summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2009-06-20talloc_tos() aborts if it can not get a stackframeVolker Lendecke1-3/+0
2009-05-29s3-passdb: fix uninitialized variable in local_password_change().Günther Deschner1-1/+1
Guenther
2009-05-29Consolidate user create/delete paths in smbpasswdSimo Sorce1-147/+179
This patch changes the way smbpasswd behaves when adding/deleting users. smbpasswd now calls pdb_create_user/pdb_delete_user, this means that if add/delete user scripts are configured then they are used to create or delete unix users as well. If the scripts are not defined the behavioris unchanged. This also allow to use smbpasswd -a/-x with ldapsam:editposix to allow automatic creation/deletion of users. Signed-off-by: Günther Deschner <gd@samba.org>
2009-05-16Move smb_create_user() in samsyncSimo Sorce1-60/+0
It is not used anywhere else, so make it also static and remove it from proto.h
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-01s3-passdb: add smb_create_user().Günther Deschner1-0/+59
Guenther
2009-02-12s3: Added new parameter "map untrusted to domain"Steven Danneman1-0/+18
When enabled this reverts smbd to the legacy domain remapping behavior when a user provides an untrusted domain This partially reverts d8c54fdd
2009-02-11s3: Change behavior when seeing an unknown domain.Dan Sledz1-19/+0
After a lot of testing against various Windows servers (W2K, W2K3, W2K8), within an AD domain it seems that unknown domains will only be translated to the local account domain, not the netbios name of the member server's domain. This makes samba act more like Windows.
2009-02-01Fix nonempty blank linesVolker Lendecke1-61/+60
2008-12-29s3:passdb: add SAMU_BUFFER_V4 with no changesStefan Metzmacher1-1/+16
The upgrade is required because of the followin TDBSAM_VERSION upgrade. metze
2008-12-29s3:passdb: make marshalling struct samu from and to a buffer more genericStefan Metzmacher1-13/+654
This marshalling isn't specific to tdbsam and it's ugly to have the related functions in two different files. metze
2008-12-23Fix more "warning: ignoring return value of ‘asprintf’, declared withJeremy Allison1-23/+62
attribute warn_unused_result" Jeremy.
2008-11-06Make us clean under valgrind --leak-check=full by using ↵Jeremy Allison1-1/+1
talloc_autofree_context() instead of NULL. Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should be deleted when their parent context is deleted, so freeing them at some arbitrary point later will be a double-free. Jeremy.
2008-10-22Use standard types.Jelmer Vernooij1-8/+8
2008-05-26Remove unused function is_trusted_domain_situation().Michael Adam1-6/+0
This combined check has been replaced by is_dc_trusted_domain_situation() which does not check for lp_allow_trusted_domains(). Michael (This used to be commit 0a24c038b7bc6edef0021eb121a072cc7e8f9165)
2008-05-26passdb: check for is_dc_trusted_domain_situation() in get_trust_pw_hash().Michael Adam1-1/+1
Before fetching legacy password hash, check for trusted domain situation, but also fail if trusted domain support is not enabled. Michael (This used to be commit aa1b8287f44f47f23bd4158112d0a132df04426c)
2008-05-26passdb: add comment explaining logic in get_trust_pw_clear().Michael Adam1-2/+16
Michael (This used to be commit 5f197c659e9c8a573ba5032c7f90c816df45770c)
2008-05-26passdb: in get_trust_pw_clear() correctly fail if trusted domains not supportedMichael Adam1-1/+5
(but trusted domain situation was found) This completes the fix for bugs #5425 and #5451 by Steven Dannemann, in that now no special cases are left uncovered. Michael (This used to be commit 0b26bcd3becb869319bca48bbf244c18b6e8e3dd)
2008-05-26Add function is_dc_trusted_domain_situation().Michael Adam1-3/+7
This is like is_trusted_domain_situation() except that it does not check for lp_allow_trusted_domains(). Michael (This used to be commit a284c8843528972904d142b573f1170a08c97751)
2008-05-23Manually port Steven Dannenman fix for using the correct machine domain whenGerald W. Carter1-3/+3
looking up trust credentials in our tdb. commit fd0ae47046d37ec8297396a2733209c4d999ea91 Author: Steven Danneman <sdanneman@isilon.com> Date: Thu May 8 13:34:49 2008 -0700 Use machine account and machine password from our domain when contacting trusted domains. (This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)
2008-02-17Use netr_SamInfo3 in remaining places.Günther Deschner1-1/+1
Guenther (This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
2008-02-12Add get_logon_hours_from_pdb() (inspired by samba4).Günther Deschner1-0/+23
Guenther (This used to be commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4)
2008-02-04Remove a staticVolker Lendecke1-4/+1
I very much doubt that this is called enough to justify a global. If this turns out to be a hot code path, we might reconsider :-) (This used to be commit 5223d18ea2d891418a0f833f58cc3502cb26ce03)
2007-12-18Prevent another segfault.Michael Adam1-1/+3
Michael (This used to be commit 0a9874c1c76c0ccc71caba7ee85a0ee1a91808c5)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-3/+2
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+14
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-11-21Remove pstrings from pam_smbpass - make local_password_changeJeremy Allison1-25/+26
return malloced strings. Jeremy. (This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
2007-11-20More pstring elimination.Jeremy Allison1-13/+13
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-11-14Remove smbldap_get_single_pstring() and all pstringsJeremy Allison1-1/+1
from pdb_ldap.c. I don't have an LDAP passdb setup here, so I'm going to need some help on testing this. Jeremy. (This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
2007-11-05static pstring removalVolker Lendecke1-2/+5
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-21/+21
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r24990: Kill an incredible amount of trailing whitespaces...Michael Adam1-8/+10
Further reformat get_trust_pw to conform to coding rules. Michael (This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23192: Remove fallback to looking up group mappings by theGerald Carter1-17/+1
Unix name after discussion with Simo. (This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
2007-10-10r23005: If we're running on a system where time_t is 8 bytesJeremy Allison1-16/+16
we have to take care to preserve the "special" values for Windows of 0x80000000 and 0x7FFFFFFF when casting between time_t and uint32. Add conversion functions (and use them). Jeremy. (This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
2007-10-10r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison1-4/+4
messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy. (This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher1-2/+2
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison1-1/+1
command. Jerry, Simo, please check. Jeremy. (This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20851: To read account policies from LDAP we need root.Volker Lendecke1-2/+12
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-0/+43
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20614: Dummy-checkin to trigger the buildVolker Lendecke1-4/+5
(This used to be commit 7e444e1612fa49f7db4de3256e6c67025db28806)
2007-10-10r20243: Make lookup_name resolve both the mapped and the real unix group nameSimo Sorce1-7/+23
(This used to be commit 7167e7b26ac6a742cc82f4edacfc8579f80338d9)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18271: Big change:Gerald Carter1-1/+1
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-3/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)