| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
|
| |
|
|
|
|
|
|
| |
from successfully deleting an entry when "account" is
the STRUCTURAL objectclass used for users and machines.
"account" is used each time the user entry is in /etc/passwd
and we have only the samba attributes in ldap, as well
as for rfc2307(bis) standard based directories.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
connection is
dead. Might be my code, this rings a very distant bell...
Attempt to fix bug # 4372.
Volker
|
| |
|
|
|
|
| |
stable branch
* Also include pam_winbind changes for multiple groups in the
require-membership-of parameter
|
| |
|
|
| |
well)
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
| |
Bring release tree up to current 3.0 tree
(svn merge -r15845:16103 $SVNURL/branches/SAMBA_3_0)
|
| | |
|
| |
|
|
|
| |
printing purposes.
Jeremy.
|
| |
|
|
|
|
| |
alloc error back up the stack from smbldap_set_mod()
so ensure we abort correctly.
Jeremy.
|
| |
|
|
|
|
|
| |
LDAP operation. That way we avoid the replication sleep after a simple
redirected search operation
Guenther
|
| | |
|
| |
|
|
| |
Sync with trunk as off r13315
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
| |
call START_TLS again after rebinding to another LDAP server. (ldaps://
uri's are handled at by recent versions of OpenLDAP).
Guenther
|
| |
|
|
|
|
|
| |
Also allow to use START_TLS in the pdb_nds_update_login_attempts
function when doing simple binds to eDir.
Guenther
|
| |
|
|
|
|
|
| |
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
set/deleted/modified in an ldap query.
Jeremy.
|
| |
|
|
| |
version to 3.0.20pre1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"qualifiers". The
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
|
| | |
|
| |
|
|
|
|
|
| |
use AF_UNIX instead of AF_LOCAL (thanks to Doug VanLeuven
<roamdad-at-sonic.net>) and make smbldap_open() a bit more readable.
Guenther
|
| |
|
|
|
|
| |
LDAP-Server.
Guenther
|
| |
|
|
|
|
|
|
| |
*attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.
Volker
|
| |
|
|
|
|
| |
passdb in 3_0 (they are still in trunk).
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
| |
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
|
| |
|
|
|
|
|
|
|
| |
controls or extensions.
* Check and remember if ldapsam's LDAP Server support paged results
(in preparation of adding async paged-results to set|get|end-sampwent in
ldapsam).
Guenther
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
retry-loop.
This fixes a deadlock-situation when ldapsam is used with the ldapi
interface: getpeername won't fail while trying to detect dead
connections on unix domain sockets. When the ldapi-connection was closed
server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP
connection.
Guenther
|
| |
|
|
|
|
|
|
|
| |
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
session
setups on its way to open a pipe. This gets rid of many round-trips to the
LDAP server during logon by setting up the server_info_guest once and not
asking the LDAP server and nss every time. Make sure that the ldap connection
is reopened in the child. (I did not look at the sql backends.)
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
attributes to
delete.
Richard, IMHO this is the better solution to the problem you currently
have. Please review.
Thanks,
Volker
|
| |
|
|
|
|
|
|
| |
but this
definitely fixes two segfaults.
Volker
|
| |
|
|
|
| |
logon hours attributes in an LDAP database.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
coding have passed, but I could not find a way to get the OpenLDAP libraries
to reliably time out on any of the queries we make, *and* get correct error
returns. No, async calls and ldap_result does NOT work, or I was simply too
stupid to correctly interpret the OpenLDAP manpage and source.
We can not allow to hang indefinitely in an ldap query, especially not for
winbindd. "ldap timeout" now specifies the overall timeout for the complete
operation, that's why I increased that to 15 seconds.
Volker
|
| |
|
|
|
|
| |
core dump) but compiles and links correctly. I will run the full set of
tests on the ldap sam and the tdb sam for password history tomorrow.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
|
| |
|
|
|
|
| |
sleep time is not more than 5 seconds. Should fix issue
reported by Chris Garrigues <cwg@deepeddy.com>.
Jeremy.
|
| |
|
|
|
|
| |
add a timeout to the ldap open calls. New parameter, ldap timeout
added.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
cache entry time comparisons in password lockout. Fixes problems where
pdb_ldap tries to delete the operational attribute modifyTimestamp when
deleting a user account.
|
