summaryrefslogtreecommitdiff
path: root/source3/passdb/lookup_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20169: Support for fallback to legacy mapping code was not completely tested.Simo Sorce1-12/+18
Add necessary fixes. (This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-92/+131
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r19945: Fix a segfault -- lookup_rids needs to init the names even on failureVolker Lendecke1-0/+2
(This used to be commit eba404e668c270f2d31e3a8ab0721064eda39b40)
2007-10-10r19579: BUG 4075: patch from Dmitry Butskoy <dmitry@butskoy.name>.Gerald Carter1-2/+4
Allow smbd to use winbindd to lookup uids/gids outside the idmap range if 'winbind trusted domains only = yes' (This used to be commit 5b3ac400a7d51dfc818563189bdf6649b2dc3a52)
2007-10-10r18527: Janitor for Jeremy ;-)Volker Lendecke1-12/+12
(This used to be commit d72ba9ed1288e7f498a64c96dd6aa04bda59c8b2)
2007-10-10r18483: Ensure all pdb_XXX calls are wrapped in become_root()/unbecome_root()Jeremy Allison1-5/+32
pairs. Should fix bug #4097. Jeremy. (This used to be commit f787b9d156992e0069860cb1ab829970cb69eb81)
2007-10-10r18271: Big change:Gerald Carter1-15/+15
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the ↵Gerald Carter1-0/+10
SID<->uid/gid cache. FIxes a bug in token creation (This used to be commit fa05708789654a8a34cb4a4068514a0b3d950653)
2007-10-10r17709: Fix cut-n-paste error with the name of gid_to_unix_group_sid().Gerald Carter1-1/+1
(This used to be commit dda0b8bce6b7e0146badd8aeb52b5cce6289de21)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-90/+11
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-2/+2
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-2/+2
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke1-1/+1
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r17407: Don't do strchr_m twice when once will do.Jeremy Allison1-5/+4
Jeremy. (This used to be commit b5f0b1b6447ac3c77558b32d97ce96d357ce15c0)
2007-10-10r17406: We need to do a translation of winbind separator -> '\\' inVolker Lendecke1-1/+18
lookup_name_smbconf, otherwise force user = domain+administrator can not work. Also attempt to fix the 'valid users = domain+group' bug at the same time. Volker (This used to be commit 255475901c13fde29b1b476560d969cc99712767)
2007-10-10r17404: Is this XP (extreme programming)? :-)Volker Lendecke1-3/+3
With lp_workgroup we end up with remote names again... Volker (This used to be commit 250b9f353118bee4c080655f57d09011679deaf7)
2007-10-10r17403: add a helpful debug msgGerald Carter1-0/+3
(This used to be commit 63325b36872c92d9f9fe04a185d7bd3ac525d84c)
2007-10-10r17402: Added lookup_name_smbconf() to be called when lookingJeremy Allison1-0/+50
up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy. (This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
2007-10-10r17075: Even without talloc_steal you can still create memory problems.... ;-)Volker Lendecke1-1/+1
(This used to be commit 03e9924f5c82537ca72c03e3b0f70ea002e76934)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-68/+116
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16866: No idea why I did not see the warning, sorry....Volker Lendecke1-1/+1
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)
2007-10-10r16865: This is a proposal to fix bug 3915. Before sending patches around, ↵Volker Lendecke1-2/+1
this is what svn is for. The idea is that we fall back to a pure unix user with S-1-22 SIDs in the token in case anything weird is going on with the 'force user'. Volker (This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
2007-10-10r16678: Fix bug #3898 reported by jason@ncac.gwu.edu.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
2007-10-10r16064: Bug fix for another one Tom Bork has reported:Volker Lendecke1-3/+23
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a (non-algorithmic) group mapping. Thanks a lot! People out there listening, please test current code, this release is **BIG** :-) Volker (This used to be commit 8f9ba5f96c9b506623ef97b7ed3d84f39d914a3c)
2007-10-10r16016: Add debug to be symetrical with reading fromJeremy Allison1-0/+4
cache. Jeremy. (This used to be commit da26565a2e85dc36b283f6b81378a706f3ae5f26)
2007-10-10r15360: Fix bug # 3741. One more place where the algorithmic mapping needs ↵Volker Lendecke1-5/+24
to stay. Volker (This used to be commit 898948d65409e5b63937fbd8050be04ac81df05d)
2007-10-10r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense.Volker Lendecke1-3/+7
Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2007-10-10r13683: Fix the 'valid users = +users' problem I introduced.Volker Lendecke1-0/+19
Volker (This used to be commit dbdb8bdb9993b0136322530f0b8462bb9477dbf1)
2007-10-10r13678: Remove unneeded bracesVolker Lendecke1-5/+3
(This used to be commit faf1d832a1b4c59e36814d560bdc5e9838309ca2)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-5/+5
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-172/+659
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-59/+66
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-92/+307
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11920: Rename local_lookup_rid to lookup_global_sam_rid, add ↵Volker Lendecke1-5/+23
lookup_builtin_rid. Volker (This used to be commit bc8836d5d7361041ce935f65bf2d172e1eb43299)
2007-10-10r11919: The generic mappings in srv_samr_nt.c are only used there -- make themVolker Lendecke1-14/+23
static. One long overdue simplification: Change local_lookup_sid to local_lookup_rid its responsible for "our" domain only, in fact it checked for it. Volker (This used to be commit 35ba5e083cddfa5ddba5ad84233262fadfbe87b2)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-10/+18
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7718: Remove some unused codeVolker Lendecke1-39/+0
(This used to be commit 10606be0509743b1acfcafbf826b1a02765db158)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-2/+40
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-0/+7
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r3628: A typo and a compile-warning.Günther Deschner1-1/+1
Guenther (This used to be commit 906d5f88aabf091ee273e0ed9c3d2947b22c5390)
2007-10-10r936: Fix a rather weird error that crippled my site, when we upgraded toAndrew Bartlett1-7/+4
Samba 3.0.4. If we fail a query for the members of the 'administrators' group (and we may well just have the IDL wrong), this destroys later parts of the domain logon process. For reasons I can't understand, the client-side 'heck, what happened' bailout causes the connection to the DC to be dropped, and causes the mandetory profile not to be loaded. (This also only occours after a reboot) Return the members of 'administrators', and it all works fine. The reason we hit this is because we run winbindd (to support pam_winbind) on our DC, and the winbindd lookup in sid_to_gid was messing things up. As we don't care what type of thing this is, provided it exists in the group mapping db, we should not bother winbindd here. Andrew Bartlett (This used to be commit d626b5c6d401e72296cf570e50f324c145fd70e0)
2004-03-31Apply some constVolker Lendecke1-1/+1
(This used to be commit aa220cffa7b3507452ffed51c048333c7cde0ca2)
2004-03-07Get us a little closer to Windows LSA semantics.Volker Lendecke1-10/+1
A windows DC does not reply to DCNAME\\Administrator, only to DOMAIN\\Administrator. Fix that. Without winbind we are wrong as domain members, we should forward the request DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that nicely. Volker (This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-5/+17
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)
2003-08-27Fix bug 327 (again and I think for the last time). Make sure thatGerald Carter1-0/+488
pam_smbpass.so will load ok. Had to move some functions around to work around dependency problems (hence the new passdb/lookup_sid.c) Also make sure that libsmbclient.a is built and installed when we support shared libraries. (This used to be commit 780055f4422f11fb0524ac1f003cdc5f317f8b19)