper functions for SAMBA + Copyright (C) Gerald Carter 2001-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "includes.h" +#include "smbldap.h" + +/* attributes used by Samba 2.2 */ + +ATTRIB_MAP_ENTRY attrib_map_v22[] = { + { LDAP_ATTR_UID, "uid" }, + { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, + { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_UNIX_HOME, "homeDirectory" }, + { LDAP_ATTR_PWD_LAST_SET, "pwdLastSet" }, + { LDAP_ATTR_PWD_CAN_CHANGE, "pwdCanChange" }, + { LDAP_ATTR_PWD_MUST_CHANGE, "pwdMustChange" }, + { LDAP_ATTR_LOGON_TIME, "logonTime" }, + { LDAP_ATTR_LOGOFF_TIME, "logoffTime" }, + { LDAP_ATTR_KICKOFF_TIME, "kickoffTime" }, + { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_HOME_PATH, "smbHome" }, + { LDAP_ATTR_HOME_DRIVE, "homeDrives" }, + { LDAP_ATTR_LOGON_SCRIPT, "scriptPath" }, + { LDAP_ATTR_PROFILE_PATH, "profilePath" }, + { LDAP_ATTR_DESC, "description" }, + { LDAP_ATTR_USER_WKS, "userWorkstations"}, + { LDAP_ATTR_USER_RID, "rid" }, + { LDAP_ATTR_PRIMARY_GROUP_RID, "primaryGroupID"}, + { LDAP_ATTR_LMPW, "lmPassword" }, + { LDAP_ATTR_NTPW, "ntPassword" }, + { LDAP_ATTR_DOMAIN, "domain" }, + { LDAP_ATTR_OBJCLASS, "objectClass" }, + { LDAP_ATTR_ACB_INFO, "acctFlags" }, + { LDAP_ATTR_LIST_END, NULL } +}; + +/* attributes used by Samba 3.0's sambaSamAccount */ + +ATTRIB_MAP_ENTRY attrib_map_v30[] = { + { LDAP_ATTR_UID, "uid" }, + { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, + { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_UNIX_HOME, "homeDirectory" }, + { LDAP_ATTR_PWD_LAST_SET, "sambaPwdLastSet" }, + { LDAP_ATTR_PWD_CAN_CHANGE, "sambaPwdCanChange" }, + { LDAP_ATTR_PWD_MUST_CHANGE, "sambaPwdMustChange" }, + { LDAP_ATTR_LOGON_TIME, "sambaLogonTime" }, + { LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" }, + { LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" }, + { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" }, + { LDAP_ATTR_HOME_PATH, "sambaHomePath" }, + { LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" }, + { LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" }, + { LDAP_ATTR_DESC, "description" }, + { LDAP_ATTR_USER_WKS, "sambaUserWorkstations" }, + { LDAP_ATTR_USER_SID, "sambaSID" }, + { LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" }, + { LDAP_ATTR_LMPW, "sambaLMPassword" }, + { LDAP_ATTR_NTPW, "sambaNTPassword" }, + { LDAP_ATTR_DOMAIN, "sambaDomainName" }, + { LDAP_ATTR_OBJCLASS, "objectClass" }, + { LDAP_ATTR_ACB_INFO, "sambaAcctFlags" }, + { LDAP_ATTR_LIST_END, NULL } +}; + +/* attributes used for alalocating RIDs */ + +ATTRIB_MAP_ENTRY dominfo_attr_list[] = { + { LDAP_ATTR_DOMAIN, "sambaDomainName" }, + { LDAP_ATTR_NEXT_USERRID, "sambaNextUserRid" }, + { LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" }, + { LDAP_ATTR_DOM_SID, "sambaSID" }, + { LDAP_ATTR_LIST_END, NULL }, +}; + +/* Samba 3.0 group mapping attributes */ + +ATTRIB_MAP_ENTRY groupmap_attr_list[] = { + { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, + { LDAP_ATTR_DESC, "description" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_LIST_END, NULL } +}; + +ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { + { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, + { LDAP_ATTR_DESC, "description" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_LIST_END, NULL } +}; + +/* idmap_ldap samba[U|G]idPool */ + +ATTRIB_MAP_ENTRY idpool_attr_list[] = { + { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, + { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_LIST_END, NULL } +}; + +ATTRIB_MAP_ENTRY sidmap_attr_list[] = { + { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, + { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_LIST_END, NULL } +}; + +/********************************************************************** + perform a simple table lookup and return the attribute name + **********************************************************************/ + +const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ) +{ + int i = 0; + + while ( table[i].attrib != LDAP_ATTR_LIST_END ) { + if ( table[i].attrib == key ) + return table[i].name; + i++; + } + + return NULL; +} + + +/********************************************************************** + Return the list of attribute names from a mapping table + **********************************************************************/ + +char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) +{ + char **names; + int i = 0; + + while ( table[i].attrib != LDAP_ATTR_LIST_END ) + i++; + i++; + + names = (char**)malloc( sizeof(char*)*i ); + if ( !names ) { + DEBUG(0,("get_attr_list: out of memory\n")); + return NULL; + } + + i = 0; + while ( table[i].attrib != LDAP_ATTR_LIST_END ) { + names[i] = strdup( table[i].name ); + i++; + } + names[i] = NULL; + + return names; +} + +/********************************************************************* + Cleanup + ********************************************************************/ + +void free_attr_list( char **list ) +{ + int i = 0; + + if ( !list ) + return; + + while ( list[i] ) + SAFE_FREE( list[i] ); + + SAFE_FREE( list ); +} + +/******************************************************************* + find the ldap password +******************************************************************/ +BOOL fetch_ldap_pw(char **dn, char** pw) +{ + char *key = NULL; + size_t size; + + *dn = smb_xstrdup(lp_ldap_admin_dn()); + + if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { + SAFE_FREE(*dn); + DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n")); + } + + *pw=secrets_fetch(key, &size); + SAFE_FREE(key); + + if (!size) { + /* Upgrade 2.2 style entry */ + char *p; + char* old_style_key = strdup(*dn); + char *data; + fstring old_style_pw; + + if (!old_style_key) { + DEBUG(0, ("fetch_ldap_pw: strdup failed!\n")); + return False; + } + + for (p=old_style_key; *p; p++) + if (*p == ',') *p = '/'; + + data=secrets_fetch(old_style_key, &size); + if (!size && size < sizeof(old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + + strncpy(old_style_pw, data, size); + old_style_pw[size] = 0; + + SAFE_FREE(data); + + if (!secrets_store_ldap_pw(*dn, old_style_pw)) { + DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); + SAFE_FREE(old_style_key); + SAFE_FREE(*dn); + return False; + } + if (!secrets_delete(old_style_key)) { + DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); + } + + SAFE_FREE(old_style_key); + + *pw = smb_xstrdup(old_style_pw); + } + + return True; +} + -- cgit From 711f8d0a13c6854f8c552a9561571d26fa5e9884 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 6 Jun 2003 13:48:39 +0000 Subject: * break out more common code used between pdb_ldap and idmap_ldap * remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f) --- source3/lib/smbldap.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 93 insertions(+), 6 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 5dbea0669f..bb37222d5a 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -74,7 +74,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_USER_WKS, "sambaUserWorkstations" }, - { LDAP_ATTR_USER_SID, "sambaSID" }, + { LDAP_ATTR_USER_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" }, { LDAP_ATTR_LMPW, "sambaLMPassword" }, { LDAP_ATTR_NTPW, "sambaNTPassword" }, @@ -90,7 +90,7 @@ ATTRIB_MAP_ENTRY dominfo_attr_list[] = { { LDAP_ATTR_DOMAIN, "sambaDomainName" }, { LDAP_ATTR_NEXT_USERRID, "sambaNextUserRid" }, { LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" }, - { LDAP_ATTR_DOM_SID, "sambaSID" }, + { LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_LIST_END, NULL }, }; @@ -98,7 +98,7 @@ ATTRIB_MAP_ENTRY dominfo_attr_list[] = { ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, - { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, @@ -107,14 +107,14 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = { }; ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { - { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_LIST_END, NULL } }; -/* idmap_ldap samba[U|G]idPool */ +/* idmap_ldap sambaUnixIdPool */ ATTRIB_MAP_ENTRY idpool_attr_list[] = { { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, @@ -123,7 +123,7 @@ ATTRIB_MAP_ENTRY idpool_attr_list[] = { }; ATTRIB_MAP_ENTRY sidmap_attr_list[] = { - { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, { LDAP_ATTR_LIST_END, NULL } @@ -257,3 +257,90 @@ BOOL fetch_ldap_pw(char **dn, char** pw) return True; } +/************************************************************************ + Routine to manage the LDAPMod structure array + manage memory used by the array, by each struct, and values + ***********************************************************************/ + +void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) +{ + LDAPMod **mods; + int i; + int j; + + mods = *modlist; + + /* sanity checks on the mod values */ + + if (attribute == NULL || *attribute == '\0') + return; +#if 0 /* commented out after discussion with abartlet. Do not reenable. + left here so other so re-add similar code --jerry */ + if (value == NULL || *value == '\0') + return; +#endif + + if (mods == NULL) + { + mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); + if (mods == NULL) + { + DEBUG(0, ("make_a_mod: out of memory!\n")); + return; + } + mods[0] = NULL; + } + + for (i = 0; mods[i] != NULL; ++i) { + if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute)) + break; + } + + if (mods[i] == NULL) + { + mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); + if (mods == NULL) + { + DEBUG(0, ("make_a_mod: out of memory!\n")); + return; + } + mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); + if (mods[i] == NULL) + { + DEBUG(0, ("make_a_mod: out of memory!\n")); + return; + } + mods[i]->mod_op = modop; + mods[i]->mod_values = NULL; + mods[i]->mod_type = strdup(attribute); + mods[i + 1] = NULL; + } + + if (value != NULL) + { + char *utf8_value = NULL; + + j = 0; + if (mods[i]->mod_values != NULL) { + for (; mods[i]->mod_values[j] != NULL; j++); + } + mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, + (j + 2) * sizeof (char *)); + + if (mods[i]->mod_values == NULL) { + DEBUG (0, ("make_a_mod: Memory allocation failure!\n")); + return; + } + + if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) { + DEBUG (0, ("make_a_mod: String conversion failure!\n")); + return; + } + + mods[i]->mod_values[j] = utf8_value; + + mods[i]->mod_values[j + 1] = NULL; + } + *modlist = mods; +} + -- cgit From f70cc4cdc188fd8bf9f8f84cb55d15c122e463dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 21 Jun 2003 00:45:03 +0000 Subject: This patch works towards to goal of common code shared between idmap_ldap and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff) --- source3/lib/smbldap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index bb37222d5a..b627134446 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -262,7 +262,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) manage memory used by the array, by each struct, and values ***********************************************************************/ -void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) +void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) { LDAPMod **mods; int i; @@ -344,3 +344,4 @@ void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const *modlist = mods; } + -- cgit From eb61c8238298e97644202139e6d7f55e46eb9c26 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Jun 2003 12:51:58 +0000 Subject: Patch to move functions directly from pdb_ldap.c into lib/smbldap.c The functions are unchanged. Next step is to make idmap_ldap use them. Andrew Bartlett (This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e) --- source3/lib/smbldap.c | 733 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 729 insertions(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index b627134446..8401787317 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1,7 +1,11 @@ /* Unix SMB/CIFS mplementation. LDAP protocol helper functions for SAMBA + Copyright (C) Jean François Micouleau 1998 Copyright (C) Gerald Carter 2001-2003 + Copyright (C) Shahms King 2001 + Copyright (C) Andrew Bartlett 2002-2003 + Copyright (C) Stefan (metze) Metzmacher 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +26,16 @@ #include "includes.h" #include "smbldap.h" +#ifndef LDAP_OPT_SUCCESS +#define LDAP_OPT_SUCCESS 0 +#endif + +/* Try not to hit the up or down server forever */ + +#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ +#define SMBLDAP_NUM_RETRIES 8 /* retry only 8 times */ + + /* attributes used by Samba 2.2 */ ATTRIB_MAP_ENTRY attrib_map_v22[] = { @@ -133,7 +147,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { perform a simple table lookup and return the attribute name **********************************************************************/ -const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ) + const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ) { int i = 0; @@ -151,7 +165,7 @@ const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key ) Return the list of attribute names from a mapping table **********************************************************************/ -char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) + char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) { char **names; int i = 0; @@ -180,7 +194,7 @@ char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) Cleanup ********************************************************************/ -void free_attr_list( char **list ) + void free_attr_list( char **list ) { int i = 0; @@ -262,7 +276,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) manage memory used by the array, by each struct, and values ***********************************************************************/ -void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) + void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value) { LDAPMod **mods; int i; @@ -345,3 +359,714 @@ void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, con } +/********************************************************************** + Set attribute to newval in LDAP, regardless of what value the + attribute had in LDAP before. +*********************************************************************/ + void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, + LDAPMod ***mods, + const char *attribute, const char *newval) +{ + char **values = NULL; + + if (existing != NULL) { + values = ldap_get_values(ldap_struct, existing, attribute); + } + + /* all of our string attributes are case insensitive */ + + if ((values != NULL) && (values[0] != NULL) && + StrCaseCmp(values[0], newval) == 0) + { + + /* Believe it or not, but LDAP will deny a delete and + an add at the same time if the values are the + same... */ + + ldap_value_free(values); + return; + } + + /* Regardless of the real operation (add or modify) + we add the new value here. We rely on deleting + the old value, should it exist. */ + + if ((newval != NULL) && (strlen(newval) > 0)) { + smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); + } + + if (values == NULL) { + /* There has been no value before, so don't delete it. + Here's a possible race: We might end up with + duplicate attributes */ + return; + } + + /* By deleting exactly the value we found in the entry this + should be race-free in the sense that the LDAP-Server will + deny the complete operation if somebody changed the + attribute behind our back. */ + + smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, values[0]); + ldap_value_free(values); +} + + +/********************************************************************** + Some varients of the LDAP rebind code do not pass in the third 'arg' + pointer to a void*, so we try and work around it by assuming that the + value of the 'LDAP *' pointer is the same as the one we had passed in + **********************************************************************/ + +struct smbldap_state_lookup { + LDAP *ld; + struct smbldap_state *smbldap_state; + struct smbldap_state_lookup *prev, *next; +}; + +static struct smbldap_state_lookup *smbldap_state_lookup_list; + +static struct smbldap_state *smbldap_find_state(LDAP *ld) +{ + struct smbldap_state_lookup *t; + + for (t = smbldap_state_lookup_list; t; t = t->next) { + if (t->ld == ld) { + return t->smbldap_state; + } + } + return NULL; +} + +static void smbldap_delete_state(struct smbldap_state *smbldap_state) +{ + struct smbldap_state_lookup *t; + + for (t = smbldap_state_lookup_list; t; t = t->next) { + if (t->smbldap_state == smbldap_state) { + DLIST_REMOVE(smbldap_state_lookup_list, t); + SAFE_FREE(t); + return; + } + } +} + +static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) +{ + struct smbldap_state *tmp_ldap_state; + struct smbldap_state_lookup *t; + struct smbldap_state_lookup *tmp; + + if ((tmp_ldap_state = smbldap_find_state(ld))) { + SMB_ASSERT(tmp_ldap_state == smbldap_state); + return; + } + + t = smb_xmalloc(sizeof(*t)); + ZERO_STRUCTP(t); + + DLIST_ADD_END(smbldap_state_lookup_list, t, tmp); + t->ld = ld; + t->smbldap_state = smbldap_state; +} + +/******************************************************************* + open a connection to the ldap server. +******************************************************************/ +static int smbldap_open_connection (struct smbldap_state *ldap_state) + +{ + int rc = LDAP_SUCCESS; + int version; + BOOL ldap_v3 = False; + LDAP **ldap_struct = &ldap_state->ldap_struct; + +#ifdef HAVE_LDAP_INITIALIZE + DEBUG(10, ("smbldap_open_connection: %s\n", ldap_state->uri)); + + if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) { + DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); + return rc; + } +#else + + /* Parse the string manually */ + + { + int port = 0; + fstring protocol; + fstring host; + const char *p = ldap_state->uri; + SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); + + /* skip leading "URL:" (if any) */ + if ( strncasecmp( p, "URL:", 4 ) == 0 ) { + p += 4; + } + + sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); + + if (port == 0) { + if (strequal(protocol, "ldap")) { + port = LDAP_PORT; + } else if (strequal(protocol, "ldaps")) { + port = LDAPS_PORT; + } else { + DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); + } + } + + if ((*ldap_struct = ldap_init(host, port)) == NULL) { + DEBUG(0, ("ldap_init failed !\n")); + return LDAP_OPERATIONS_ERROR; + } + + if (strequal(protocol, "ldaps")) { +#ifdef LDAP_OPT_X_TLS + int tls = LDAP_OPT_X_TLS_HARD; + if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) + { + DEBUG(0, ("Failed to setup a TLS session\n")); + } + + DEBUG(3,("LDAPS option set...!\n")); +#else + DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + } +#endif + + /* Store the LDAP pointer in a lookup list */ + + smbldap_store_state(*ldap_struct, ldap_state); + + /* Upgrade to LDAPv3 if possible */ + + if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) + { + if (version != LDAP_VERSION3) + { + version = LDAP_VERSION3; + if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { + ldap_v3 = True; + } + } else { + ldap_v3 = True; + } + } + + if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { +#ifdef LDAP_OPT_X_TLS + if (ldap_v3) { + if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) + { + DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", + ldap_err2string(rc))); + return rc; + } + DEBUG (3, ("StartTLS issued: using a TLS connection\n")); + } else { + + DEBUG(0, ("Need LDAPv3 for Start TLS\n")); + return LDAP_OPERATIONS_ERROR; + } +#else + DEBUG(0,("smbldap_open_connection: StartTLS not supported by LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif + } + + DEBUG(2, ("smbldap_open_connection: connection opened\n")); + return rc; +} + + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, + int *methodp, int freeit, void *arg) +{ + struct smbldap_state *ldap_state = arg; + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + if (freeit) { + SAFE_FREE(*whop); + memset(*credp, '\0', strlen(*credp)); + SAFE_FREE(*credp); + } else { + DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", + ldap_state->bind_dn)); + + *whop = strdup(ldap_state->bind_dn); + if (!*whop) { + return LDAP_NO_MEMORY; + } + *credp = strdup(ldap_state->bind_secret); + if (!*credp) { + SAFE_FREE(*whop); + return LDAP_NO_MEMORY; + } + *methodp = LDAP_AUTH_SIMPLE; + } + return 0; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + This version takes a void* that we can shove useful stuff in :-) + and actually does the connection. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +static int rebindproc_connect_with_state (LDAP *ldap_struct, + LDAP_CONST char *url, + ber_tag_t request, + ber_int_t msgid, void *arg) +{ + struct smbldap_state *ldap_state = arg; + int rc; + DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", + ldap_state->bind_dn)); + + /** @TODO Should we be doing something to check what servers we rebind to? + Could we get a referral to a machine that we don't want to give our + username and password to? */ + + rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); + + return rc; +} +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + Add a rebind function for authenticated referrals +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +#else +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, + int *method, int freeit ) +{ + struct smbldap_state *ldap_state = smbldap_find_state(ldap_struct); + + return rebindproc_with_state(ldap_struct, whop, credp, + method, freeit, ldap_state); + +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + a rebind function for authenticated referrals + this also does the connection, but no void*. +******************************************************************/ +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 +static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, + ber_int_t msgid) +{ + struct smbldap_state *ldap_state = smbldap_find_state(ld); + + return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid, + ldap_state); +} +# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + +/******************************************************************* + connect to the ldap server under system privilege. +******************************************************************/ +static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_struct) +{ + int rc; + char *ldap_dn; + char *ldap_secret; + + /* get the password */ + if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) + { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_INVALID_CREDENTIALS; + } + + ldap_state->bind_dn = ldap_dn; + ldap_state->bind_secret = ldap_secret; + + /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite + (OpenLDAP) doesnt' seem to support it */ + + DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", + ldap_state->uri, ldap_dn)); + +#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state); +# endif +#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ +# if LDAP_SET_REBIND_PROC_ARGS == 2 + ldap_set_rebind_proc(ldap_struct, &rebindproc); +# endif +# if LDAP_SET_REBIND_PROC_ARGS == 3 + ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); +# endif +#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ + + rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(ldap_state->num_failures ? 2 : 0, + ("failed to bind to server with dn= %s Error: %s\n\t%s\n", + ldap_dn ? ldap_dn : "(unknown)", ldap_err2string(rc), + ld_error ? ld_error : "(unknown)")); + SAFE_FREE(ld_error); + ldap_state->num_failures++; + return rc; + } + + ldap_state->num_failures = 0; + + DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n")); + return rc; +} + +/********************************************************************** +Connect to LDAP server (called before every ldap operation) +*********************************************************************/ +static int smbldap_open(struct smbldap_state *ldap_state) +{ + int rc; + SMB_ASSERT(ldap_state); + +#ifndef NO_LDAP_SECURITY + if (geteuid() != 0) { + DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); + return LDAP_INSUFFICIENT_ACCESS; + } +#endif + + if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) { + struct sockaddr_un addr; + socklen_t len = sizeof(addr); + int sd; + if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && + getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { + /* the other end has died. reopen. */ + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + ldap_state->last_ping = (time_t)0; + } else { + ldap_state->last_ping = time(NULL); + } + } + + if (ldap_state->ldap_struct != NULL) { + DEBUG(5,("smbldap_open: already connected to the LDAP server\n")); + return LDAP_SUCCESS; + } + + if ((rc = smbldap_open_connection(ldap_state))) { + return rc; + } + + if ((rc = smbldap_connect_system(ldap_state, ldap_state->ldap_struct))) { + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + return rc; + } + + + ldap_state->last_ping = time(NULL); + DEBUG(4,("The LDAP server is succesful connected\n")); + + return LDAP_SUCCESS; +} + +/********************************************************************** +Disconnect from LDAP server +*********************************************************************/ +static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) +{ + if (!ldap_state) + return NT_STATUS_INVALID_PARAMETER; + + if (ldap_state->ldap_struct != NULL) { + ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_state->ldap_struct = NULL; + } + + smbldap_delete_state(ldap_state); + + DEBUG(5,("The connection to the LDAP server was closed\n")); + /* maybe free the results here --metze */ + + + + return NT_STATUS_OK; +} + +static int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts) +{ + int rc; + + SMB_ASSERT(ldap_state && attempts); + + if (*attempts != 0) { + unsigned int sleep_time; + uint8 rand_byte; + + /* Sleep for a random timeout */ + rand_byte = (char)(sys_random()); + + sleep_time = (((*attempts)*(*attempts))/2)*rand_byte*2; + /* we retry after (0.5, 1, 2, 3, 4.5, 6) seconds + on average. + */ + DEBUG(3, ("Sleeping for %u milliseconds before reconnecting\n", + sleep_time)); + msleep(sleep_time); + } + (*attempts)++; + + if ((rc = smbldap_open(ldap_state))) { + DEBUG(1,("Connection to LDAP Server failed for the %d try!\n",*attempts)); + return rc; + } + + return LDAP_SUCCESS; +} + + +/********************************************************************* + ********************************************************************/ + +int smbldap_search(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + char *attrs[], int attrsonly, + LDAPMessage **res) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + char *utf8_filter; + + SMB_ASSERT(ldap_state); + + if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) { + return LDAP_NO_MEMORY; + } + + while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { + + if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_search_s(ldap_state->ldap_struct, base, scope, + utf8_filter, attrs, attrsonly, res); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smbldap_close(ldap_state); + } + + SAFE_FREE(utf8_filter); + return rc; +} + +int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + char *utf8_dn; + + SMB_ASSERT(ldap_state); + + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + return LDAP_NO_MEMORY; + } + + while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { + + if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smbldap_close(ldap_state); + } + + SAFE_FREE(utf8_dn); + return rc; +} + +int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + char *utf8_dn; + + SMB_ASSERT(ldap_state); + + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + return LDAP_NO_MEMORY; + } + + while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { + + if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smbldap_close(ldap_state); + } + + SAFE_FREE(utf8_dn); + return rc; +} + +int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + char *utf8_dn; + + SMB_ASSERT(ldap_state); + + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + return LDAP_NO_MEMORY; + } + + while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { + + if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smbldap_close(ldap_state); + } + + SAFE_FREE(utf8_dn); + return rc; +} + +int smbldap_extended_operation(struct smbldap_state *ldap_state, + LDAP_CONST char *reqoid, struct berval *reqdata, + LDAPControl **serverctrls, LDAPControl **clientctrls, + char **retoidp, struct berval **retdatap) +{ + int rc = LDAP_SERVER_DOWN; + int attempts = 0; + + if (!ldap_state) + return (-1); + + while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { + + if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) + continue; + + rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, + serverctrls, clientctrls, retoidp, retdatap); + } + + if (rc == LDAP_SERVER_DOWN) { + DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); + smbldap_close(ldap_state); + } + + return rc; +} + +/******************************************************************* + run the search by name. +******************************************************************/ +int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, + char **search_attr, LDAPMessage ** result) +{ + int scope = LDAP_SCOPE_SUBTREE; + int rc; + + DEBUG(2, ("smbldap_search_suffix: searching for:[%s]\n", filter)); + + rc = smbldap_search(ldap_state, lp_ldap_suffix(), scope, filter, search_attr, 0, result); + + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, + &ld_error); + DEBUG(0,("smbldap_search_suffix: Problem during the LDAP search: %s (%s)\n", + ld_error?ld_error:"(unknown)", ldap_err2string (rc))); + DEBUG(3,("smbldap_search_suffix: Query was: %s, %s\n", lp_ldap_suffix(), + filter)); + SAFE_FREE(ld_error); + } + + return rc; +} + +/********************************************************************** + Housekeeping + *********************************************************************/ + +void smbldap_free_struct(struct smbldap_state **ldap_state) +{ + smbldap_close(*ldap_state); + + if ((*ldap_state)->bind_secret) { + memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret)); + } + + SAFE_FREE((*ldap_state)->bind_dn); + SAFE_FREE((*ldap_state)->bind_secret); + + *ldap_state = NULL; + + /* No need to free any further, as it is talloc()ed */ +} + + +/********************************************************************** + Intitalise the 'general' ldap structures, on which ldap operations may be conducted + *********************************************************************/ + +NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) +{ + *smbldap_state = talloc_zero(mem_ctx, sizeof(**smbldap_state)); + if (!*smbldap_state) { + DEBUG(0, ("talloc() failed for ldapsam private_data!\n")); + return NT_STATUS_NO_MEMORY; + } + + if (location) { + (*smbldap_state)->uri = talloc_strdup(mem_ctx, location); + } else { + (*smbldap_state)->uri = "ldap://localhost"; + } + return NT_STATUS_OK; +} + -- cgit From 4168d61fb22e19a248a6c3d3ad43e2f73e37fc6a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Jul 2003 13:29:42 +0000 Subject: This patch cleans up some of our ldap code, for better behaviour: We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e) --- source3/lib/smbldap.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 8401787317..f65860d1b8 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -102,9 +102,11 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { ATTRIB_MAP_ENTRY dominfo_attr_list[] = { { LDAP_ATTR_DOMAIN, "sambaDomainName" }, + { LDAP_ATTR_NEXT_RID, "sambaNextRid" }, { LDAP_ATTR_NEXT_USERRID, "sambaNextUserRid" }, { LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" }, { LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID }, + { LDAP_ATTR_ALGORITHMIC_RID_BASE,"sambaAlgorithmicRidBase"}, { LDAP_ATTR_LIST_END, NULL }, }; @@ -271,6 +273,40 @@ BOOL fetch_ldap_pw(char **dn, char** pw) return True; } +/******************************************************************* +search an attribute and return the first value found. +******************************************************************/ + BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, + const char *attribute, pstring value) +{ + char **values; + + if ( !attribute ) + return False; + + value[0] = '\0'; + + if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { + DEBUG (10, ("smbldap_get_single_attribute: [%s] = []\n", attribute)); + + return False; + } + + if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, sizeof(pstring)) == (size_t)-1) + { + DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n", + attribute, values[0])); + ldap_value_free(values); + return False; + } + + ldap_value_free(values); +#ifdef DEBUG_PASSWORDS + DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", attribute, value)); +#endif + return True; +} + /************************************************************************ Routine to manage the LDAPMod structure array manage memory used by the array, by each struct, and values @@ -819,7 +855,7 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) return NT_STATUS_OK; } -static int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts) +int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts) { int rc; -- cgit From a3ddfa5069c9df07626135aa5fd2ec411c41943f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jul 2003 09:46:12 +0000 Subject: Fixes to our LDAP/vampire codepaths: - Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0) --- source3/lib/smbldap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f65860d1b8..e0c6aab617 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -107,6 +107,7 @@ ATTRIB_MAP_ENTRY dominfo_attr_list[] = { { LDAP_ATTR_NEXT_GROUPRID, "sambaNextGroupRid" }, { LDAP_ATTR_DOM_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_ALGORITHMIC_RID_BASE,"sambaAlgorithmicRidBase"}, + { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_LIST_END, NULL }, }; @@ -119,6 +120,7 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -135,6 +137,7 @@ ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { ATTRIB_MAP_ENTRY idpool_attr_list[] = { { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -142,6 +145,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_UIDNUMBER, LDAP_ATTRIBUTE_UIDNUMBER}, { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, + { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From 0b18acb841f6a372b3aa285d4734875e5e35fe3b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 7 Jul 2003 05:11:10 +0000 Subject: and so it begins.... * remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e0c6aab617..cba73d386c 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -815,7 +815,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) } if (ldap_state->ldap_struct != NULL) { - DEBUG(5,("smbldap_open: already connected to the LDAP server\n")); + DEBUG(11,("smbldap_open: already connected to the LDAP server\n")); return LDAP_SUCCESS; } -- cgit From 03d5867d529f126da368ebda70bf2d997aa602e0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Jul 2003 05:33:40 +0000 Subject: moving more code around. * move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d) --- source3/lib/smbldap.c | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index cba73d386c..21e3383acd 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1110,3 +1110,151 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } +/********************************************************************** + Add the sambaDomain to LDAP, so we don't have to search for this stuff + again. This is a once-add operation for now. + + TODO: Add other attributes, and allow modification. +*********************************************************************/ +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) +{ + fstring sid_string; + fstring algorithmic_rid_base_string; + pstring filter, dn; + LDAPMod **mods = NULL; + int rc; + int ldap_op; + LDAPMessage *result = NULL; + int num_result; + char **attr_list; + + slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, LDAP_OBJ_DOMINFO); + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Check if we need to add an entry */ + DEBUG(3,("Adding new domain\n")); + ldap_op = LDAP_MOD_ADD; + + snprintf(dn, sizeof(dn), "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + /* Free original search */ + ldap_msgfree(result); + + /* make the changes - the entry *must* not already have samba attributes */ + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. + It may choose to make it up */ + + sid_to_string(sid_string, get_global_sam_sid()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); + + slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + algorithmic_rid_base_string); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + switch(ldap_op) + { + case LDAP_MOD_ADD: + rc = smbldap_add(ldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state, dn, mods); + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); + return NT_STATUS_INVALID_PARAMETER; + } + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", + ldap_op == LDAP_MOD_ADD ? "add" : "modify", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + ldap_mods_free(mods, True); + return NT_STATUS_OK; +} + +/********************************************************************** +Search for the domain info entry +*********************************************************************/ +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + BOOL try_add) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + pstring filter; + int rc; + char **attr_list; + int count; + + snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_DOMINFO, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + DEBUG(2, ("Searching for:[%s]\n", filter)); + + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); + ldap_msgfree(*result); + *result = NULL; + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + } + else { + DEBUG(0, ("Adding domain info for %s failed with %s\n", + domain_name, nt_errstr(ret))); + return ret; + } + } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + count, domain_name)); + ldap_msgfree(*result); + *result = NULL; + return ret; + } else { + return NT_STATUS_OK; + } + + return ret; +} + -- cgit From 032232bd6672853548f3b9fcafc8e42b74e56e53 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Jul 2003 16:46:20 +0000 Subject: Fix memleak (This used to be commit 6770d69942a8841fb25448a8a238af7987ec860c) --- source3/lib/smbldap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 21e3383acd..39c1990dec 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -207,8 +207,10 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if ( !list ) return; - while ( list[i] ) + while ( list[i] ) { SAFE_FREE( list[i] ); + i+=1; + } SAFE_FREE( list ); } -- cgit From 9ec9df5fe42cebca8db5cdb01a0dbfc563c815fc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Jul 2003 11:24:54 +0000 Subject: Disconnect an idle LDAP connection after 150 seconds. Not strictly a bugfix, but it should considerably reduce the load we put on LDAP servers given that at least nss_ldap on Linux keeps a connection open. And it should also stress our reconnect-code a bit more ;-) Thanks to metze for this! Volker (This used to be commit e68d8eabeb9c64dc45d057619f9b3dd0cd507444) --- source3/lib/smbldap.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 39c1990dec..7c2409312b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -5,7 +5,7 @@ Copyright (C) Gerald Carter 2001-2003 Copyright (C) Shahms King 2001 Copyright (C) Andrew Bartlett 2002-2003 - Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Stefan (metze) Metzmacher 2002-2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -35,6 +35,8 @@ #define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ #define SMBLDAP_NUM_RETRIES 8 /* retry only 8 times */ +#define SMBLDAP_IDLE_TIME 150 /* After 2.5 minutes disconnect */ + /* attributes used by Samba 2.2 */ @@ -925,6 +927,8 @@ int smbldap_search(struct smbldap_state *ldap_state, smbldap_close(ldap_state); } + ldap_state->last_use = time(NULL); + SAFE_FREE(utf8_filter); return rc; } @@ -954,6 +958,8 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at smbldap_close(ldap_state); } + ldap_state->last_use = time(NULL); + SAFE_FREE(utf8_dn); return rc; } @@ -983,6 +989,8 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs smbldap_close(ldap_state); } + ldap_state->last_use = time(NULL); + SAFE_FREE(utf8_dn); return rc; } @@ -1012,6 +1020,8 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) smbldap_close(ldap_state); } + ldap_state->last_use = time(NULL); + SAFE_FREE(utf8_dn); return rc; } @@ -1041,6 +1051,8 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, smbldap_close(ldap_state); } + ldap_state->last_use = time(NULL); + return rc; } @@ -1071,6 +1083,24 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, return rc; } +static void smbldap_idle_fn(void **data, time_t *interval, time_t now) +{ + struct smbldap_state *state = (struct smbldap_state *)(*data); + + if (state->ldap_struct == NULL) { + DEBUG(10,("ldap connection not connected...\n")); + return; + } + + if ((state->last_use+SMBLDAP_IDLE_TIME) > now) { + DEBUG(10,("ldap connection not idle...\n")); + return; + } + + DEBUG(7,("ldap connection idle...closing connection\n")); + smbldap_close(state); +} + /********************************************************************** Housekeeping *********************************************************************/ @@ -1086,6 +1116,8 @@ void smbldap_free_struct(struct smbldap_state **ldap_state) SAFE_FREE((*ldap_state)->bind_dn); SAFE_FREE((*ldap_state)->bind_secret); + smb_unregister_idle_event((*ldap_state)->event_id); + *ldap_state = NULL; /* No need to free any further, as it is talloc()ed */ @@ -1109,6 +1141,16 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ } else { (*smbldap_state)->uri = "ldap://localhost"; } + + (*smbldap_state)->event_id = + smb_register_idle_event(smbldap_idle_fn, (void *)(*smbldap_state), + SMBLDAP_IDLE_TIME); + + if ((*smbldap_state)->event_id == SMB_EVENT_ID_INVALID) { + DEBUG(0,("Failed to register LDAP idle event!\n")); + return NT_STATUS_INVALID_HANDLE; + } + return NT_STATUS_OK; } -- cgit From 3a5dc7c2ecacecf7dd0cfd71ff1bb298d70b391b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 23 Jul 2003 12:33:59 +0000 Subject: convert snprintf() calls using pstrings & fstrings to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 7c2409312b..3f56d066ec 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1197,7 +1197,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, DEBUG(3,("Adding new domain\n")); ldap_op = LDAP_MOD_ADD; - snprintf(dn, sizeof(dn), "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), domain_name, lp_ldap_suffix()); /* Free original search */ @@ -1262,7 +1262,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, char **attr_list; int count; - snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(%s=%s))", + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_DOMINFO, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), domain_name); -- cgit From 5faf3ba9af1bc00db78f8743374acaff93879ff7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 13 Aug 2003 00:08:28 +0000 Subject: 2 fixes * bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc) --- source3/lib/smbldap.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 3f56d066ec..1ce03491da 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1172,6 +1172,9 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, LDAPMessage *result = NULL; int num_result; char **attr_list; + uid_t u_low, u_high; + gid_t g_low, g_high; + uint32 rid_low, rid_high; slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), @@ -1217,6 +1220,30 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), algorithmic_rid_base_string); smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. + TODO: fix all the places where the line between idmap and normal operations + needed by smbd gets fuzzy --jerry 2003-08-11 */ + + if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) + && get_free_rid_range(&rid_low, &rid_high) ) + { + fstring rid_str; + + fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), + rid_str); + + fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); + DEBUG(10,("setting next available group rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + rid_str); + + } + switch(ldap_op) { -- cgit From ca1c6ebb11361dabaca22015736f3876d51833a2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Sep 2003 22:33:06 +0000 Subject: Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting to/from utf8 for some calls. The libads code gets this right. Wonder why the passdb code doesn't use it ? Jeremy. (This used to be commit 910d21d3164c2c64773031fddaad35ea88e72a04) --- source3/lib/smbldap.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 1ce03491da..7bdb8ea5a5 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1329,3 +1329,23 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, return ret; } +/******************************************************************* + Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. +********************************************************************/ + +char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) +{ + char *utf8_dn, *unix_dn; + + utf8_dn = ldap_get_dn(ld, entry); + if (!utf8_dn) { + DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); + return NULL; + } + if (pull_utf8_allocate((void **) &unix_dn, utf8_dn) == (size_t)-1) { + DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn)); + return NULL; + } + ldap_memfree(utf8_dn); + return unix_dn; +} -- cgit From c068cd37b911b28cef8754cbd61d2fde44650530 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Sep 2003 23:14:18 +0000 Subject: Still on my mb rampage. Ensure smbldap_make_mod() correctly detects old values. Jeremy. (This used to be commit 41e4479aa9f186d68300086984d6f4c8f9fd2a27) --- source3/lib/smbldap.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 7bdb8ea5a5..781e6b976c 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -282,8 +282,9 @@ BOOL fetch_ldap_pw(char **dn, char** pw) } /******************************************************************* -search an attribute and return the first value found. + Search an attribute and return the first value found. ******************************************************************/ + BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, pstring value) { @@ -300,8 +301,7 @@ search an attribute and return the first value found. return False; } - if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, sizeof(pstring)) == (size_t)-1) - { + if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, sizeof(pstring)) == (size_t)-1) { DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n", attribute, values[0])); ldap_value_free(values); @@ -402,32 +402,32 @@ search an attribute and return the first value found. *modlist = mods; } - /********************************************************************** Set attribute to newval in LDAP, regardless of what value the attribute had in LDAP before. *********************************************************************/ + void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing, LDAPMod ***mods, const char *attribute, const char *newval) { - char **values = NULL; + pstring oldval; + BOOL existed; if (existing != NULL) { - values = ldap_get_values(ldap_struct, existing, attribute); + existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval); + } else { + existed = False; + *oldval = '\0'; } /* all of our string attributes are case insensitive */ - if ((values != NULL) && (values[0] != NULL) && - StrCaseCmp(values[0], newval) == 0) - { + if (existed && (StrCaseCmp(oldval, newval) == 0)) { /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the same... */ - - ldap_value_free(values); return; } @@ -439,7 +439,7 @@ search an attribute and return the first value found. smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); } - if (values == NULL) { + if (!existed) { /* There has been no value before, so don't delete it. Here's a possible race: We might end up with duplicate attributes */ @@ -451,11 +451,9 @@ search an attribute and return the first value found. deny the complete operation if somebody changed the attribute behind our back. */ - smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, values[0]); - ldap_value_free(values); + smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); } - /********************************************************************** Some varients of the LDAP rebind code do not pass in the third 'arg' pointer to a void*, so we try and work around it by assuming that the -- cgit From b7ddb777936afc7cd1afb44fdcb80406821b688b Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 15 Sep 2003 05:12:30 +0000 Subject: I think this is a bugfix that somehow was dropped from the 3.0 tree. (This used to be commit 299eb0abd36072af51cbcb761fa9fb6a77584585) --- source3/lib/smbldap.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 781e6b976c..ea8de36310 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -428,6 +428,8 @@ BOOL fetch_ldap_pw(char **dn, char** pw) /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the same... */ + + ldap_value_free(values); return; } -- cgit From 7e7d43d20373725554a2c7ff182dbce4e0833352 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 15 Sep 2003 05:20:00 +0000 Subject: This ldap_value_free() looks like it was part of Jeremy's recent rampage so I'm putting it back in. (This used to be commit ec49fc8ab73b26f86da155475df90843650f0e63) --- source3/lib/smbldap.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index ea8de36310..781e6b976c 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -428,8 +428,6 @@ BOOL fetch_ldap_pw(char **dn, char** pw) /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the same... */ - - ldap_value_free(values); return; } -- cgit From bb0598faf58679a7ad26a1caab8eadb154a07ae2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Oct 2003 23:38:20 +0000 Subject: Put strcasecmp/strncasecmp on the banned list (except for needed calls in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 781e6b976c..8f58e80dde 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -350,7 +350,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) } for (i = 0; mods[i] != NULL; ++i) { - if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute)) + if (mods[i]->mod_op == modop && strequal(mods[i]->mod_type, attribute)) break; } @@ -542,7 +542,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); /* skip leading "URL:" (if any) */ - if ( strncasecmp( p, "URL:", 4 ) == 0 ) { + if ( strnequal( p, "URL:", 4 ) ) { p += 4; } -- cgit From 231124ced9237cdbc3732a722c8f373ee760927b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Oct 2003 21:28:00 +0000 Subject: Fixes to check for wraps which could cause coredumps. Jeremy. (This used to be commit ad06edd1bb58cc5e2c38a364b1af96a933b770af) --- source3/lib/smbldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 8f58e80dde..fe34cfb852 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -258,6 +258,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) return False; } + size = MIN(size, sizeof(fstring)-1); strncpy(old_style_pw, data, size); old_style_pw[size] = 0; -- cgit From 5df2fd4175049247bf105698e9abfd32272bf96e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Dec 2003 04:52:00 +0000 Subject: support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800 (This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source3/lib/smbldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index fe34cfb852..8f6394ea92 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -97,6 +97,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_DOMAIN, "sambaDomainName" }, { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_ACB_INFO, "sambaAcctFlags" }, + { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From 38d0c9698fd60ed46432bc30a110b820eb9aebb6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 25 Dec 2003 22:29:38 +0000 Subject: Fix our parsing of the LDAP url. We get around it as all decent systems seem to have ldap_initialize. Thanks to abartlet for the fix (and the bug in the first place ;-)) Volker (This used to be commit 17473a65eb119ca2240b40a8c029d9a499cde177) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 8f6394ea92..da409dce04 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -548,7 +548,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) p += 4; } - sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); + sscanf(p, "%10[^:]://%254[^:/]:%d", protocol, host, &port); if (port == 0) { if (strequal(protocol, "ldap")) { -- cgit From 3a1b189a9f3d2dab1fcadc5277546baa2f88cdfa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 25 Dec 2003 22:42:15 +0000 Subject: This is metze's LDAP rebind sleep patch: When smb.conf tells us to write to a read-only LDAP replica and we are redirected by the LDAP server, the replication might take some seconds, especially over slow links. This patch delays the next read after a rebind for 'ldap rebind sleep' milliseconds. Metze, thanks for your patience. Volker (This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc) --- source3/lib/smbldap.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index da409dce04..d1117046c3 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -661,6 +661,9 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, } *methodp = LDAP_AUTH_SIMPLE; } + + gettimeofday(&(ldap_state->last_rebind),NULL); + return 0; } #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ @@ -687,6 +690,8 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); + gettimeofday(&(ldap_state->last_rebind),NULL); + return rc; } #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ @@ -909,6 +914,29 @@ int smbldap_search(struct smbldap_state *ldap_state, SMB_ASSERT(ldap_state); + if (ldap_state->last_rebind.tv_sec > 0) { + struct timeval tval; + int tdiff = 0; + int sleep_time = 0; + + ZERO_STRUCT(tval); + + gettimeofday(&tval,NULL); + + tdiff = 1000000 *(tval.tv_sec - ldap_state->last_rebind.tv_sec) + + (tval.tv_usec - ldap_state->last_rebind.tv_usec); + + sleep_time = ((1000*lp_ldap_rebind_sleep())-tdiff)/1000; + + if (sleep_time > 0) { + /* we wait for the LDAP replication */ + DEBUG(5,("smbldap_search: waiting %d milliseconds for LDAP replication.\n",sleep_time)); + msleep(sleep_time); + DEBUG(5,("smbldap_search: go on!\n")); + ZERO_STRUCT(ldap_state->last_rebind); + } + } + if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) { return LDAP_NO_MEMORY; } -- cgit From 38b17cb1531806f177ff828944d78e887b066a05 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Dec 2003 23:11:07 +0000 Subject: ldap rebind sleep -> ldap replication sleep While writing documentation for metze's patch, it became clear that this is a better name. Andrew Bartlett (This used to be commit 6f828ff3d3622c56ee732b976e7ab90b7897a8d3) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index d1117046c3..d4cf378e49 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -926,7 +926,7 @@ int smbldap_search(struct smbldap_state *ldap_state, tdiff = 1000000 *(tval.tv_sec - ldap_state->last_rebind.tv_sec) + (tval.tv_usec - ldap_state->last_rebind.tv_usec); - sleep_time = ((1000*lp_ldap_rebind_sleep())-tdiff)/1000; + sleep_time = ((1000*lp_ldap_replication_sleep())-tdiff)/1000; if (sleep_time > 0) { /* we wait for the LDAP replication */ -- cgit From db088293ae291f0ee927e8c79f9238ad4f5c8d71 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 26 Dec 2003 00:38:12 +0000 Subject: Based on patch by Petri Asikainen fix bug #387 and #330. This patch will change order how attributes are modified from: add, delete to: delete, add This is needed to update single valued attributes in Novell NDS and should not harm anyone else. (This used to be commit fabf80169079483a1378aa0177d8d8335bd98bb3) --- source3/lib/smbldap.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index d4cf378e49..d9d73d943f 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -438,22 +438,23 @@ BOOL fetch_ldap_pw(char **dn, char** pw) the old value, should it exist. */ if ((newval != NULL) && (strlen(newval) > 0)) { - smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); - } + if (existed) { + /* There has been no value before, so don't delete it. + * Here's a possible race: We might end up with + * duplicate attributes */ + /* By deleting exactly the value we found in the entry this + * should be race-free in the sense that the LDAP-Server will + * deny the complete operation if somebody changed the + * attribute behind our back. */ + /* This will also allow modifying single valued attributes + * in Novell NDS. In NDS you have to first remove attribute and then + * you could add new value */ + + smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); + } - if (!existed) { - /* There has been no value before, so don't delete it. - Here's a possible race: We might end up with - duplicate attributes */ - return; + smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); } - - /* By deleting exactly the value we found in the entry this - should be race-free in the sense that the LDAP-Server will - deny the complete operation if somebody changed the - attribute behind our back. */ - - smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); } /********************************************************************** -- cgit From 5eee23cc64139ba1d23101c87709e6d5198a6c68 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Dec 2003 00:31:43 +0000 Subject: auth/auth_util.c: - Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. Andrew Bartlett (This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index d9d73d943f..e66724a361 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1371,7 +1371,7 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); return NULL; } - if (pull_utf8_allocate((void **) &unix_dn, utf8_dn) == (size_t)-1) { + if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) { DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn)); return NULL; } -- cgit From 29b4959815d9cb5ad0d300a4eb41c4d06f9653dc Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 6 Jan 2004 18:26:18 +0000 Subject: isolate ldap debug messages to the common smbldap_XXX() functions (This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a) --- source3/lib/smbldap.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e66724a361..b8ce4236e4 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -914,6 +914,9 @@ int smbldap_search(struct smbldap_state *ldap_state, char *utf8_filter; SMB_ASSERT(ldap_state); + + DEBUG(5,("smbldap_search: base => [%s], filter => [%s], scope => [%d]\n", + base, filter, scope)); if (ldap_state->last_rebind.tv_sec > 0) { struct timeval tval; @@ -970,6 +973,8 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at SMB_ASSERT(ldap_state); + DEBUG(5,("smbldap_modify: dn => [%s]\n", dn )); + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { return LDAP_NO_MEMORY; } @@ -1001,6 +1006,8 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs SMB_ASSERT(ldap_state); + DEBUG(5,("smbldap_add: dn => [%s]\n", dn )); + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { return LDAP_NO_MEMORY; } @@ -1032,6 +1039,8 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) SMB_ASSERT(ldap_state); + DEBUG(5,("smbldap_delete: dn => [%s]\n", dn )); + if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { return LDAP_NO_MEMORY; } @@ -1094,8 +1103,6 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, int scope = LDAP_SCOPE_SUBTREE; int rc; - DEBUG(2, ("smbldap_search_suffix: searching for:[%s]\n", filter)); - rc = smbldap_search(ldap_state, lp_ldap_suffix(), scope, filter, search_attr, 0, result); if (rc != LDAP_SUCCESS) { @@ -1104,8 +1111,6 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, &ld_error); DEBUG(0,("smbldap_search_suffix: Problem during the LDAP search: %s (%s)\n", ld_error?ld_error:"(unknown)", ldap_err2string (rc))); - DEBUG(3,("smbldap_search_suffix: Query was: %s, %s\n", lp_ldap_suffix(), - filter)); SAFE_FREE(ld_error); } -- cgit From 236adfd9f4ba3ebcb22995431b1935193206e5c2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 25 Jan 2004 00:50:39 +0000 Subject: Fix removal of attributes in LDAP - we would not actually remove the old value in the previous code. Andrew Bartlett (This used to be commit c97d3eb1622ee25c24b0cd81b65ec7d4b854e604) --- source3/lib/smbldap.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index b8ce4236e4..2bfaeccd15 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -425,7 +425,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) /* all of our string attributes are case insensitive */ - if (existed && (StrCaseCmp(oldval, newval) == 0)) { + if (existed && newval && (StrCaseCmp(oldval, newval) == 0)) { /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the @@ -433,26 +433,26 @@ BOOL fetch_ldap_pw(char **dn, char** pw) return; } + if (existed) { + /* There has been no value before, so don't delete it. + * Here's a possible race: We might end up with + * duplicate attributes */ + /* By deleting exactly the value we found in the entry this + * should be race-free in the sense that the LDAP-Server will + * deny the complete operation if somebody changed the + * attribute behind our back. */ + /* This will also allow modifying single valued attributes + * in Novell NDS. In NDS you have to first remove attribute and then + * you could add new value */ + + smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); + } + /* Regardless of the real operation (add or modify) we add the new value here. We rely on deleting the old value, should it exist. */ if ((newval != NULL) && (strlen(newval) > 0)) { - if (existed) { - /* There has been no value before, so don't delete it. - * Here's a possible race: We might end up with - * duplicate attributes */ - /* By deleting exactly the value we found in the entry this - * should be race-free in the sense that the LDAP-Server will - * deny the complete operation if somebody changed the - * attribute behind our back. */ - /* This will also allow modifying single valued attributes - * in Novell NDS. In NDS you have to first remove attribute and then - * you could add new value */ - - smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); - } - smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); } } -- cgit From 131bf59694ebbd333165f92c5cd47f6f800ec27e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Feb 2004 01:30:59 +0000 Subject: Another static function. Andrew Bartlett (This used to be commit 128c328ddbc9f2283badde95ce743e696f94f6a4) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2bfaeccd15..dc2f425c09 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -221,7 +221,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { /******************************************************************* find the ldap password ******************************************************************/ -BOOL fetch_ldap_pw(char **dn, char** pw) +static BOOL fetch_ldap_pw(char **dn, char** pw) { char *key = NULL; size_t size; -- cgit From 401959b7d7b3a29dbd1734318e5f6eb1248859f8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 23 Feb 2004 02:47:33 +0000 Subject: Add bad password count/time attributes (This used to be commit 003318939f7e476f5f2a5f345e8a81a228fc89a7) --- source3/lib/smbldap.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index dc2f425c09..e122acd188 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -98,6 +98,8 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_ACB_INFO, "sambaAcctFlags" }, { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, + { LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" }, + { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From 24df38dbc6648261f86adcffd664ffc43f8f3346 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 23 Feb 2004 02:54:03 +0000 Subject: Janitor for tpot...bugzilla #1098, msleep already exists on aix (This used to be commit 4319df7fdc2d878c509381923cc1db4d731620ba) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e122acd188..77356150bc 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -890,7 +890,7 @@ int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts) */ DEBUG(3, ("Sleeping for %u milliseconds before reconnecting\n", sleep_time)); - msleep(sleep_time); + smb_msleep(sleep_time); } (*attempts)++; @@ -937,7 +937,7 @@ int smbldap_search(struct smbldap_state *ldap_state, if (sleep_time > 0) { /* we wait for the LDAP replication */ DEBUG(5,("smbldap_search: waiting %d milliseconds for LDAP replication.\n",sleep_time)); - msleep(sleep_time); + smb_msleep(sleep_time); DEBUG(5,("smbldap_search: go on!\n")); ZERO_STRUCT(ldap_state->last_rebind); } -- cgit From 83d4d424628389f40d637229f0627f500d892355 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 7 Mar 2004 01:14:11 +0000 Subject: Fix typo. (This used to be commit e6e8b59f53d5ac618dcec13a46c356f0abe5950a) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 77356150bc..c8305eeb80 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -103,7 +103,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_LIST_END, NULL } }; -/* attributes used for alalocating RIDs */ +/* attributes used for allocating RIDs */ ATTRIB_MAP_ENTRY dominfo_attr_list[] = { { LDAP_ATTR_DOMAIN, "sambaDomainName" }, -- cgit From 3d18997afda94504e9db24115aaa56a58086a653 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 11 Mar 2004 16:32:19 +0000 Subject: Get MungedDial actually working with full TS strings in it for pdb_ldap. I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6) --- source3/lib/smbldap.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c8305eeb80..2ade9d5197 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -290,7 +290,8 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) ******************************************************************/ BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value) + const char *attribute, char *value, + int max_len) { char **values; @@ -305,7 +306,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) return False; } - if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, sizeof(pstring)) == (size_t)-1) { + if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len) == (size_t)-1) { DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n", attribute, values[0])); ldap_value_free(values); @@ -319,6 +320,14 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) return True; } + BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, + const char *attribute, pstring value) +{ + return smbldap_get_single_attribute(ldap_struct, entry, + attribute, value, + sizeof(pstring)); +} + /************************************************************************ Routine to manage the LDAPMod structure array manage memory used by the array, by each struct, and values @@ -415,11 +424,11 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) LDAPMod ***mods, const char *attribute, const char *newval) { - pstring oldval; + char oldval[2048]; /* current largest allowed value is mungeddial */ BOOL existed; if (existing != NULL) { - existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval); + existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval)); } else { existed = False; *oldval = '\0'; -- cgit From e3f5b542707e2328030b9d5eff0836a904eccde5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Mar 2004 22:48:24 +0000 Subject: Restore the contract on all convert_stringXX() interfaces. Add a "allow_bad_conv" boolean parameter that allows broken iconv conversions to work. Gets rid of the nasty errno checks in mangle_hash2 and check_path_syntax and allows correct return code checking. Jeremy. (This used to be commit 7b96765c23637613f079d37566d95d5edd511f05) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2ade9d5197..2c76e84254 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -306,7 +306,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) return False; } - if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len) == (size_t)-1) { + if (convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len, False) == (size_t)-1) { DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n", attribute, values[0])); ldap_value_free(values); -- cgit From 357998ddbdeb2fae0a30c578e747154fec22c180 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 18 Mar 2004 19:22:51 +0000 Subject: Password lockout for LDAP backend. Caches autolock flag, bad count, and bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0) --- source3/lib/smbldap.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2c76e84254..18979e2f76 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -100,6 +100,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, { LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" }, { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, + { LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -1394,3 +1395,4 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) ldap_memfree(utf8_dn); return unix_dn; } + -- cgit From a15393a3d9cdefc776cd7adb42ff50f61b9eff69 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 5 Apr 2004 14:45:24 +0000 Subject: r53: Remove modifyTimestamp from list of our attributes. We just check it for cache entry time comparisons in password lockout. Fixes problems where pdb_ldap tries to delete the operational attribute modifyTimestamp when deleting a user account. (This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f) --- source3/lib/smbldap.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 18979e2f76..f4f0170479 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -100,7 +100,6 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, { LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" }, { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, - { LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From 7af3777ab32ee220700ed3367d07ca18b2bbdd47 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 7 Apr 2004 12:43:44 +0000 Subject: r116: volker's patch for local group and group nesting (This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f) --- source3/lib/smbldap.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f4f0170479..21e2a7c101 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -122,6 +122,7 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, { LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, + { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_CN, "cn" }, @@ -134,6 +135,7 @@ ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From 569177a194ef990b55d3ad5d5243ca0f2659f25c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jul 2004 16:35:43 +0000 Subject: r1317: Patch from Joe Meadows "Joe Meadows" to add a timeout to the ldap open calls. New parameter, ldap timeout added. Jeremy. (This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 21e2a7c101..6e233fe990 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -808,7 +808,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ } /********************************************************************** -Connect to LDAP server (called before every ldap operation) + Connect to LDAP server (called before every ldap operation) *********************************************************************/ static int smbldap_open(struct smbldap_state *ldap_state) { -- cgit From c531f726c4431dc7bdeaf53864bfe30347e426f1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jul 2004 22:55:38 +0000 Subject: r1325: Always use GetTimeOfDay() (wrapper). Ensure ldap replication sleep time is not more than 5 seconds. Should fix issue reported by Chris Garrigues . Jeremy. (This used to be commit fbc06831d3a7e8645409158ee1ae1f9f192913a7) --- source3/lib/smbldap.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 6e233fe990..d058613f00 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -676,7 +676,7 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, *methodp = LDAP_AUTH_SIMPLE; } - gettimeofday(&(ldap_state->last_rebind),NULL); + GetTimeOfDay(&ldap_state->last_rebind); return 0; } @@ -704,7 +704,7 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); - gettimeofday(&(ldap_state->last_rebind),NULL); + GetTimeOfDay(&ldap_state->last_rebind); return rc; } @@ -755,8 +755,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ char *ldap_secret; /* get the password */ - if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) - { + if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) { DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); return LDAP_INVALID_CREDENTIALS; } @@ -854,7 +853,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) ldap_state->last_ping = time(NULL); - DEBUG(4,("The LDAP server is succesful connected\n")); + DEBUG(4,("The LDAP server is succesfully connected\n")); return LDAP_SUCCESS; } @@ -933,25 +932,25 @@ int smbldap_search(struct smbldap_state *ldap_state, if (ldap_state->last_rebind.tv_sec > 0) { struct timeval tval; - int tdiff = 0; + SMB_BIG_INT tdiff = 0; int sleep_time = 0; ZERO_STRUCT(tval); + GetTimeOfDay(&tval); - gettimeofday(&tval,NULL); - - tdiff = 1000000 *(tval.tv_sec - ldap_state->last_rebind.tv_sec) + - (tval.tv_usec - ldap_state->last_rebind.tv_usec); + tdiff = usec_time_diff(&tval, &ldap_state->last_rebind.tv_sec); + tdiff /= 1000; /* Convert to milliseconds. */ - sleep_time = ((1000*lp_ldap_replication_sleep())-tdiff)/1000; + sleep_time = lp_ldap_replication_sleep()-(int)tdiff; + sleep_time = MIN(sleep_time, MAX_LDAP_REPLICATION_SLEEP_TIME); if (sleep_time > 0) { /* we wait for the LDAP replication */ DEBUG(5,("smbldap_search: waiting %d milliseconds for LDAP replication.\n",sleep_time)); smb_msleep(sleep_time); DEBUG(5,("smbldap_search: go on!\n")); - ZERO_STRUCT(ldap_state->last_rebind); } + ZERO_STRUCT(ldap_state->last_rebind); } if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) { -- cgit From 1c5867502a47371e24519ffeb4165c69cab63482 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Jul 2004 22:46:51 +0000 Subject: r1388: Adding password history code for ldap backend, based on a patch from "Jianliang Lu" . Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9) --- source3/lib/smbldap.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index d058613f00..9b6d597606 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -100,6 +100,8 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, { LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" }, { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, + { LDAP_ATTR_PWD_HISTORY, "sambaPasswordHistory" }, + { LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -345,19 +347,19 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) /* sanity checks on the mod values */ - if (attribute == NULL || *attribute == '\0') + if (attribute == NULL || *attribute == '\0') { return; + } + #if 0 /* commented out after discussion with abartlet. Do not reenable. left here so other so re-add similar code --jerry */ if (value == NULL || *value == '\0') return; #endif - if (mods == NULL) - { + if (mods == NULL) { mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); - if (mods == NULL) - { + if (mods == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; } @@ -369,17 +371,14 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) break; } - if (mods[i] == NULL) - { + if (mods[i] == NULL) { mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); - if (mods == NULL) - { + if (mods == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; } mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); - if (mods[i] == NULL) - { + if (mods[i] == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; } @@ -389,8 +388,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) mods[i + 1] = NULL; } - if (value != NULL) - { + if (value != NULL) { char *utf8_value = NULL; j = 0; -- cgit From 10f0c34a2aa1171fe8d769100d6027580dada5ad Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 Jul 2004 06:39:22 +0000 Subject: r1392: Added password history code to tdbsam backend. Not yet tested (ie. may core dump) but compiles and links correctly. I will run the full set of tests on the ldap sam and the tdb sam for password history tomorrow. Jeremy. (This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 9b6d597606..a1a3117d88 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -936,7 +936,7 @@ int smbldap_search(struct smbldap_state *ldap_state, ZERO_STRUCT(tval); GetTimeOfDay(&tval); - tdiff = usec_time_diff(&tval, &ldap_state->last_rebind.tv_sec); + tdiff = usec_time_diff(&tval, &ldap_state->last_rebind); tdiff /= 1000; /* Convert to milliseconds. */ sleep_time = lp_ldap_replication_sleep()-(int)tdiff; -- cgit From ec1bbbf85890dee1fa68046f5c7f15967536079e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 26 Jul 2004 07:41:16 +0000 Subject: r1588: This is one of the more pathetic patches I ever checked in. Many hours of coding have passed, but I could not find a way to get the OpenLDAP libraries to reliably time out on any of the queries we make, *and* get correct error returns. No, async calls and ldap_result does NOT work, or I was simply too stupid to correctly interpret the OpenLDAP manpage and source. We can not allow to hang indefinitely in an ldap query, especially not for winbindd. "ldap timeout" now specifies the overall timeout for the complete operation, that's why I increased that to 15 seconds. Volker (This used to be commit 269f0750872e5f8757e0a9667e007a0410319fcd) --- source3/lib/smbldap.c | 167 ++++++++++++++++++++++---------------------------- 1 file changed, 72 insertions(+), 95 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a1a3117d88..0980b763ad 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -879,37 +879,69 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) return NT_STATUS_OK; } -int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts) +static BOOL got_alarm; + +static void (*old_handler)(int); + +static void gotalarm_sig(int dummy) { - int rc; + got_alarm = True; +} - SMB_ASSERT(ldap_state && attempts); - - if (*attempts != 0) { - unsigned int sleep_time; - uint8 rand_byte; - - /* Sleep for a random timeout */ - rand_byte = (char)(sys_random()); - - sleep_time = (((*attempts)*(*attempts))/2)*rand_byte*2; - /* we retry after (0.5, 1, 2, 3, 4.5, 6) seconds - on average. - */ - DEBUG(3, ("Sleeping for %u milliseconds before reconnecting\n", - sleep_time)); - smb_msleep(sleep_time); +static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, + int *attempts, time_t endtime) +{ + time_t now = time(NULL); + int open_rc = LDAP_SERVER_DOWN; + + if (*rc != LDAP_SERVER_DOWN) + goto no_next; + + now = time(NULL); + + if (now >= endtime) { + smbldap_close(ldap_state); + *rc = LDAP_TIMEOUT; + goto no_next; } - (*attempts)++; - if ((rc = smbldap_open(ldap_state))) { - DEBUG(1,("Connection to LDAP Server failed for the %d try!\n",*attempts)); - return rc; - } - - return LDAP_SUCCESS; -} + if (*attempts == 0) { + got_alarm = False; + old_handler = CatchSignal(SIGALRM, gotalarm_sig); + alarm(endtime - now); + } + + while (1) { + + if (*attempts != 0) + smb_msleep(1000); + *attempts += 1; + + open_rc = smbldap_open(ldap_state); + + if (open_rc == LDAP_SUCCESS) { + ldap_state->last_use = now; + return True; + } + + if (got_alarm) { + *rc = LDAP_TIMEOUT; + break; + } + + if (open_rc != LDAP_SUCCESS) { + DEBUG(1, ("Connection to LDAP server failed for the " + "%d try!\n", *attempts)); + } + } + + no_next: + CatchSignal(SIGALRM, old_handler); + alarm(0); + ldap_state->last_use = now; + return False; +} /********************************************************************* ********************************************************************/ @@ -922,6 +954,7 @@ int smbldap_search(struct smbldap_state *ldap_state, int rc = LDAP_SERVER_DOWN; int attempts = 0; char *utf8_filter; + time_t endtime = time(NULL)+lp_ldap_timeout(); SMB_ASSERT(ldap_state); @@ -955,22 +988,10 @@ int smbldap_search(struct smbldap_state *ldap_state, return LDAP_NO_MEMORY; } - while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { - - if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_search_s(ldap_state->ldap_struct, base, scope, utf8_filter, attrs, attrsonly, res); - } - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smbldap_close(ldap_state); - } - - ldap_state->last_use = time(NULL); - SAFE_FREE(utf8_filter); return rc; } @@ -980,6 +1001,7 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at int rc = LDAP_SERVER_DOWN; int attempts = 0; char *utf8_dn; + time_t endtime = time(NULL)+lp_ldap_timeout(); SMB_ASSERT(ldap_state); @@ -989,21 +1011,9 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at return LDAP_NO_MEMORY; } - while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { - - if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smbldap_close(ldap_state); - } - - ldap_state->last_use = time(NULL); - + SAFE_FREE(utf8_dn); return rc; } @@ -1013,6 +1023,7 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs int rc = LDAP_SERVER_DOWN; int attempts = 0; char *utf8_dn; + time_t endtime = time(NULL)+lp_ldap_timeout(); SMB_ASSERT(ldap_state); @@ -1022,21 +1033,9 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs return LDAP_NO_MEMORY; } - while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { - - if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs); - } - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smbldap_close(ldap_state); - } - - ldap_state->last_use = time(NULL); - SAFE_FREE(utf8_dn); return rc; } @@ -1046,6 +1045,7 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) int rc = LDAP_SERVER_DOWN; int attempts = 0; char *utf8_dn; + time_t endtime = time(NULL)+lp_ldap_timeout(); SMB_ASSERT(ldap_state); @@ -1055,21 +1055,9 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) return LDAP_NO_MEMORY; } - while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { - - if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn); - } - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smbldap_close(ldap_state); - } - - ldap_state->last_use = time(NULL); - SAFE_FREE(utf8_dn); return rc; } @@ -1081,26 +1069,15 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, { int rc = LDAP_SERVER_DOWN; int attempts = 0; + time_t endtime = time(NULL)+lp_ldap_timeout(); if (!ldap_state) return (-1); - while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) { - - if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, - serverctrls, clientctrls, retoidp, retdatap); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smbldap_close(ldap_state); - } - - ldap_state->last_use = time(NULL); - + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, + reqdata, serverctrls, + clientctrls, retoidp, retdatap); return rc; } -- cgit From bdab948fcfee56871e7a21825c09a116b4274f37 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Aug 2004 18:02:58 +0000 Subject: r1810: Patch from Richard Renard to store logon hours attributes in an LDAP database. Jeremy. (This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af) --- source3/lib/smbldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 0980b763ad..e66fb3640c 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -102,6 +102,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, { LDAP_ATTR_PWD_HISTORY, "sambaPasswordHistory" }, { LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" }, + { LDAP_ATTR_LOGON_HOURS, "sambaLogonHours" }, { LDAP_ATTR_LIST_END, NULL } }; -- cgit From debfeb8878c08a7ac835a14d163b7fb44f9416fe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Sep 2004 18:30:00 +0000 Subject: r2258: Attempt to fix Bug 1715. Not sure if all of ldapsam_compat works now, but this definitely fixes two segfaults. Volker (This used to be commit 270740189995c56c4d0341aeded364efffec86f2) --- source3/lib/smbldap.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e66fb3640c..c4abc8cf1a 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -66,6 +66,7 @@ ATTRIB_MAP_ENTRY attrib_map_v22[] = { { LDAP_ATTR_DOMAIN, "domain" }, { LDAP_ATTR_OBJCLASS, "objectClass" }, { LDAP_ATTR_ACB_INFO, "acctFlags" }, + { LDAP_ATTR_MOD_TIMESTAMP, "modifyTimestamp" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -428,6 +429,12 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) char oldval[2048]; /* current largest allowed value is mungeddial */ BOOL existed; + if (attribute == NULL) { + /* This can actually happen for ldapsam_compat where we for + * example don't have a password history */ + return; + } + if (existing != NULL) { existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval)); } else { -- cgit From ec62d5a96896ed38894282cd7547d012f604c597 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 20 Sep 2004 11:02:14 +0000 Subject: r2444: Based on jmcd's patch, implement special lists for the ldap user attributes to delete. Richard, IMHO this is the better solution to the problem you currently have. Please review. Thanks, Volker (This used to be commit 6957d6a8921fbd97747258249d99b505a79cfcb4) --- source3/lib/smbldap.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c4abc8cf1a..57aab70a5b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -70,6 +70,28 @@ ATTRIB_MAP_ENTRY attrib_map_v22[] = { { LDAP_ATTR_LIST_END, NULL } }; +ATTRIB_MAP_ENTRY attrib_map_to_delete_v22[] = { + { LDAP_ATTR_PWD_LAST_SET, "pwdLastSet" }, + { LDAP_ATTR_PWD_CAN_CHANGE, "pwdCanChange" }, + { LDAP_ATTR_PWD_MUST_CHANGE, "pwdMustChange" }, + { LDAP_ATTR_LOGON_TIME, "logonTime" }, + { LDAP_ATTR_LOGOFF_TIME, "logoffTime" }, + { LDAP_ATTR_KICKOFF_TIME, "kickoffTime" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_HOME_PATH, "smbHome" }, + { LDAP_ATTR_HOME_DRIVE, "homeDrives" }, + { LDAP_ATTR_LOGON_SCRIPT, "scriptPath" }, + { LDAP_ATTR_PROFILE_PATH, "profilePath" }, + { LDAP_ATTR_USER_WKS, "userWorkstations"}, + { LDAP_ATTR_USER_RID, "rid" }, + { LDAP_ATTR_PRIMARY_GROUP_RID, "primaryGroupID"}, + { LDAP_ATTR_LMPW, "lmPassword" }, + { LDAP_ATTR_NTPW, "ntPassword" }, + { LDAP_ATTR_DOMAIN, "domain" }, + { LDAP_ATTR_ACB_INFO, "acctFlags" }, + { LDAP_ATTR_LIST_END, NULL } +}; + /* attributes used by Samba 3.0's sambaSamAccount */ ATTRIB_MAP_ENTRY attrib_map_v30[] = { @@ -107,6 +129,32 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_LIST_END, NULL } }; +ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[] = { + { LDAP_ATTR_PWD_LAST_SET, "sambaPwdLastSet" }, + { LDAP_ATTR_PWD_CAN_CHANGE, "sambaPwdCanChange" }, + { LDAP_ATTR_PWD_MUST_CHANGE, "sambaPwdMustChange" }, + { LDAP_ATTR_LOGON_TIME, "sambaLogonTime" }, + { LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" }, + { LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" }, + { LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" }, + { LDAP_ATTR_HOME_PATH, "sambaHomePath" }, + { LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" }, + { LDAP_ATTR_PROFILE_PATH, "sambaProfilePath" }, + { LDAP_ATTR_USER_WKS, "sambaUserWorkstations" }, + { LDAP_ATTR_USER_SID, LDAP_ATTRIBUTE_SID }, + { LDAP_ATTR_PRIMARY_GROUP_SID, "sambaPrimaryGroupSID" }, + { LDAP_ATTR_LMPW, "sambaLMPassword" }, + { LDAP_ATTR_NTPW, "sambaNTPassword" }, + { LDAP_ATTR_DOMAIN, "sambaDomainName" }, + { LDAP_ATTR_ACB_INFO, "sambaAcctFlags" }, + { LDAP_ATTR_MUNGED_DIAL, "sambaMungedDial" }, + { LDAP_ATTR_BAD_PASSWORD_COUNT, "sambaBadPasswordCount" }, + { LDAP_ATTR_BAD_PASSWORD_TIME, "sambaBadPasswordTime" }, + { LDAP_ATTR_PWD_HISTORY, "sambaPasswordHistory" }, + { LDAP_ATTR_LOGON_HOURS, "sambaLogonHours" }, + { LDAP_ATTR_LIST_END, NULL } +}; + /* attributes used for allocating RIDs */ ATTRIB_MAP_ENTRY dominfo_attr_list[] = { -- cgit From 61918e78b70bd0ed2295b79c30c27525e1809486 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 28 Sep 2004 13:24:38 +0000 Subject: r2729: Fix ldapsam_compat homeDrive. Thanks to jason@env.leeds.ac.uk Volker (This used to be commit ef057e9534cc3713d3bcd7427cf34c74f7e3ea13) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 57aab70a5b..624ce22d22 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -54,7 +54,7 @@ ATTRIB_MAP_ENTRY attrib_map_v22[] = { { LDAP_ATTR_CN, "cn" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_HOME_PATH, "smbHome" }, - { LDAP_ATTR_HOME_DRIVE, "homeDrives" }, + { LDAP_ATTR_HOME_DRIVE, "homeDrive" }, { LDAP_ATTR_LOGON_SCRIPT, "scriptPath" }, { LDAP_ATTR_PROFILE_PATH, "profilePath" }, { LDAP_ATTR_DESC, "description" }, -- cgit From 55fe875a44bd63de766d4fbdb91bcc26be146a21 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Nov 2004 22:53:35 +0000 Subject: r3563: During a typical logon a modern workstation makes a lot of anonymous session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046) --- source3/lib/smbldap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 624ce22d22..a1f42d92ee 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -907,6 +907,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) ldap_state->last_ping = time(NULL); + ldap_state->pid = sys_getpid(); DEBUG(4,("The LDAP server is succesfully connected\n")); return LDAP_SUCCESS; @@ -965,6 +966,9 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, got_alarm = False; old_handler = CatchSignal(SIGALRM, gotalarm_sig); alarm(endtime - now); + + if (ldap_state->pid != sys_getpid()) + smbldap_close(ldap_state); } while (1) { -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/lib/smbldap.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a1f42d92ee..7e485457b0 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -239,7 +239,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { i++; i++; - names = (char**)malloc( sizeof(char*)*i ); + names = SMB_MALLOC_ARRAY( char*, i ); if ( !names ) { DEBUG(0,("get_attr_list: out of memory\n")); return NULL; @@ -247,7 +247,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { i = 0; while ( table[i].attrib != LDAP_ATTR_LIST_END ) { - names[i] = strdup( table[i].name ); + names[i] = SMB_STRDUP( table[i].name ); i++; } names[i] = NULL; @@ -295,7 +295,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) if (!size) { /* Upgrade 2.2 style entry */ char *p; - char* old_style_key = strdup(*dn); + char* old_style_key = SMB_STRDUP(*dn); char *data; fstring old_style_pw; @@ -408,7 +408,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) #endif if (mods == NULL) { - mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); + mods = SMB_MALLOC_P(LDAPMod *); if (mods == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; @@ -422,19 +422,19 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) } if (mods[i] == NULL) { - mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); + mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2); if (mods == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; } - mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); + mods[i] = SMB_MALLOC_P(LDAPMod); if (mods[i] == NULL) { DEBUG(0, ("make_a_mod: out of memory!\n")); return; } mods[i]->mod_op = modop; mods[i]->mod_values = NULL; - mods[i]->mod_type = strdup(attribute); + mods[i]->mod_type = SMB_STRDUP(attribute); mods[i + 1] = NULL; } @@ -445,8 +445,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) if (mods[i]->mod_values != NULL) { for (; mods[i]->mod_values[j] != NULL; j++); } - mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, - (j + 2) * sizeof (char *)); + mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2); if (mods[i]->mod_values == NULL) { DEBUG (0, ("make_a_mod: Memory allocation failure!\n")); @@ -574,7 +573,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) return; } - t = smb_xmalloc(sizeof(*t)); + t = SMB_XMALLOC_P(struct smbldap_state_lookup); ZERO_STRUCTP(t); DLIST_ADD_END(smbldap_state_lookup_list, t, tmp); @@ -718,11 +717,11 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", ldap_state->bind_dn)); - *whop = strdup(ldap_state->bind_dn); + *whop = SMB_STRDUP(ldap_state->bind_dn); if (!*whop) { return LDAP_NO_MEMORY; } - *credp = strdup(ldap_state->bind_secret); + *credp = SMB_STRDUP(ldap_state->bind_secret); if (!*credp) { SAFE_FREE(*whop); return LDAP_NO_MEMORY; @@ -1211,7 +1210,7 @@ void smbldap_free_struct(struct smbldap_state **ldap_state) NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) { - *smbldap_state = talloc_zero(mem_ctx, sizeof(**smbldap_state)); + *smbldap_state = TALLOC_ZERO_P(mem_ctx, struct smbldap_state); if (!*smbldap_state) { DEBUG(0, ("talloc() failed for ldapsam private_data!\n")); return NT_STATUS_NO_MEMORY; -- cgit From 84e0aafc78f9d91cde3a6b1c4a57d8ed3b6fd58c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Dec 2004 18:42:58 +0000 Subject: r4289: Close LDAP-Connection before retrying to open a new connection in the retry-loop. This fixes a deadlock-situation when ldapsam is used with the ldapi interface: getpeername won't fail while trying to detect dead connections on unix domain sockets. When the ldapi-connection was closed server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP connection. Guenther (This used to be commit ac8032bacff10451fa03f155d43f0d20389512fa) --- source3/lib/smbldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 7e485457b0..4afafde9bb 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -977,6 +977,7 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, *attempts += 1; + smbldap_close(ldap_state); open_rc = smbldap_open(ldap_state); if (open_rc == LDAP_SUCCESS) { -- cgit From c3ba8b9a53617c75ffbcfa8ef32044cb1691d693 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 14 Jan 2005 19:26:13 +0000 Subject: r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 4afafde9bb..518bafcc74 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1,5 +1,5 @@ /* - Unix SMB/CIFS mplementation. + Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA Copyright (C) Jean François Micouleau 1998 Copyright (C) Gerald Carter 2001-2003 -- cgit From 0c6010238d5eda73bbd6b9e81e2261d19bc01bb7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Jan 2005 09:58:29 +0000 Subject: r4840: * Add more generic root-dse inspection function to check for given controls or extensions. * Check and remember if ldapsam's LDAP Server support paged results (in preparation of adding async paged-results to set|get|end-sampwent in ldapsam). Guenther (This used to be commit ced58bd8849cdef78513674dff1b1ec331945aa9) --- source3/lib/smbldap.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 518bafcc74..7908bc254d 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -806,6 +806,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ int rc; char *ldap_dn; char *ldap_secret; + int version; /* get the password */ if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) { @@ -855,7 +856,14 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_state->num_failures = 0; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); + + if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) { + ldap_state->paged_results = True; + } + DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n")); + DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not")); return rc; } @@ -1431,3 +1439,96 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) return unix_dn; } +/******************************************************************* + Check if root-dse has a certain Control or Extension +********************************************************************/ + +static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value) +{ + LDAPMessage *msg = NULL; + LDAPMessage *entry = NULL; + char **values = NULL; + int rc, num_result, num_values, i; + BOOL result = False; + + if (!attrs[0]) { + DEBUG(3,("smbldap_check_root_dse: nothing to look for\n")); + return False; + } + + if (!strequal(attrs[0], "supportedExtension") && + !strequal(attrs[0], "supportedControl")) { + DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0])); + return False; + } + + rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, + "(objectclass=*)", attrs, 0 , &msg); + + if (rc != LDAP_SUCCESS) { + DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n")); + return False; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, msg); + + if (num_result != 1) { + DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result)); + goto done; + } + + entry = ldap_first_entry(ldap_state->ldap_struct, msg); + + if (entry == NULL) { + DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n")); + goto done; + } + + values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]); + + if (values == NULL) { + DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0])); + goto done; + } + + num_values = ldap_count_values(values); + + if (num_values == 0) { + DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0])); + goto done; + } + + for (i=0; i Date: Sat, 22 Jan 2005 03:37:09 +0000 Subject: r4925: Migrate Account Policies to passdb (esp. replicating ldapsam). Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5) --- source3/lib/smbldap.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 7908bc254d..e242a6c3b1 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -208,6 +208,15 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; +/* attributes used for account policies */ + +ATTRIB_MAP_ENTRY acctpol_attr_list[] = { + { LDAP_ATTR_OBJCLASS, "objectClass" }, + { LDAP_ATTR_ACCOUNT_POLICY_NAME,"sambaAccountPolicyName" }, + { LDAP_ATTR_ACCOUNT_POLICY_VAL, "sambaAccountPolicyValue" }, + { LDAP_ATTR_LIST_END, NULL }, +}; + /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -1243,6 +1252,82 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } +/********************************************************************** + Add the account-policies below the sambaDomain object to LDAP, +*********************************************************************/ +static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, + const char *domain_name) +{ + NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; + int i, ldap_op, policy_default, rc; + const char *policy_string = NULL; + const char *policy_comment = NULL; + pstring dn; + fstring policy_default_str; + + DEBUG(3,("Adding new account policies for domain\n")); + ldap_op = LDAP_MOD_ADD; + + for (i=1; decode_account_policy_name(i) != NULL; i++) { + LDAPMod **mods = NULL; + + policy_string = decode_account_policy_name(i); + if (!policy_string) { + DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n")); + return ntstatus; + } + + policy_comment = account_policy_get_comment(i); + if (!policy_comment) { + DEBUG(0,("add_new_domain_account_policies: no description for policy found\n")); + return ntstatus; + } + + if (!account_policy_get_default(i, &policy_default)) { + DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); + return ntstatus; + } + + slprintf(policy_default_str, sizeof(policy_default_str) - 1, "%i", policy_default); + + pstr_sprintf(dn, "%s=%s,%s=%s,%s", + get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(), + lp_ldap_suffix()); + + smbldap_set_mod( &mods, ldap_op, "objectClass", LDAP_OBJ_ACCOUNT_POLICY ); + + smbldap_set_mod( &mods, ldap_op, + get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), + policy_string); + + smbldap_set_mod( &mods, ldap_op, + get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), + policy_default_str); + + smbldap_set_mod( &mods, ldap_op, "description", policy_comment); + + rc = smbldap_add(ldap_state, dn, mods); + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to add account policy dn= %s with: %s\n\t%s\n", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return ntstatus; + } + + DEBUG(2,("added: domain account policy = [%s] in the LDAP database\n", policy_string)); + ldap_mods_free(mods, True); + } + + return NT_STATUS_OK; +} + /********************************************************************** Add the sambaDomain to LDAP, so we don't have to search for this stuff again. This is a once-add operation for now. @@ -1397,7 +1482,8 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, DEBUG(3, ("Got no domain info entries for domain\n")); ldap_msgfree(*result); *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) + && NT_STATUS_IS_OK(ret = add_new_domain_account_policies(ldap_state, domain_name))) { return smbldap_search_domain_info(ldap_state, result, domain_name, False); } else { -- cgit From 23f558535e28cc65000d540817c31dcf98a82e77 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Jan 2005 20:36:24 +0000 Subject: r4989: Display failed LDAP-server-uri. Guenther (This used to be commit d433c7b476005064b9cfd339bbd8a25b40de59c1) --- source3/lib/smbldap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e242a6c3b1..2fc71b1402 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -855,7 +855,8 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); DEBUG(ldap_state->num_failures ? 2 : 0, - ("failed to bind to server with dn= %s Error: %s\n\t%s\n", + ("failed to bind to server %s with dn=\"%s\" Error: %s\n\t%s\n", + ldap_state->uri, ldap_dn ? ldap_dn : "(unknown)", ldap_err2string(rc), ld_error ? ld_error : "(unknown)")); SAFE_FREE(ld_error); -- cgit From 6c84ecb55657ae28eb739a72164f6d7251dc627f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Feb 2005 00:51:31 +0000 Subject: r5349: After talking with Jerry, reverted the addition of account policies to passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1) --- source3/lib/smbldap.c | 88 +-------------------------------------------------- 1 file changed, 1 insertion(+), 87 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2fc71b1402..7aeecb89d6 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -208,15 +208,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; -/* attributes used for account policies */ - -ATTRIB_MAP_ENTRY acctpol_attr_list[] = { - { LDAP_ATTR_OBJCLASS, "objectClass" }, - { LDAP_ATTR_ACCOUNT_POLICY_NAME,"sambaAccountPolicyName" }, - { LDAP_ATTR_ACCOUNT_POLICY_VAL, "sambaAccountPolicyValue" }, - { LDAP_ATTR_LIST_END, NULL }, -}; - /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -1253,82 +1244,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } -/********************************************************************** - Add the account-policies below the sambaDomain object to LDAP, -*********************************************************************/ -static NTSTATUS add_new_domain_account_policies(struct smbldap_state *ldap_state, - const char *domain_name) -{ - NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; - int i, ldap_op, policy_default, rc; - const char *policy_string = NULL; - const char *policy_comment = NULL; - pstring dn; - fstring policy_default_str; - - DEBUG(3,("Adding new account policies for domain\n")); - ldap_op = LDAP_MOD_ADD; - - for (i=1; decode_account_policy_name(i) != NULL; i++) { - LDAPMod **mods = NULL; - - policy_string = decode_account_policy_name(i); - if (!policy_string) { - DEBUG(0,("add_new_domain_account_policies: ops. no policy!\n")); - return ntstatus; - } - - policy_comment = account_policy_get_comment(i); - if (!policy_comment) { - DEBUG(0,("add_new_domain_account_policies: no description for policy found\n")); - return ntstatus; - } - - if (!account_policy_get_default(i, &policy_default)) { - DEBUG(0,("add_new_domain_account_policies: failed to get default account policy\n")); - return ntstatus; - } - - slprintf(policy_default_str, sizeof(policy_default_str) - 1, "%i", policy_default); - - pstr_sprintf(dn, "%s=%s,%s=%s,%s", - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(), - lp_ldap_suffix()); - - smbldap_set_mod( &mods, ldap_op, "objectClass", LDAP_OBJ_ACCOUNT_POLICY ); - - smbldap_set_mod( &mods, ldap_op, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), - policy_string); - - smbldap_set_mod( &mods, ldap_op, - get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_VAL), - policy_default_str); - - smbldap_set_mod( &mods, ldap_op, "description", policy_comment); - - rc = smbldap_add(ldap_state, dn, mods); - - if (rc!=LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to add account policy dn= %s with: %s\n\t%s\n", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - - ldap_mods_free(mods, True); - return ntstatus; - } - - DEBUG(2,("added: domain account policy = [%s] in the LDAP database\n", policy_string)); - ldap_mods_free(mods, True); - } - - return NT_STATUS_OK; -} - /********************************************************************** Add the sambaDomain to LDAP, so we don't have to search for this stuff again. This is a once-add operation for now. @@ -1483,8 +1398,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, DEBUG(3, ("Got no domain info entries for domain\n")); ldap_msgfree(*result); *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) - && NT_STATUS_IS_OK(ret = add_new_domain_account_policies(ldap_state, domain_name))) { + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { return smbldap_search_domain_info(ldap_state, result, domain_name, False); } else { -- cgit From f51677051cc139bdeb9d66196ca5405cecce1a35 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 17 Feb 2005 14:27:34 +0000 Subject: r5428: Apply some const. LDAP attribs should now be declared const char *attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403) --- source3/lib/smbldap.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 7aeecb89d6..ee03295e72 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -230,16 +230,16 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { Return the list of attribute names from a mapping table **********************************************************************/ - char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) + const char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) { - char **names; + const char **names; int i = 0; while ( table[i].attrib != LDAP_ATTR_LIST_END ) i++; i++; - names = SMB_MALLOC_ARRAY( char*, i ); + names = SMB_MALLOC_ARRAY( const char*, i ); if ( !names ) { DEBUG(0,("get_attr_list: out of memory\n")); return NULL; @@ -259,7 +259,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { Cleanup ********************************************************************/ - void free_attr_list( char **list ) + void free_attr_list( const char **list ) { int i = 0; @@ -1017,7 +1017,7 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, int smbldap_search(struct smbldap_state *ldap_state, const char *base, int scope, const char *filter, - char *attrs[], int attrsonly, + const char *attrs[], int attrsonly, LDAPMessage **res) { int rc = LDAP_SERVER_DOWN; @@ -1154,7 +1154,7 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, run the search by name. ******************************************************************/ int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, - char **search_attr, LDAPMessage ** result) + const char **search_attr, LDAPMessage ** result) { int scope = LDAP_SCOPE_SUBTREE; int rc; @@ -1261,7 +1261,7 @@ static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, int ldap_op; LDAPMessage *result = NULL; int num_result; - char **attr_list; + const char **attr_list; uid_t u_low, u_high; gid_t g_low, g_high; uint32 rid_low, rid_high; @@ -1376,7 +1376,7 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; pstring filter; int rc; - char **attr_list; + const char **attr_list; int count; pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", -- cgit From 0a063991a7b2a2a6a7ce537f24be1205d29bc09d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 23 Feb 2005 20:38:29 +0000 Subject: r5522: Better handling of LDAP over IPC connections that have expired on the LDAP-Server. Guenther (This used to be commit 8017a7a150023dc3353181f7737b2363d38593fa) --- source3/lib/smbldap.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index ee03295e72..fec6cc23a8 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -888,7 +888,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) socklen_t len = sizeof(addr); int sd; if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { + ((getpeername(sd, (struct sockaddr *) &addr, &len) < 0) || addr.sun_family == AF_LOCAL)) { /* the other end has died. reopen. */ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); ldap_state->ldap_struct = NULL; @@ -962,8 +962,6 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, if (*rc != LDAP_SERVER_DOWN) goto no_next; - now = time(NULL); - if (now >= endtime) { smbldap_close(ldap_state); *rc = LDAP_TIMEOUT; @@ -986,7 +984,6 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, *attempts += 1; - smbldap_close(ldap_state); open_rc = smbldap_open(ldap_state); if (open_rc == LDAP_SUCCESS) { -- cgit From f823e8c411721201480afe2d275224d81c7de2c8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 25 Feb 2005 14:12:05 +0000 Subject: r5556: Fix the build on AIX. use AF_UNIX instead of AF_LOCAL (thanks to Doug VanLeuven ) and make smbldap_open() a bit more readable. Guenther (This used to be commit 526d6a9493cd091f2a9b8e072f11e673133fe5c1) --- source3/lib/smbldap.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index fec6cc23a8..3296f7994a 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -873,8 +873,9 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ *********************************************************************/ static int smbldap_open(struct smbldap_state *ldap_state) { - int rc; + int rc, opt_rc; SMB_ASSERT(ldap_state); + BOOL reopen = False; #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { @@ -883,12 +884,21 @@ static int smbldap_open(struct smbldap_state *ldap_state) } #endif - if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) { + if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) { + struct sockaddr_un addr; socklen_t len = sizeof(addr); int sd; - if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && - ((getpeername(sd, (struct sockaddr *) &addr, &len) < 0) || addr.sun_family == AF_LOCAL)) { + + opt_rc = ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd); + if (opt_rc == 0 && (getpeername(sd, (struct sockaddr *) &addr, &len)) < 0 ) + reopen = True; + +#ifdef HAVE_UNIXSOCKET + if (opt_rc == 0 && addr.sun_family == AF_UNIX) + reopen = True; +#endif + if (reopen) { /* the other end has died. reopen. */ ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); ldap_state->ldap_struct = NULL; -- cgit From b03c74446ae8fe7db2a78006903f24e2b1ce4d93 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 25 Feb 2005 18:38:19 +0000 Subject: r5565: fix breakage on gcc 2.96 (This used to be commit 67f8a1e3bc545d4ebbe0f7d05ea16c6231f2e82c) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 3296f7994a..68084b0404 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -874,9 +874,9 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ static int smbldap_open(struct smbldap_state *ldap_state) { int rc, opt_rc; - SMB_ASSERT(ldap_state); BOOL reopen = False; + SMB_ASSERT(ldap_state); #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); -- cgit From 934d41d23956c663406ff9d68e5a8ba9d81b5096 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Wed, 30 Mar 2005 04:40:24 +0000 Subject: r6127: Eliminated all compiler warnings pertaining to mismatched "qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including , but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 68084b0404..78ec249717 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1066,7 +1066,7 @@ int smbldap_search(struct smbldap_state *ldap_state, while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_search_s(ldap_state->ldap_struct, base, scope, - utf8_filter, attrs, attrsonly, res); + utf8_filter, (char **) attrs, attrsonly, res); SAFE_FREE(utf8_filter); return rc; @@ -1471,7 +1471,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char } rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, - "(objectclass=*)", attrs, 0 , &msg); + "(objectclass=*)", (char **) attrs, 0 , &msg); if (rc != LDAP_SUCCESS) { DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n")); -- cgit From 9840db418bad5a39edc4a32a1786f5e2d2c9dff8 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Thu, 31 Mar 2005 05:06:04 +0000 Subject: r6149: Fixes bugs #2498 and 2484. 1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb) --- source3/lib/smbldap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 78ec249717..cf2f03e0a2 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1066,7 +1066,9 @@ int smbldap_search(struct smbldap_state *ldap_state, while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) rc = ldap_search_s(ldap_state->ldap_struct, base, scope, - utf8_filter, (char **) attrs, attrsonly, res); + utf8_filter, + CONST_DISCARD(char **, attrs), + attrsonly, res); SAFE_FREE(utf8_filter); return rc; @@ -1471,7 +1473,8 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char } rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, - "(objectclass=*)", (char **) attrs, 0 , &msg); + "(objectclass=*)", CONST_DISCARD(char **, attrs), + 0 , &msg); if (rc != LDAP_SUCCESS) { DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n")); -- cgit From d3d6126d94d55a69c45b2f7a63a7fa9b561baf48 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 15 Apr 2005 13:41:49 +0000 Subject: r6351: This is quite a large and intrusive patch, but there are not many pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9) --- source3/lib/smbldap.c | 158 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 144 insertions(+), 14 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index cf2f03e0a2..e2d78e0ecc 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -856,6 +856,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ } ldap_state->num_failures = 0; + ldap_state->paged_results = False; ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); @@ -864,7 +865,8 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ } DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n")); - DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not")); + DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n", + ldap_state->paged_results ? "does" : "does not")); return rc; } @@ -1022,20 +1024,22 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, /********************************************************************* ********************************************************************/ -int smbldap_search(struct smbldap_state *ldap_state, - const char *base, int scope, const char *filter, - const char *attrs[], int attrsonly, - LDAPMessage **res) +static int smbldap_search_ext(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + const char *attrs[], int attrsonly, + LDAPControl **sctrls, LDAPControl **cctrls, + int sizelimit, LDAPMessage **res) { int rc = LDAP_SERVER_DOWN; int attempts = 0; char *utf8_filter; time_t endtime = time(NULL)+lp_ldap_timeout(); + struct timeval timeout; SMB_ASSERT(ldap_state); - DEBUG(5,("smbldap_search: base => [%s], filter => [%s], scope => [%d]\n", - base, filter, scope)); + DEBUG(5,("smbldap_search_ext: base => [%s], filter => [%s], " + "scope => [%d]\n", base, filter, scope)); if (ldap_state->last_rebind.tv_sec > 0) { struct timeval tval; @@ -1053,9 +1057,10 @@ int smbldap_search(struct smbldap_state *ldap_state, if (sleep_time > 0) { /* we wait for the LDAP replication */ - DEBUG(5,("smbldap_search: waiting %d milliseconds for LDAP replication.\n",sleep_time)); + DEBUG(5,("smbldap_search_ext: waiting %d milliseconds " + "for LDAP replication.\n",sleep_time)); smb_msleep(sleep_time); - DEBUG(5,("smbldap_search: go on!\n")); + DEBUG(5,("smbldap_search_ext: go on!\n")); } ZERO_STRUCT(ldap_state->last_rebind); } @@ -1064,13 +1069,138 @@ int smbldap_search(struct smbldap_state *ldap_state, return LDAP_NO_MEMORY; } + /* Setup timeout for the ldap_search_ext_s call - local and remote. */ + timeout.tv_sec = lp_ldap_timeout(); + timeout.tv_usec = 0; + + /* Setup alarm timeout.... Do we need both of these ? JRA. + * Yes, I think we do need both of these. The server timeout only + * covers the case where the server's operation takes too long. It + * does not cover the case where the request hangs on its way to the + * server. The server side timeout is not strictly necessary, it's + * just a bit more kind to the server. VL. */ + + got_alarm = 0; + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(lp_ldap_timeout()); + /* End setup timeout. */ + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) - rc = ldap_search_s(ldap_state->ldap_struct, base, scope, - utf8_filter, - CONST_DISCARD(char **, attrs), - attrsonly, res); - + rc = ldap_search_ext_s(ldap_state->ldap_struct, base, scope, + utf8_filter, + CONST_DISCARD(char **, attrs), + attrsonly, sctrls, cctrls, &timeout, + sizelimit, res); + SAFE_FREE(utf8_filter); + + /* Teardown timeout. */ + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + alarm(0); + + if (got_alarm != 0) + return LDAP_TIMELIMIT_EXCEEDED; + + return rc; +} + +int smbldap_search(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + const char *attrs[], int attrsonly, + LDAPMessage **res) +{ + return smbldap_search_ext(ldap_state, base, scope, filter, attrs, + attrsonly, NULL, NULL, LDAP_NO_LIMIT, res); +} + +int smbldap_search_paged(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + const char **attrs, int attrsonly, int pagesize, + LDAPMessage **res, void **cookie) +{ + LDAPControl pr; + LDAPControl **rcontrols; + LDAPControl *controls[2] = { NULL, NULL}; + BerElement *cookie_be = NULL; + struct berval *cookie_bv = NULL; + int tmp = 0, i, rc; + BOOL critical = True; + + *res = NULL; + + DEBUG(3,("smbldap_search_paged: base => [%s], filter => [%s]," + "scope => [%d], pagesize => [%d]\n", + base, filter, scope, pagesize)); + + cookie_be = ber_alloc_t(LBER_USE_DER); + if (cookie_be == NULL) { + DEBUG(0,("smbldap_create_page_control: ber_alloc_t returns " + "NULL\n")); + return LDAP_NO_MEMORY; + } + + /* construct cookie */ + if (*cookie != NULL) { + ber_printf(cookie_be, "{iO}", (ber_int_t) pagesize, *cookie); + ber_bvfree(*cookie); /* don't need it from last time */ + *cookie = NULL; + } else { + ber_printf(cookie_be, "{io}", (ber_int_t) pagesize, "", 0); + } + ber_flatten(cookie_be, &cookie_bv); + + pr.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID); + pr.ldctl_iscritical = (char) critical; + pr.ldctl_value.bv_len = cookie_bv->bv_len; + pr.ldctl_value.bv_val = cookie_bv->bv_val; + + controls[0] = ≺ + controls[1] = NULL; + + rc = smbldap_search_ext(ldap_state, base, scope, filter, attrs, + 0, controls, NULL, LDAP_NO_LIMIT, res); + + ber_free(cookie_be, 1); + ber_bvfree(cookie_bv); + + if (rc != 0) { + DEBUG(3,("smbldap_search_paged: smbldap_search_ext(%s) " + "failed with [%s]\n", filter, ldap_err2string(rc))); + goto done; + } + + DEBUG(3,("smbldap_search_paged: search was successfull\n")); + + rc = ldap_parse_result(ldap_state->ldap_struct, *res, NULL, NULL, + NULL, NULL, &rcontrols, 0); + if (rc != 0) { + DEBUG(3,("smbldap_search_paged: ldap_parse_result failed " \ + "with [%s]\n", ldap_err2string(rc))); + goto done; + } + + if (rcontrols == NULL) + goto done; + + for (i=0; rcontrols[i]; i++) { + + if (strcmp(ADS_PAGE_CTL_OID, rcontrols[i]->ldctl_oid) != 0) + continue; + + cookie_be = ber_init(&rcontrols[i]->ldctl_value); + ber_scanf(cookie_be,"{iO}", &tmp, &cookie_bv); + /* the berval is the cookie, but must be freed when it is all + done */ + if (cookie_bv->bv_len) + *cookie=ber_bvdup(cookie_bv); + else + *cookie=NULL; + ber_bvfree(cookie_bv); + ber_free(cookie_be, 1); + break; + } + ldap_controls_free(rcontrols); +done: return rc; } -- cgit From f24d88cf9da46680d52b42b92bd484e7b09ce99b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 13:46:45 +0000 Subject: r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1) --- source3/lib/smbldap.c | 263 ++++---------------------------------------------- 1 file changed, 17 insertions(+), 246 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e2d78e0ecc..4a8ef63806 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 + Copyright (C) Jean François Micouleau 1998 Copyright (C) Gerald Carter 2001-2003 Copyright (C) Shahms King 2001 Copyright (C) Andrew Bartlett 2002-2003 @@ -274,71 +274,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { SAFE_FREE( list ); } -/******************************************************************* - find the ldap password -******************************************************************/ -static BOOL fetch_ldap_pw(char **dn, char** pw) -{ - char *key = NULL; - size_t size; - - *dn = smb_xstrdup(lp_ldap_admin_dn()); - - if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { - SAFE_FREE(*dn); - DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n")); - } - - *pw=secrets_fetch(key, &size); - SAFE_FREE(key); - - if (!size) { - /* Upgrade 2.2 style entry */ - char *p; - char* old_style_key = SMB_STRDUP(*dn); - char *data; - fstring old_style_pw; - - if (!old_style_key) { - DEBUG(0, ("fetch_ldap_pw: strdup failed!\n")); - return False; - } - - for (p=old_style_key; *p; p++) - if (*p == ',') *p = '/'; - - data=secrets_fetch(old_style_key, &size); - if (!size && size < sizeof(old_style_pw)) { - DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); - SAFE_FREE(old_style_key); - SAFE_FREE(*dn); - return False; - } - - size = MIN(size, sizeof(fstring)-1); - strncpy(old_style_pw, data, size); - old_style_pw[size] = 0; - - SAFE_FREE(data); - - if (!secrets_store_ldap_pw(*dn, old_style_pw)) { - DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); - SAFE_FREE(old_style_key); - SAFE_FREE(*dn); - return False; - } - if (!secrets_delete(old_style_key)) { - DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); - } - - SAFE_FREE(old_style_key); - - *pw = smb_xstrdup(old_style_pw); - } - - return True; -} - /******************************************************************* Search an attribute and return the first value found. ******************************************************************/ @@ -402,7 +337,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw) } #if 0 /* commented out after discussion with abartlet. Do not reenable. - left here so other so re-add similar code --jerry */ + left here so other do not re-add similar code --jerry */ if (value == NULL || *value == '\0') return; #endif @@ -877,8 +812,8 @@ static int smbldap_open(struct smbldap_state *ldap_state) { int rc, opt_rc; BOOL reopen = False; - SMB_ASSERT(ldap_state); + #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); @@ -1383,181 +1318,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } -/********************************************************************** - Add the sambaDomain to LDAP, so we don't have to search for this stuff - again. This is a once-add operation for now. - - TODO: Add other attributes, and allow modification. -*********************************************************************/ -static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, - const char *domain_name) -{ - fstring sid_string; - fstring algorithmic_rid_base_string; - pstring filter, dn; - LDAPMod **mods = NULL; - int rc; - int ldap_op; - LDAPMessage *result = NULL; - int num_result; - const char **attr_list; - uid_t u_low, u_high; - gid_t g_low, g_high; - uint32 rid_low, rid_high; - - slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, LDAP_OBJ_DOMINFO); - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - return NT_STATUS_UNSUCCESSFUL; - } - - num_result = ldap_count_entries(ldap_state->ldap_struct, result); - - if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing out!\n")); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Check if we need to add an entry */ - DEBUG(3,("Adding new domain\n")); - ldap_op = LDAP_MOD_ADD; - - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); - - /* Free original search */ - ldap_msgfree(result); - - /* make the changes - the entry *must* not already have samba attributes */ - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - /* If we don't have an entry, then ask secrets.tdb for what it thinks. - It may choose to make it up */ - - sid_to_string(sid_string, get_global_sam_sid()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); - - slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), - algorithmic_rid_base_string); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - - /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. - TODO: fix all the places where the line between idmap and normal operations - needed by smbd gets fuzzy --jerry 2003-08-11 */ - - if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) - && get_free_rid_range(&rid_low, &rid_high) ) - { - fstring rid_str; - - fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); - DEBUG(10,("setting next available user rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), - rid_str); - - fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); - DEBUG(10,("setting next available group rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), - rid_str); - - } - - - switch(ldap_op) - { - case LDAP_MOD_ADD: - rc = smbldap_add(ldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state, dn, mods); - break; - default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); - return NT_STATUS_INVALID_PARAMETER; - } - - if (rc!=LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", - ldap_op == LDAP_MOD_ADD ? "add" : "modify", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - - ldap_mods_free(mods, True); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); - ldap_mods_free(mods, True); - return NT_STATUS_OK; -} - -/********************************************************************** -Search for the domain info entry -*********************************************************************/ -NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, - LDAPMessage ** result, const char *domain_name, - BOOL try_add) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - pstring filter; - int rc; - const char **attr_list; - int count; - - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", - LDAP_OBJ_DOMINFO, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - DEBUG(2, ("Searching for:[%s]\n", filter)); - - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); - DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); - } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { - DEBUG(3, ("Got no domain info entries for domain\n")); - ldap_msgfree(*result); - *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { - return smbldap_search_domain_info(ldap_state, result, domain_name, False); - } - else { - DEBUG(0, ("Adding domain info for %s failed with %s\n", - domain_name, nt_errstr(ret))); - return ret; - } - } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { - DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", - count, domain_name)); - ldap_msgfree(*result); - *result = NULL; - return ret; - } else { - return NT_STATUS_OK; - } - - return ret; -} - /******************************************************************* Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. ********************************************************************/ @@ -1597,14 +1357,14 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char } if (!strequal(attrs[0], "supportedExtension") && - !strequal(attrs[0], "supportedControl")) { + !strequal(attrs[0], "supportedControl") && + !strequal(attrs[0], "namingContexts")) { DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0])); return False; } rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, - "(objectclass=*)", CONST_DISCARD(char **, attrs), - 0 , &msg); + "(objectclass=*)", attrs, 0 , &msg); if (rc != LDAP_SUCCESS) { DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n")); @@ -1652,6 +1412,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char ldap_msgfree(msg); return result; + } /******************************************************************* @@ -1673,3 +1434,13 @@ BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extensi const char *attrs[] = { "supportedExtension", NULL }; return smbldap_check_root_dse(ldap_state, attrs, extension); } + +/******************************************************************* + Check if LDAP-Server holds a given namingContext +********************************************************************/ + +BOOL smbldap_has_naming_context(struct smbldap_state *ldap_state, const char *naming_context) +{ + const char *attrs[] = { "namingContexts", NULL }; + return smbldap_check_root_dse(ldap_state, attrs, naming_context); +} -- cgit From bf3086156698a9026b0636dbe1acc7386c3d4b39 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 25 Jul 2005 18:28:39 +0000 Subject: r8757: Add debug messages so we can see what attributes and values are being set/deleted/modified in an ldap query. Jeremy. (This used to be commit 813207205436ba4ebd2148285f937c05be8ffd22) --- source3/lib/smbldap.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 4a8ef63806..d1f3f82cb5 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -431,6 +431,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { /* Believe it or not, but LDAP will deny a delete and an add at the same time if the values are the same... */ + DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n", attribute)); return; } @@ -446,6 +447,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { * in Novell NDS. In NDS you have to first remove attribute and then * you could add new value */ + DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval)); smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval); } @@ -454,6 +456,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { the old value, should it exist. */ if ((newval != NULL) && (strlen(newval) > 0)) { + DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute)); smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); } } -- cgit From 7aa9f973f25f2b09fa1d3eeeebc79a5acebf1e9a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 1 Aug 2005 19:47:57 +0000 Subject: r8892: Fix #2942 - missing value in debug ! Doh ! Jeremy. (This used to be commit 8bb12c66d37a1cfbd3069cdba408cc051e84112a) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index d1f3f82cb5..10bd56d087 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -456,7 +456,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { the old value, should it exist. */ if ((newval != NULL) && (strlen(newval) > 0)) { - DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute)); + DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute, newval)); smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval); } } -- cgit From f28bdc61f4183e1b7a2bbd6b1bb0b78e128420dd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 2 Sep 2005 13:07:42 +0000 Subject: r9953: get rid of compiler warning. Guenther (This used to be commit d4698acd5039dec0a375bb2841d02a2e305ded74) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 10bd56d087..cf7c8fc87f 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1367,7 +1367,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char } rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, - "(objectclass=*)", attrs, 0 , &msg); + "(objectclass=*)", CONST_DISCARD(char **, attrs), 0 , &msg); if (rc != LDAP_SUCCESS) { DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n")); -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/lib/smbldap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index cf7c8fc87f..f08a67a22c 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -267,7 +267,11 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return; while ( list[i] ) { - SAFE_FREE( list[i] ); + /* SAFE_FREE generates a warning here that can't be gotten rid + * of with CONST_DISCARD */ + if (list[i] != NULL) { + free(CONST_DISCARD(char *, list[i])); + } i+=1; } -- cgit From 092e3e514b092f228bfb7970a34b528a3df6d3d7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 23 Nov 2005 11:17:04 +0000 Subject: r11874: Merge LDAP connection setup in lib/smbldap.c and pdb_nds.c. Also allow to use START_TLS in the pdb_nds_update_login_attempts function when doing simple binds to eDir. Guenther (This used to be commit 04a3ac5e50e93f74dfddfead5cb3f335ce991e9a) --- source3/lib/smbldap.c | 187 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 137 insertions(+), 50 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f08a67a22c..75842ec193 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -523,24 +523,56 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) t->smbldap_state = smbldap_state; } -/******************************************************************* - open a connection to the ldap server. -******************************************************************/ -static int smbldap_open_connection (struct smbldap_state *ldap_state) +/******************************************************************** + start TLS on an existing LDAP connection +*******************************************************************/ + +int smb_ldap_start_tls(LDAP *ldap_struct, int version) +{ + int rc; + + if (lp_ldap_ssl() != LDAP_SSL_START_TLS) { + return LDAP_SUCCESS; + } + +#ifdef LDAP_OPT_X_TLS + if (version != LDAP_VERSION3) { + DEBUG(0, ("Need LDAPv3 for Start TLS\n")); + return LDAP_OPERATIONS_ERROR; + } + if ((rc = ldap_start_tls_s (ldap_struct, NULL, NULL)) != LDAP_SUCCESS) { + DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", + ldap_err2string(rc))); + return rc; + } + + DEBUG (3, ("StartTLS issued: using a TLS connection\n")); + return LDAP_SUCCESS; +#else + DEBUG(0,("StartTLS not supported by LDAP client libraries!\n")); + return LDAP_OPERATIONS_ERROR; +#endif +} + +/******************************************************************** + setup a connection to the LDAP server based on a uri +*******************************************************************/ + +int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) { - int rc = LDAP_SUCCESS; - int version; - BOOL ldap_v3 = False; - LDAP **ldap_struct = &ldap_state->ldap_struct; + int rc; + DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri)); + #ifdef HAVE_LDAP_INITIALIZE - DEBUG(10, ("smbldap_open_connection: %s\n", ldap_state->uri)); - if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) { + rc = ldap_initialize(ldap_struct, uri); + if (rc) { DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); - return rc; } + + return rc; #else /* Parse the string manually */ @@ -549,15 +581,15 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) int port = 0; fstring protocol; fstring host; - const char *p = ldap_state->uri; SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); - + + /* skip leading "URL:" (if any) */ - if ( strnequal( p, "URL:", 4 ) ) { - p += 4; + if ( strnequal( uri, "URL:", 4 ) ) { + uri += 4; } - sscanf(p, "%10[^:]://%254[^:/]:%d", protocol, host, &port); + sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port); if (port == 0) { if (strequal(protocol, "ldap")) { @@ -586,10 +618,88 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) #else DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); return LDAP_OPERATIONS_ERROR; -#endif +#endif /* LDAP_OPT_X_TLS */ } + + } +#endif /* HAVE_LDAP_INITIALIZE */ + return LDAP_SUCCESS; +} + +/******************************************************************** + try to upgrade to Version 3 LDAP if not already, in either case return current + version + *******************************************************************/ + +int smb_ldap_upgrade_conn(LDAP *ldap_struct, int *new_version) +{ + int version; + int rc; + + /* assume the worst */ + *new_version = LDAP_VERSION2; + + rc = ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); + if (rc) { + return rc; + } + + if (version == LDAP_VERSION3) { + *new_version = LDAP_VERSION3; + return LDAP_SUCCESS; + } + + /* try upgrade */ + version = LDAP_VERSION3; + rc = ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); + if (rc) { + return rc; + } + + *new_version = LDAP_VERSION3; + return LDAP_SUCCESS; +} + +/******************************************************************* + open a connection to the ldap server (just until the bind) + ******************************************************************/ + +int smb_ldap_setup_full_conn(LDAP *ldap_struct, const char *uri) +{ + int rc, version; + + rc = smb_ldap_setup_conn(&ldap_struct, uri); + if (rc) { + return rc; + } + + rc = smb_ldap_upgrade_conn(ldap_struct, &version); + if (rc) { + return rc; + } + + rc = smb_ldap_start_tls(ldap_struct, version); + if (rc) { + return rc; + } + + return LDAP_SUCCESS; +} + +/******************************************************************* + open a connection to the ldap server. +******************************************************************/ +static int smbldap_open_connection (struct smbldap_state *ldap_state) + +{ + int rc = LDAP_SUCCESS; + int version; + LDAP **ldap_struct = &ldap_state->ldap_struct; + + rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri); + if (rc) { + return rc; } -#endif /* Store the LDAP pointer in a lookup list */ @@ -597,45 +707,22 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) /* Upgrade to LDAPv3 if possible */ - if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) - { - if (version != LDAP_VERSION3) - { - version = LDAP_VERSION3; - if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { - ldap_v3 = True; - } - } else { - ldap_v3 = True; - } + rc = smb_ldap_upgrade_conn(*ldap_struct, &version); + if (rc) { + return rc; } - if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { -#ifdef LDAP_OPT_X_TLS - if (ldap_v3) { - if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) - { - DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", - ldap_err2string(rc))); - return rc; - } - DEBUG (3, ("StartTLS issued: using a TLS connection\n")); - } else { - - DEBUG(0, ("Need LDAPv3 for Start TLS\n")); - return LDAP_OPERATIONS_ERROR; - } -#else - DEBUG(0,("smbldap_open_connection: StartTLS not supported by LDAP client libraries!\n")); - return LDAP_OPERATIONS_ERROR; -#endif - } + /* Start TLS if required */ + rc = smb_ldap_start_tls(*ldap_struct, version); + if (rc) { + return rc; + } + DEBUG(2, ("smbldap_open_connection: connection opened\n")); return rc; } - /******************************************************************* a rebind function for authenticated referrals This version takes a void* that we can shove useful stuff in :-) -- cgit From 98cd8edc565cae464edd257bb811a792eea6849e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 23 Nov 2005 11:29:55 +0000 Subject: r11876: When we are using START_TLS to secure the LDAP connection, we *have* to call START_TLS again after rebinding to another LDAP server. (ldaps:// uri's are handled at by recent versions of OpenLDAP). Guenther (This used to be commit 3ccea032cb681426a1b29907a44b87b8a94e0840) --- source3/lib/smbldap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 75842ec193..a3ebe72df2 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -777,9 +777,18 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, { struct smbldap_state *ldap_state = arg; int rc; - DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); - + int version; + + DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n", + url, ldap_state->bind_dn)); + + /* call START_TLS again (ldaps:// is handled by the OpenLDAP library + * itself) before rebinding to another LDAP server to avoid to expose + * our credentials. At least *try* to secure the connection - Guenther */ + + smb_ldap_upgrade_conn(ldap_struct, &version); + smb_ldap_start_tls(ldap_struct, version); + /** @TODO Should we be doing something to check what servers we rebind to? Could we get a referral to a machine that we don't want to give our username and password to? */ -- cgit From c3a2101da021abf52d06842598325a6cef6bbc83 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 4 Jan 2006 13:04:43 +0000 Subject: r12714: Fix segfault in pdb_nds.c. Guenther (This used to be commit f78c7f8abea4cb598eca78fa3beacee8a3caee20) --- source3/lib/smbldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a3ebe72df2..609816b877 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -664,21 +664,21 @@ int smb_ldap_upgrade_conn(LDAP *ldap_struct, int *new_version) open a connection to the ldap server (just until the bind) ******************************************************************/ -int smb_ldap_setup_full_conn(LDAP *ldap_struct, const char *uri) +int smb_ldap_setup_full_conn(LDAP **ldap_struct, const char *uri) { int rc, version; - rc = smb_ldap_setup_conn(&ldap_struct, uri); + rc = smb_ldap_setup_conn(ldap_struct, uri); if (rc) { return rc; } - rc = smb_ldap_upgrade_conn(ldap_struct, &version); + rc = smb_ldap_upgrade_conn(*ldap_struct, &version); if (rc) { return rc; } - rc = smb_ldap_start_tls(ldap_struct, version); + rc = smb_ldap_start_tls(*ldap_struct, version); if (rc) { return rc; } -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/lib/smbldap.c | 221 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 173 insertions(+), 48 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 609816b877..c045be51c5 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -230,7 +230,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { Return the list of attribute names from a mapping table **********************************************************************/ - const char** get_attr_list( ATTRIB_MAP_ENTRY table[] ) + const char** get_attr_list( TALLOC_CTX *mem_ctx, ATTRIB_MAP_ENTRY table[] ) { const char **names; int i = 0; @@ -239,7 +239,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { i++; i++; - names = SMB_MALLOC_ARRAY( const char*, i ); + names = TALLOC_ARRAY( mem_ctx, const char*, i ); if ( !names ) { DEBUG(0,("get_attr_list: out of memory\n")); return NULL; @@ -247,7 +247,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { i = 0; while ( table[i].attrib != LDAP_ATTR_LIST_END ) { - names[i] = SMB_STRDUP( table[i].name ); + names[i] = talloc_strdup( names, table[i].name ); i++; } names[i] = NULL; @@ -255,29 +255,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return names; } -/********************************************************************* - Cleanup - ********************************************************************/ - - void free_attr_list( const char **list ) -{ - int i = 0; - - if ( !list ) - return; - - while ( list[i] ) { - /* SAFE_FREE generates a warning here that can't be gotten rid - * of with CONST_DISCARD */ - if (list[i] != NULL) { - free(CONST_DISCARD(char *, list[i])); - } - i+=1; - } - - SAFE_FREE( list ); -} - /******************************************************************* Search an attribute and return the first value found. ******************************************************************/ @@ -321,6 +298,88 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { sizeof(pstring)); } + char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, + const char *attribute, + TALLOC_CTX *mem_ctx) +{ + char **values; + char *result; + + if (attribute == NULL) { + return NULL; + } + + values = ldap_get_values(ldap_struct, entry, attribute); + + if (values == NULL) { + DEBUG(10, ("attribute %s does not exist\n", attribute)); + return NULL; + } + + if (ldap_count_values(values) != 1) { + DEBUG(10, ("attribute %s has %d values, expected only one\n", + attribute, ldap_count_values(values))); + ldap_value_free(values); + return NULL; + } + + if (pull_utf8_talloc(mem_ctx, &result, values[0]) < 0) { + DEBUG(10, ("pull_utf8_talloc failed\n")); + ldap_value_free(values); + return NULL; + } + + ldap_value_free(values); + +#ifdef DEBUG_PASSWORDS + DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", + attribute, result)); +#endif + return result; +} + + static int ldapmsg_destructor(void *p) { + LDAPMessage **result = talloc_get_type_abort(p, LDAPMessage *); + ldap_msgfree(*result); + return 0; +} + + void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result) +{ + LDAPMessage **handle; + + if (result == NULL) { + return; + } + + handle = TALLOC_P(mem_ctx, LDAPMessage *); + SMB_ASSERT(handle != NULL); + + *handle = result; + talloc_set_destructor(handle, ldapmsg_destructor); +} + + static int ldapmod_destructor(void *p) { + LDAPMod ***result = talloc_get_type_abort(p, LDAPMod **); + ldap_mods_free(*result, True); + return 0; +} + + void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod) +{ + LDAPMod ***handle; + + if (mod == NULL) { + return; + } + + handle = TALLOC_P(mem_ctx, LDAPMod **); + SMB_ASSERT(handle != NULL); + + *handle = mod; + talloc_set_destructor(handle, ldapmod_destructor); +} + /************************************************************************ Routine to manage the LDAPMod structure array manage memory used by the array, by each struct, and values @@ -1041,6 +1100,14 @@ static int another_ldap_try(struct smbldap_state *ldap_state, int *rc, return True; } + if (open_rc == LDAP_INSUFFICIENT_ACCESS) { + /* The fact that we are non-root or any other + * access-denied condition will not change in the next + * round of trying */ + *rc = open_rc; + break; + } + if (got_alarm) { *rc = LDAP_TIMEOUT; break; @@ -1123,12 +1190,22 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state, alarm(lp_ldap_timeout()); /* End setup timeout. */ - while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { rc = ldap_search_ext_s(ldap_state->ldap_struct, base, scope, utf8_filter, CONST_DISCARD(char **, attrs), attrsonly, sctrls, cctrls, &timeout, sizelimit, res); + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(10,("Failed search for base: %s, error: %s " + "(%s)\n", base, ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + } + } SAFE_FREE(utf8_filter); @@ -1257,8 +1334,18 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at return LDAP_NO_MEMORY; } - while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs); + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(10,("Failed to modify dn: %s, error: %s " + "(%s)\n", dn, ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + } + } SAFE_FREE(utf8_dn); return rc; @@ -1279,8 +1366,18 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs return LDAP_NO_MEMORY; } - while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs); + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(10,("Failed to add dn: %s, error: %s " + "(%s)\n", dn, ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + } + } SAFE_FREE(utf8_dn); return rc; @@ -1301,8 +1398,18 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) return LDAP_NO_MEMORY; } - while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn); + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(10,("Failed to delete dn: %s, error: %s " + "(%s)\n", dn, ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + } + } SAFE_FREE(utf8_dn); return rc; @@ -1320,34 +1427,33 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, if (!ldap_state) return (-1); - while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) + while (another_ldap_try(ldap_state, &rc, &attempts, endtime)) { rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap); + if (rc != LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(10,("Extended operation failed with error: %s " + "(%s)\n", ldap_err2string(rc), + ld_error ? ld_error : "unknown")); + SAFE_FREE(ld_error); + } + } + return rc; } /******************************************************************* run the search by name. ******************************************************************/ -int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, - const char **search_attr, LDAPMessage ** result) +int smbldap_search_suffix (struct smbldap_state *ldap_state, + const char *filter, const char **search_attr, + LDAPMessage ** result) { - int scope = LDAP_SCOPE_SUBTREE; - int rc; - - rc = smbldap_search(ldap_state, lp_ldap_suffix(), scope, filter, search_attr, 0, result); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, - &ld_error); - DEBUG(0,("smbldap_search_suffix: Problem during the LDAP search: %s (%s)\n", - ld_error?ld_error:"(unknown)", ldap_err2string (rc))); - SAFE_FREE(ld_error); - } - - return rc; + return smbldap_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, + filter, search_attr, 0, result); } static void smbldap_idle_fn(void **data, time_t *interval, time_t now) @@ -1442,6 +1548,25 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) return unix_dn; } + const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, + LDAPMessage *entry) +{ + char *utf8_dn, *unix_dn; + + utf8_dn = ldap_get_dn(ld, entry); + if (!utf8_dn) { + DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); + return NULL; + } + if (pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn) == (size_t)-1) { + DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 " + "[%s]\n", utf8_dn)); + return NULL; + } + ldap_memfree(utf8_dn); + return unix_dn; +} + /******************************************************************* Check if root-dse has a certain Control or Extension ********************************************************************/ -- cgit From 9fffb6ab5b9eebdc3173ad63b90aec974f18ab53 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 26 Feb 2006 12:25:34 +0000 Subject: r13693: More Solaris/LDAP fixes from Bjoern (This used to be commit 7c098ca0ae4c7e11c7100fb09b42ce716beffb56) --- source3/lib/smbldap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c045be51c5..e54464a49b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -999,7 +999,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) #endif if (reopen) { /* the other end has died. reopen. */ - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_unbind(ldap_state->ldap_struct); ldap_state->ldap_struct = NULL; ldap_state->last_ping = (time_t)0; } else { @@ -1017,7 +1017,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) } if ((rc = smbldap_connect_system(ldap_state, ldap_state->ldap_struct))) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_unbind(ldap_state->ldap_struct); ldap_state->ldap_struct = NULL; return rc; } @@ -1039,7 +1039,7 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) return NT_STATUS_INVALID_PARAMETER; if (ldap_state->ldap_struct != NULL) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); + ldap_unbind(ldap_state->ldap_struct); ldap_state->ldap_struct = NULL; } -- cgit From 1b0211ca131e2c568ee445e96c38e5ea67e2ddb6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 9 Mar 2006 09:08:11 +0000 Subject: r14060: Only set the last rebind timestamp when we did rebind after a non-read LDAP operation. That way we avoid the replication sleep after a simple redirected search operation Guenther (This used to be commit d236caac211ff45a3e2da73a3b0316194740a722) --- source3/lib/smbldap.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e54464a49b..327c5a7c4d 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -853,8 +853,27 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, username and password to? */ rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); - - GetTimeOfDay(&ldap_state->last_rebind); + + /* only set the last rebind timestamp when we did rebind after a + * non-read LDAP operation. That way we avoid the replication sleep + * after a simple redirected search operation - Guenther */ + + switch (request) { + + case LDAP_REQ_MODIFY: + case LDAP_REQ_ADD: + case LDAP_REQ_DELETE: + case LDAP_REQ_MODDN: + case LDAP_REQ_EXTENDED: + DEBUG(10,("rebindproc_connect_with_state: " + "setting last_rebind timestamp " + "(req: 0x%02x)\n", request)); + GetTimeOfDay(&ldap_state->last_rebind); + break; + default: + ZERO_STRUCT(ldap_state->last_rebind); + break; + } return rc; } -- cgit From f6071a90c723e95ed040231aa84b30e87e41e726 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 13 Mar 2006 21:11:15 +0000 Subject: r14345: Fix Coverity #71. We don't currently propagate *any* alloc error back up the stack from smbldap_set_mod() so ensure we abort correctly. Jeremy. (This used to be commit 9a1e35079af9404e1775e2a098990277b3771086) --- source3/lib/smbldap.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 327c5a7c4d..a81829b331 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -408,8 +408,9 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if (mods == NULL) { mods = SMB_MALLOC_P(LDAPMod *); if (mods == NULL) { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; + smb_panic("smbldap_set_mod: out of memory!\n"); + /* notreached. */ + abort(); } mods[0] = NULL; } @@ -422,13 +423,15 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if (mods[i] == NULL) { mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2); if (mods == NULL) { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; + smb_panic("smbldap_set_mod: out of memory!\n"); + /* notreached. */ + abort(); } mods[i] = SMB_MALLOC_P(LDAPMod); if (mods[i] == NULL) { - DEBUG(0, ("make_a_mod: out of memory!\n")); - return; + smb_panic("smbldap_set_mod: out of memory!\n"); + /* notreached. */ + abort(); } mods[i]->mod_op = modop; mods[i]->mod_values = NULL; @@ -446,13 +449,15 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2); if (mods[i]->mod_values == NULL) { - DEBUG (0, ("make_a_mod: Memory allocation failure!\n")); - return; + smb_panic("smbldap_set_mod: out of memory!\n"); + /* notreached. */ + abort(); } if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) { - DEBUG (0, ("make_a_mod: String conversion failure!\n")); - return; + smb_panic("smbldap_set_mod: String conversion failure!\n"); + /* notreached. */ + abort(); } mods[i]->mod_values[j] = utf8_value; -- cgit From 65fa8a1a4575ba4e5a0bd3c2285b7e19d969a06b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 15 Mar 2006 23:10:38 +0000 Subject: r14462: Fix warning. ber_tag_t is an unsigned int for printing purposes. Jeremy. (This used to be commit 3c33eda430426e40e179799e7341db10c4b2e98e) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a81829b331..e4cb25104b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -872,7 +872,7 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, case LDAP_REQ_EXTENDED: DEBUG(10,("rebindproc_connect_with_state: " "setting last_rebind timestamp " - "(req: 0x%02x)\n", request)); + "(req: 0x%02x)\n", (unsigned int)request)); GetTimeOfDay(&ldap_state->last_rebind); break; default: -- cgit From 22bed618b6aacd2986592c388ae3360f3df02d02 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 16 May 2006 13:26:49 +0000 Subject: r15633: Minor smbldap/pdb_ldap cleanup Guenther (This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0) --- source3/lib/smbldap.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index e4cb25104b..bca984444d 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -981,7 +981,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); - if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) { + if (smbldap_has_control(ldap_state->ldap_struct, ADS_PAGE_CTL_OID) && version == 3) { ldap_state->paged_results = True; } @@ -1554,7 +1554,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ /******************************************************************* Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. ********************************************************************/ - char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) { char *utf8_dn, *unix_dn; @@ -1595,7 +1594,7 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) Check if root-dse has a certain Control or Extension ********************************************************************/ -static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value) +static BOOL smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value) { LDAPMessage *msg = NULL; LDAPMessage *entry = NULL; @@ -1615,7 +1614,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char return False; } - rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE, + rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", CONST_DISCARD(char **, attrs), 0 , &msg); if (rc != LDAP_SUCCESS) { @@ -1623,21 +1622,21 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char return False; } - num_result = ldap_count_entries(ldap_state->ldap_struct, msg); + num_result = ldap_count_entries(ld, msg); if (num_result != 1) { DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result)); goto done; } - entry = ldap_first_entry(ldap_state->ldap_struct, msg); + entry = ldap_first_entry(ld, msg); if (entry == NULL) { DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n")); goto done; } - values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]); + values = ldap_get_values(ld, entry, attrs[0]); if (values == NULL) { DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0])); @@ -1671,28 +1670,28 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char Check if LDAP-Server supports a certain Control (OID in string format) ********************************************************************/ -BOOL smbldap_has_control(struct smbldap_state *ldap_state, const char *control) +BOOL smbldap_has_control(LDAP *ld, const char *control) { const char *attrs[] = { "supportedControl", NULL }; - return smbldap_check_root_dse(ldap_state, attrs, control); + return smbldap_check_root_dse(ld, attrs, control); } /******************************************************************* Check if LDAP-Server supports a certain Extension (OID in string format) ********************************************************************/ -BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extension) +BOOL smbldap_has_extension(LDAP *ld, const char *extension) { const char *attrs[] = { "supportedExtension", NULL }; - return smbldap_check_root_dse(ldap_state, attrs, extension); + return smbldap_check_root_dse(ld, attrs, extension); } /******************************************************************* Check if LDAP-Server holds a given namingContext ********************************************************************/ -BOOL smbldap_has_naming_context(struct smbldap_state *ldap_state, const char *naming_context) +BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context) { const char *attrs[] = { "namingContexts", NULL }; - return smbldap_check_root_dse(ldap_state, attrs, naming_context); + return smbldap_check_root_dse(ld, attrs, naming_context); } -- cgit From 4fe9d1f89794ab4576baebe1ba6038d0ca9c8ddb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jun 2006 19:25:21 +0000 Subject: r15995: Make smbldap obey config tests. Patch from "John E. Malmberg" . Jeremy. (This used to be commit 93dd476a9108adde42de422e1886bbaee75b952b) --- source3/lib/smbldap.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index bca984444d..dfa6782afe 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -944,6 +944,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", ldap_state->uri, ldap_dn)); +#ifdef HAVE_LDAP_SET_REBIND_PROC #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) # if LDAP_SET_REBIND_PROC_ARGS == 2 ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); @@ -959,6 +960,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); # endif #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ +#endif rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); @@ -1009,7 +1011,11 @@ static int smbldap_open(struct smbldap_state *ldap_state) if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) { +#ifdef HAVE_UNIXSOCKET struct sockaddr_un addr; +#else + struct sockaddr addr; +#endif socklen_t len = sizeof(addr); int sd; -- cgit From 38060f70a561ee9b71038bf5909b6fdf4872c4c4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 9 Jun 2006 13:04:47 +0000 Subject: r16122: As we use 'inetOrgPerson' as structural objectclass for new accounts for eDir, we already add 'sn' as required attribute on LDAP add operations. When we modify an entry, we need to request 'sn' as well in our attribute lists, so that we don't try to add it a second time. Guenther (This used to be commit e018ea3d1d70e68e6802843f88b3245dc09244c9) --- source3/lib/smbldap.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index dfa6782afe..5b18f4e311 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -52,6 +52,7 @@ ATTRIB_MAP_ENTRY attrib_map_v22[] = { { LDAP_ATTR_LOGOFF_TIME, "logoffTime" }, { LDAP_ATTR_KICKOFF_TIME, "kickoffTime" }, { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_SN, "sn" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_HOME_PATH, "smbHome" }, { LDAP_ATTR_HOME_DRIVE, "homeDrive" }, @@ -106,6 +107,7 @@ ATTRIB_MAP_ENTRY attrib_map_v30[] = { { LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" }, { LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" }, { LDAP_ATTR_CN, "cn" }, + { LDAP_ATTR_SN, "sn" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" }, { LDAP_ATTR_HOME_PATH, "sambaHomePath" }, -- cgit From 8bd19b15e3db1d7c4d96298182114ef15bde2f78 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 Jun 2006 18:01:25 +0000 Subject: r16687: Fix bugs #3901, #3902, #3903 reported by jason@ncac.gwu.edu. Jeremy (This used to be commit c4896b17faa6802f18cc1cec7fcc6168bde2eef0) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 5b18f4e311..a63e1c1bcc 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -325,7 +325,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return NULL; } - if (pull_utf8_talloc(mem_ctx, &result, values[0]) < 0) { + if (pull_utf8_talloc(mem_ctx, &result, values[0]) == (size_t)-1) { DEBUG(10, ("pull_utf8_talloc failed\n")); ldap_value_free(values); return NULL; -- cgit From 1cf1e648feed823244731eef5f56bd34e15cb045 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 04:30:55 +0000 Subject: r17334: Some C++ warnings (This used to be commit 8ae7ed1f3cecbb5285313d17b5f9511e2e622f0b) --- source3/lib/smbldap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a63e1c1bcc..a157ff132b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -841,7 +841,8 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, ber_tag_t request, ber_int_t msgid, void *arg) { - struct smbldap_state *ldap_state = arg; + struct smbldap_state *ldap_state = + (struct smbldap_state *)arg; int rc; int version; @@ -1289,7 +1290,7 @@ int smbldap_search_paged(struct smbldap_state *ldap_state, /* construct cookie */ if (*cookie != NULL) { ber_printf(cookie_be, "{iO}", (ber_int_t) pagesize, *cookie); - ber_bvfree(*cookie); /* don't need it from last time */ + ber_bvfree((struct berval *)*cookie); /* don't need it from last time */ *cookie = NULL; } else { ber_printf(cookie_be, "{io}", (ber_int_t) pagesize, "", 0); -- cgit From 3bc4fd1bb9bfbd0e0efd89d47c50bf798e5a1481 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Aug 2006 19:14:25 +0000 Subject: r17924: Get rid of warnings now that talloc is merged. Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf) --- source3/lib/smbldap.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a157ff132b..b46ab4d750 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -340,8 +340,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return result; } - static int ldapmsg_destructor(void *p) { - LDAPMessage **result = talloc_get_type_abort(p, LDAPMessage *); + static int ldapmsg_destructor(LDAPMessage **result) { ldap_msgfree(*result); return 0; } @@ -361,9 +360,8 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { talloc_set_destructor(handle, ldapmsg_destructor); } - static int ldapmod_destructor(void *p) { - LDAPMod ***result = talloc_get_type_abort(p, LDAPMod **); - ldap_mods_free(*result, True); + static int ldapmod_destructor(LDAPMod ***mod) { + ldap_mods_free(*mod, True); return 0; } -- cgit From 258a465e20e007a30043220367d17ecfc87b4f90 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 18 Sep 2006 07:52:16 +0000 Subject: r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END() and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d) --- source3/lib/smbldap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index b46ab4d750..85dd5fa3d6 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -572,7 +572,6 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) { struct smbldap_state *tmp_ldap_state; struct smbldap_state_lookup *t; - struct smbldap_state_lookup *tmp; if ((tmp_ldap_state = smbldap_find_state(ld))) { SMB_ASSERT(tmp_ldap_state == smbldap_state); @@ -582,7 +581,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state) t = SMB_XMALLOC_P(struct smbldap_state_lookup); ZERO_STRUCTP(t); - DLIST_ADD_END(smbldap_state_lookup_list, t, tmp); + DLIST_ADD_END(smbldap_state_lookup_list, t, struct smbldap_state_lookup *); t->ld = ld; t->smbldap_state = smbldap_state; } -- cgit From 4225f9a4bd5eece4d57820bbabb7b882610aa7cc Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 12 Dec 2006 14:52:13 +0000 Subject: r20116: Start merging in the work done to create the new idmap subsystem. Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b) --- source3/lib/smbldap.c | 75 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 25 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 85dd5fa3d6..2fe0d5b86e 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -803,20 +803,27 @@ static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, if (freeit) { SAFE_FREE(*whop); - memset(*credp, '\0', strlen(*credp)); + if (*credp) { + memset(*credp, '\0', strlen(*credp)); + } SAFE_FREE(*credp); } else { DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); + ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]")); - *whop = SMB_STRDUP(ldap_state->bind_dn); - if (!*whop) { - return LDAP_NO_MEMORY; - } - *credp = SMB_STRDUP(ldap_state->bind_secret); - if (!*credp) { - SAFE_FREE(*whop); - return LDAP_NO_MEMORY; + if (ldap_state->anonymous) { + *whop = NULL; + *credp = NULL; + } else { + *whop = SMB_STRDUP(ldap_state->bind_dn); + if (!*whop) { + return LDAP_NO_MEMORY; + } + *credp = SMB_STRDUP(ldap_state->bind_secret); + if (!*credp) { + SAFE_FREE(*whop); + return LDAP_NO_MEMORY; + } } *methodp = LDAP_AUTH_SIMPLE; } @@ -844,7 +851,7 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct, int version; DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n", - url, ldap_state->bind_dn)); + url, ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]")); /* call START_TLS again (ldaps:// is handled by the OpenLDAP library * itself) before rebinding to another LDAP server to avoid to expose @@ -925,24 +932,22 @@ static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_struct) { int rc; - char *ldap_dn; - char *ldap_secret; int version; - /* get the password */ - if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); - return LDAP_INVALID_CREDENTIALS; - } + if (!ldap_state->anonimous && !ldap_state->bind_dn) { - ldap_state->bind_dn = ldap_dn; - ldap_state->bind_secret = ldap_secret; + /* get the default dn and password only if they are not set already */ + if (!fetch_ldap_pw(&ldap_state->bind_dn, &ldap_state->bind_secret)) { + DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); + return LDAP_INVALID_CREDENTIALS; + } + } /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite (OpenLDAP) doesnt' seem to support it */ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", - ldap_state->uri, ldap_dn)); + ldap_state->uri, ldap_state->bind_dn)); #ifdef HAVE_LDAP_SET_REBIND_PROC #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) @@ -962,7 +967,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ #endif - rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); + rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; @@ -971,7 +976,8 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ DEBUG(ldap_state->num_failures ? 2 : 0, ("failed to bind to server %s with dn=\"%s\" Error: %s\n\t%s\n", ldap_state->uri, - ldap_dn ? ldap_dn : "(unknown)", ldap_err2string(rc), + ldap_state->bind_dn ? ldap_state->bind_dn : "[Anonymous bind]", + ldap_err2string(rc), ld_error ? ld_error : "(unknown)")); SAFE_FREE(ld_error); ldap_state->num_failures++; @@ -1078,8 +1084,6 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) DEBUG(5,("The connection to the LDAP server was closed\n")); /* maybe free the results here --metze */ - - return NT_STATUS_OK; } @@ -1701,3 +1705,24 @@ BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context) const char *attrs[] = { "namingContexts", NULL }; return smbldap_check_root_dse(ld, attrs, naming_context); } + +BOOL smbldap_set_creds(struct smbldap_state *ldap_state, BOOL anon, const char *dn, const char *secret) +{ + ldap_state->anonimous = anon; + + /* free any previously set credential */ + + SAFE_FREE(ldap_state->bind_dn); + if (ldap_state->bind_secret) { + /* make sure secrets are zeroed out of memory */ + memset(ldap_state->bind_secret, '\0', strlen(ldap_state->bind_secret)); + SAFE_FREE(ldap_state->bind_secret); + } + + if ( ! anon) { + ldap_state->bind_dn = SMB_STRDUP(dn); + ldap_state->bind_secret = SMB_STRDUP(secret); + } + + return True; +} -- cgit From 55e70f69871f43328cc05104c150f76212eb369a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 16 Dec 2006 17:54:16 +0000 Subject: r20215: Next step trying to fix the Solaris build. I think "anonimous" is correctly spelled "anonymous". The Solaris compile is referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check. Thanks, Volker (This used to be commit a77d8fa08e5a7c9c0c7c415ce3b7848b265b4b95) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2fe0d5b86e..aa039294d2 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -934,7 +934,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ int rc; int version; - if (!ldap_state->anonimous && !ldap_state->bind_dn) { + if (!ldap_state->anonymous && !ldap_state->bind_dn) { /* get the default dn and password only if they are not set already */ if (!fetch_ldap_pw(&ldap_state->bind_dn, &ldap_state->bind_secret)) { @@ -1708,7 +1708,7 @@ BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context) BOOL smbldap_set_creds(struct smbldap_state *ldap_state, BOOL anon, const char *dn, const char *secret) { - ldap_state->anonimous = anon; + ldap_state->anonymous = anon; /* free any previously set credential */ -- cgit From 297ba8dd9cae200feb017f51c29a6375c7d586b0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 9 Feb 2007 20:58:17 +0000 Subject: r21263: getpeername() returning -1 is not a reliable indication if a TCP connection is dead. Might be my code, this rings a very distant bell... Attempt to fix bug # 4372. Volker (This used to be commit 730cc3dc1e332449f3e902217ccb9cc3057b9ef3) --- source3/lib/smbldap.c | 85 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 70 insertions(+), 15 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index aa039294d2..f3a86b0fb3 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1232,12 +1232,23 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state, sizelimit, res); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; + int ld_errno; + + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_RESULT_CODE, &ld_errno); + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(10,("Failed search for base: %s, error: %s " - "(%s)\n", base, ldap_err2string(rc), - ld_error ? ld_error : "unknown")); + DEBUG(10, ("Failed search for base: %s, error: %d (%s) " + "(%s)\n", base, ld_errno, + ldap_err2string(rc), + ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + + if (ld_errno == LDAP_SERVER_DOWN) { + ldap_unbind(ldap_state->ldap_struct); + ldap_state->ldap_struct = NULL; + } } } @@ -1372,12 +1383,23 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; + int ld_errno; + + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_RESULT_CODE, &ld_errno); + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(10,("Failed to modify dn: %s, error: %s " - "(%s)\n", dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown")); + DEBUG(10, ("Failed to modify dn: %s, error: %d (%s) " + "(%s)\n", dn, ld_errno, + ldap_err2string(rc), + ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + + if (ld_errno == LDAP_SERVER_DOWN) { + ldap_unbind(ldap_state->ldap_struct); + ldap_state->ldap_struct = NULL; + } } } @@ -1404,12 +1426,23 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; + int ld_errno; + + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_RESULT_CODE, &ld_errno); + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(10,("Failed to add dn: %s, error: %s " - "(%s)\n", dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown")); + DEBUG(10, ("Failed to add dn: %s, error: %d (%s) " + "(%s)\n", dn, ld_errno, + ldap_err2string(rc), + ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + + if (ld_errno == LDAP_SERVER_DOWN) { + ldap_unbind(ldap_state->ldap_struct); + ldap_state->ldap_struct = NULL; + } } } @@ -1436,12 +1469,23 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; + int ld_errno; + + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_RESULT_CODE, &ld_errno); + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(10,("Failed to delete dn: %s, error: %s " - "(%s)\n", dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown")); + DEBUG(10, ("Failed to delete dn: %s, error: %d (%s) " + "(%s)\n", dn, ld_errno, + ldap_err2string(rc), + ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + + if (ld_errno == LDAP_SERVER_DOWN) { + ldap_unbind(ldap_state->ldap_struct); + ldap_state->ldap_struct = NULL; + } } } @@ -1467,12 +1511,23 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, clientctrls, retoidp, retdatap); if (rc != LDAP_SUCCESS) { char *ld_error = NULL; + int ld_errno; + + ldap_get_option(ldap_state->ldap_struct, + LDAP_OPT_RESULT_CODE, &ld_errno); + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(10,("Extended operation failed with error: %s " - "(%s)\n", ldap_err2string(rc), - ld_error ? ld_error : "unknown")); + DEBUG(10, ("Extended operation failed with error: " + "%d (%s) (%s)\n", ld_errno, + ldap_err2string(rc), + ld_error ? ld_error : "unknown")); SAFE_FREE(ld_error); + + if (ld_errno == LDAP_SERVER_DOWN) { + ldap_unbind(ldap_state->ldap_struct); + ldap_state->ldap_struct = NULL; + } } } -- cgit From c1f9a387cb6ebc298f20c95d85301a8d30c9474d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 9 Feb 2007 21:25:22 +0000 Subject: r21264: LDAP_OPT_ERROR_NUMBER seems more portable than LDAP_OPT_RESULT_CODE (This used to be commit 1b3239f2abea9146c7d0d4af06c47a63e0caf006) --- source3/lib/smbldap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f3a86b0fb3..c102c2185f 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1235,7 +1235,7 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state, int ld_errno; ldap_get_option(ldap_state->ldap_struct, - LDAP_OPT_RESULT_CODE, &ld_errno); + LDAP_OPT_ERROR_NUMBER, &ld_errno); ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -1386,7 +1386,7 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at int ld_errno; ldap_get_option(ldap_state->ldap_struct, - LDAP_OPT_RESULT_CODE, &ld_errno); + LDAP_OPT_ERROR_NUMBER, &ld_errno); ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -1429,7 +1429,7 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs int ld_errno; ldap_get_option(ldap_state->ldap_struct, - LDAP_OPT_RESULT_CODE, &ld_errno); + LDAP_OPT_ERROR_NUMBER, &ld_errno); ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -1472,7 +1472,7 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) int ld_errno; ldap_get_option(ldap_state->ldap_struct, - LDAP_OPT_RESULT_CODE, &ld_errno); + LDAP_OPT_ERROR_NUMBER, &ld_errno); ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); @@ -1514,7 +1514,7 @@ int smbldap_extended_operation(struct smbldap_state *ldap_state, int ld_errno; ldap_get_option(ldap_state->ldap_struct, - LDAP_OPT_RESULT_CODE, &ld_errno); + LDAP_OPT_ERROR_NUMBER, &ld_errno); ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); -- cgit From 0d91334fe799f6b50a8265f9dc097411c3a29e18 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Mar 2007 16:49:16 +0000 Subject: r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997) --- source3/lib/smbldap.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c102c2185f..5b9ec1d55b 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -999,6 +999,11 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ return rc; } +static void smbldap_idle_fn(struct event_context *event_ctx, + struct timed_event *te, + const struct timeval *now, + void *private_data); + /********************************************************************** Connect to LDAP server (called before every ldap operation) *********************************************************************/ @@ -1061,6 +1066,16 @@ static int smbldap_open(struct smbldap_state *ldap_state) ldap_state->last_ping = time(NULL); ldap_state->pid = sys_getpid(); + + TALLOC_FREE(ldap_state->idle_event); + + if (ldap_state->event_context != NULL) { + ldap_state->idle_event = event_add_timed( + ldap_state->event_context, NULL, + timeval_current_ofs(SMBLDAP_IDLE_TIME, 0), + "smbldap_idle_fn", smbldap_idle_fn, ldap_state); + } + DEBUG(4,("The LDAP server is succesfully connected\n")); return LDAP_SUCCESS; @@ -1545,17 +1560,28 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state, filter, search_attr, 0, result); } -static void smbldap_idle_fn(void **data, time_t *interval, time_t now) +static void smbldap_idle_fn(struct event_context *event_ctx, + struct timed_event *te, + const struct timeval *now, + void *private_data) { - struct smbldap_state *state = (struct smbldap_state *)(*data); + struct smbldap_state *state = (struct smbldap_state *)private_data; + + TALLOC_FREE(state->idle_event); if (state->ldap_struct == NULL) { DEBUG(10,("ldap connection not connected...\n")); return; } - if ((state->last_use+SMBLDAP_IDLE_TIME) > now) { + if ((state->last_use+SMBLDAP_IDLE_TIME) > now->tv_sec) { DEBUG(10,("ldap connection not idle...\n")); + + state->idle_event = event_add_timed( + event_ctx, NULL, + timeval_current_ofs(SMBLDAP_IDLE_TIME, 0), + "smbldap_idle_fn", smbldap_idle_fn, + private_data); return; } @@ -1578,7 +1604,7 @@ void smbldap_free_struct(struct smbldap_state **ldap_state) SAFE_FREE((*ldap_state)->bind_dn); SAFE_FREE((*ldap_state)->bind_secret); - smb_unregister_idle_event((*ldap_state)->event_id); + TALLOC_FREE((*ldap_state)->idle_event); *ldap_state = NULL; @@ -1590,7 +1616,9 @@ void smbldap_free_struct(struct smbldap_state **ldap_state) Intitalise the 'general' ldap structures, on which ldap operations may be conducted *********************************************************************/ -NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) +NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, + const char *location, + struct smbldap_state **smbldap_state) { *smbldap_state = TALLOC_ZERO_P(mem_ctx, struct smbldap_state); if (!*smbldap_state) { @@ -1604,14 +1632,7 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ (*smbldap_state)->uri = "ldap://localhost"; } - (*smbldap_state)->event_id = - smb_register_idle_event(smbldap_idle_fn, (void *)(*smbldap_state), - SMBLDAP_IDLE_TIME); - - if ((*smbldap_state)->event_id == SMB_EVENT_ID_INVALID) { - DEBUG(0,("Failed to register LDAP idle event!\n")); - return NT_STATUS_INVALID_HANDLE; - } + (*smbldap_state)->event_context = event_ctx; return NT_STATUS_OK; } -- cgit From 77a4b251130b8c187ae89f5d62160ad5cfcb6d14 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Mar 2007 18:32:26 +0000 Subject: r21785: Avoid an unnecessary gettimeofday() call Volker (This used to be commit a0af6ff736077725cc7d31d9cdecd024fc7e17a1) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 5b9ec1d55b..cffc9389d7 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1579,7 +1579,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx, state->idle_event = event_add_timed( event_ctx, NULL, - timeval_current_ofs(SMBLDAP_IDLE_TIME, 0), + timeval_add(now, SMBLDAP_IDLE_TIME, 0), "smbldap_idle_fn", smbldap_idle_fn, private_data); return; -- cgit From c99449016b2ccd0c9f35e3867a96ed3500d2f064 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 11 Jun 2007 00:05:48 +0000 Subject: r23411: We were missing displayName and that was preventing us from successfully deleting an entry when "account" is the STRUCTURAL objectclass used for users and machines. "account" is used each time the user entry is in /etc/passwd and we have only the samba attributes in ldap, as well as for rfc2307(bis) standard based directories. (This used to be commit e6399f1aa1c98d2d6e700245bb95c84f7e173236) --- source3/lib/smbldap.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index cffc9389d7..f8cb8f4a25 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -138,6 +138,7 @@ ATTRIB_MAP_ENTRY attrib_map_to_delete_v30[] = { { LDAP_ATTR_LOGON_TIME, "sambaLogonTime" }, { LDAP_ATTR_LOGOFF_TIME, "sambaLogoffTime" }, { LDAP_ATTR_KICKOFF_TIME, "sambaKickoffTime" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_HOME_DRIVE, "sambaHomeDrive" }, { LDAP_ATTR_HOME_PATH, "sambaHomePath" }, { LDAP_ATTR_LOGON_SCRIPT, "sambaLogonScript" }, -- cgit From b1ce226af8b61ad7e3c37860a59c6715012e738b Mon Sep 17 00:00:00 2001 From: James Peach Date: Fri, 15 Jun 2007 21:58:49 +0000 Subject: r23510: Tidy calls to smb_panic by removing trailing newlines. Print the failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713) --- source3/lib/smbldap.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f8cb8f4a25..1cfb5f89a7 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -409,9 +409,8 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if (mods == NULL) { mods = SMB_MALLOC_P(LDAPMod *); if (mods == NULL) { - smb_panic("smbldap_set_mod: out of memory!\n"); + smb_panic("smbldap_set_mod: out of memory!"); /* notreached. */ - abort(); } mods[0] = NULL; } @@ -424,15 +423,13 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if (mods[i] == NULL) { mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2); if (mods == NULL) { - smb_panic("smbldap_set_mod: out of memory!\n"); + smb_panic("smbldap_set_mod: out of memory!"); /* notreached. */ - abort(); } mods[i] = SMB_MALLOC_P(LDAPMod); if (mods[i] == NULL) { - smb_panic("smbldap_set_mod: out of memory!\n"); + smb_panic("smbldap_set_mod: out of memory!"); /* notreached. */ - abort(); } mods[i]->mod_op = modop; mods[i]->mod_values = NULL; @@ -450,15 +447,13 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2); if (mods[i]->mod_values == NULL) { - smb_panic("smbldap_set_mod: out of memory!\n"); + smb_panic("smbldap_set_mod: out of memory!"); /* notreached. */ - abort(); } if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) { - smb_panic("smbldap_set_mod: String conversion failure!\n"); + smb_panic("smbldap_set_mod: String conversion failure!"); /* notreached. */ - abort(); } mods[i]->mod_values[j] = utf8_value; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 1cfb5f89a7..9d63e95075 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -9,7 +9,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/smbldap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 9d63e95075..2cfbc657a6 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -18,8 +18,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/smbldap.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 2cfbc657a6..6f9ecb1a31 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -261,7 +261,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { Search an attribute and return the first value found. ******************************************************************/ - BOOL smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, + bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, char *value, int max_len) { @@ -292,7 +292,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return True; } - BOOL smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, + bool smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, const char *attribute, pstring value) { return smbldap_get_single_attribute(ldap_struct, entry, @@ -472,7 +472,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { const char *attribute, const char *newval) { char oldval[2048]; /* current largest allowed value is mungeddial */ - BOOL existed; + bool existed; if (attribute == NULL) { /* This can actually happen for ldapsam_compat where we for @@ -1005,7 +1005,7 @@ static void smbldap_idle_fn(struct event_context *event_ctx, static int smbldap_open(struct smbldap_state *ldap_state) { int rc, opt_rc; - BOOL reopen = False; + bool reopen = False; SMB_ASSERT(ldap_state); #ifndef NO_LDAP_SECURITY @@ -1097,7 +1097,7 @@ static NTSTATUS smbldap_close(struct smbldap_state *ldap_state) return NT_STATUS_OK; } -static BOOL got_alarm; +static bool got_alarm; static void (*old_handler)(int); @@ -1294,7 +1294,7 @@ int smbldap_search_paged(struct smbldap_state *ldap_state, BerElement *cookie_be = NULL; struct berval *cookie_bv = NULL; int tmp = 0, i, rc; - BOOL critical = True; + bool critical = True; *res = NULL; @@ -1675,13 +1675,13 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) Check if root-dse has a certain Control or Extension ********************************************************************/ -static BOOL smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value) +static bool smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value) { LDAPMessage *msg = NULL; LDAPMessage *entry = NULL; char **values = NULL; int rc, num_result, num_values, i; - BOOL result = False; + bool result = False; if (!attrs[0]) { DEBUG(3,("smbldap_check_root_dse: nothing to look for\n")); @@ -1751,7 +1751,7 @@ static BOOL smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *val Check if LDAP-Server supports a certain Control (OID in string format) ********************************************************************/ -BOOL smbldap_has_control(LDAP *ld, const char *control) +bool smbldap_has_control(LDAP *ld, const char *control) { const char *attrs[] = { "supportedControl", NULL }; return smbldap_check_root_dse(ld, attrs, control); @@ -1761,7 +1761,7 @@ BOOL smbldap_has_control(LDAP *ld, const char *control) Check if LDAP-Server supports a certain Extension (OID in string format) ********************************************************************/ -BOOL smbldap_has_extension(LDAP *ld, const char *extension) +bool smbldap_has_extension(LDAP *ld, const char *extension) { const char *attrs[] = { "supportedExtension", NULL }; return smbldap_check_root_dse(ld, attrs, extension); @@ -1771,13 +1771,13 @@ BOOL smbldap_has_extension(LDAP *ld, const char *extension) Check if LDAP-Server holds a given namingContext ********************************************************************/ -BOOL smbldap_has_naming_context(LDAP *ld, const char *naming_context) +bool smbldap_has_naming_context(LDAP *ld, const char *naming_context) { const char *attrs[] = { "namingContexts", NULL }; return smbldap_check_root_dse(ld, attrs, naming_context); } -BOOL smbldap_set_creds(struct smbldap_state *ldap_state, BOOL anon, const char *dn, const char *secret) +bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret) { ldap_state->anonymous = anon; -- cgit From 51b46147f285a63bfa91ed3ec4dfb35c28bdea51 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 14 Nov 2007 16:05:42 -0800 Subject: Remove smbldap_get_single_pstring() and all pstrings from pdb_ldap.c. I don't have an LDAP passdb setup here, so I'm going to need some help on testing this. Jeremy. (This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2) --- source3/lib/smbldap.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 6f9ecb1a31..662a5a948a 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -292,14 +292,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return True; } - bool smbldap_get_single_pstring (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value) -{ - return smbldap_get_single_attribute(ldap_struct, entry, - attribute, value, - sizeof(pstring)); -} - char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry, const char *attribute, TALLOC_CTX *mem_ctx) -- cgit From 2a6a2288c5fae908f431bd79332554e0a23dbeed Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Fri, 8 Feb 2008 09:28:57 +0100 Subject: Fix some typos. Karolin (This used to be commit 2bec0a1fb7857e6fb8ec15e5f597b2d4125f105b) --- source3/lib/smbldap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 662a5a948a..65a039b119 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -980,7 +980,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_ ldap_state->paged_results = True; } - DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n")); + DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n")); DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results ? "does" : "does not")); return rc; @@ -1063,7 +1063,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) "smbldap_idle_fn", smbldap_idle_fn, ldap_state); } - DEBUG(4,("The LDAP server is succesfully connected\n")); + DEBUG(4,("The LDAP server is successfully connected\n")); return LDAP_SUCCESS; } -- cgit From fb37f156009611af0dd454a0fb0829a09cd638ac Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 29 Apr 2008 14:36:24 -0700 Subject: Cleanup size_t return values in callers of convert_string_allocate This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d) --- source3/lib/smbldap.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 65a039b119..9fb16f8927 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -298,6 +298,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { char **values; char *result; + size_t converted_size; if (attribute == NULL) { return NULL; @@ -317,7 +318,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { return NULL; } - if (pull_utf8_talloc(mem_ctx, &result, values[0]) == (size_t)-1) { + if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) { DEBUG(10, ("pull_utf8_talloc failed\n")); ldap_value_free(values); return NULL; @@ -430,6 +431,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { if (value != NULL) { char *utf8_value = NULL; + size_t converted_size; j = 0; if (mods[i]->mod_values != NULL) { @@ -442,7 +444,7 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { /* notreached. */ } - if (push_utf8_allocate(&utf8_value, value) == (size_t)-1) { + if (!push_utf8_allocate(&utf8_value, value, &converted_size)) { smb_panic("smbldap_set_mod: String conversion failure!"); /* notreached. */ } @@ -1176,6 +1178,7 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state, char *utf8_filter; time_t endtime = time(NULL)+lp_ldap_timeout(); struct timeval timeout; + size_t converted_size; SMB_ASSERT(ldap_state); @@ -1206,7 +1209,7 @@ static int smbldap_search_ext(struct smbldap_state *ldap_state, ZERO_STRUCT(ldap_state->last_rebind); } - if (push_utf8_allocate(&utf8_filter, filter) == (size_t)-1) { + if (!push_utf8_allocate(&utf8_filter, filter, &converted_size)) { return LDAP_NO_MEMORY; } @@ -1372,12 +1375,13 @@ int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *at int attempts = 0; char *utf8_dn; time_t endtime = time(NULL)+lp_ldap_timeout(); + size_t converted_size; SMB_ASSERT(ldap_state); DEBUG(5,("smbldap_modify: dn => [%s]\n", dn )); - if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) { return LDAP_NO_MEMORY; } @@ -1415,12 +1419,13 @@ int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs int attempts = 0; char *utf8_dn; time_t endtime = time(NULL)+lp_ldap_timeout(); + size_t converted_size; SMB_ASSERT(ldap_state); DEBUG(5,("smbldap_add: dn => [%s]\n", dn )); - if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) { return LDAP_NO_MEMORY; } @@ -1458,12 +1463,13 @@ int smbldap_delete(struct smbldap_state *ldap_state, const char *dn) int attempts = 0; char *utf8_dn; time_t endtime = time(NULL)+lp_ldap_timeout(); + size_t converted_size; SMB_ASSERT(ldap_state); DEBUG(5,("smbldap_delete: dn => [%s]\n", dn )); - if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + if (!push_utf8_allocate(&utf8_dn, dn, &converted_size)) { return LDAP_NO_MEMORY; } @@ -1630,14 +1636,16 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) { char *utf8_dn, *unix_dn; + size_t converted_size; utf8_dn = ldap_get_dn(ld, entry); if (!utf8_dn) { DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); return NULL; } - if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) { - DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn)); + if (!pull_utf8_allocate(&unix_dn, utf8_dn, &converted_size)) { + DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 " + "[%s]\n", utf8_dn)); return NULL; } ldap_memfree(utf8_dn); @@ -1648,13 +1656,14 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) LDAPMessage *entry) { char *utf8_dn, *unix_dn; + size_t converted_size; utf8_dn = ldap_get_dn(ld, entry); if (!utf8_dn) { DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n")); return NULL; } - if (pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn) == (size_t)-1) { + if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) { DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 " "[%s]\n", utf8_dn)); return NULL; -- cgit From d8b234648cbc18c02d2c79a32be766080c61b42a Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Mon, 26 May 2008 11:29:24 +0200 Subject: Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can be controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544 (This used to be commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06) --- source3/lib/smbldap.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index 9fb16f8927..c2c58c0abf 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -672,9 +672,33 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) return LDAP_OPERATIONS_ERROR; #endif /* LDAP_OPT_X_TLS */ } - } #endif /* HAVE_LDAP_INITIALIZE */ + + + /* now set connection timeout */ +#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */ + { + int ct = lp_ldap_connection_timeout()*1000; + rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct); + if (rc != LDAP_SUCCESS) { + DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", + ct, ldap_err2string(rc))); + } + } +#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */ + { + struct timeval ct; + ct.tv_usec = 0; + ct.tv_sec = lp_ldap_connection_timeout(); + rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct); + if (rc != LDAP_SUCCESS) { + DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", + ct.tv_sec, ldap_err2string(rc))); + } + } +#endif + return LDAP_SUCCESS; } -- cgit From dcdeab4d4e968ed3bdcea264f9c59ecfa3d64707 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 3 Jun 2008 20:41:55 +0200 Subject: build: fix build warning. Guenther (This used to be commit 62fcad0c0548ab53e9c20cfd6301972c68172b95) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c2c58c0abf..efe3a1b4db 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -694,7 +694,7 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct); if (rc != LDAP_SUCCESS) { DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n", - ct.tv_sec, ldap_err2string(rc))); + (int)ct.tv_sec, ldap_err2string(rc))); } } #endif -- cgit From 45afa8d894519f9b7ca7b468fffda7531440934b Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Fri, 18 Jul 2008 09:38:03 +0200 Subject: smbldap: Fix typo in debug message. Karolin (This used to be commit 6e9e85b897431d7378396aada2c32ae470af0edd) --- source3/lib/smbldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/smbldap.c') diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index efe3a1b4db..93494d6dad 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -1028,7 +1028,7 @@ static int smbldap_open(struct smbldap_state *ldap_state) #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { - DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); + DEBUG(0, ("smbldap_open: cannot access LDAP when not root\n")); return LDAP_INSUFFICIENT_ACCESS; } #endif -- cgit