summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16593: Make the invarient explicit to Klocwork. Bug #2023.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 720a9172050beb158a25fbb826676ba19cdcef20)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-25/+16
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16014: Correctly set the group RID in init_sam_from_buffer.Volker Lendecke1-0/+1
BIG THANKS to Tom Bork for reporting that Bug! Volker (This used to be commit 40339fdcced67d62e449ba6f19329d89c808e139)
2007-10-10r15601: Fix segfaults with 'security=share' and 'guest only = yes'Volker Lendecke1-0/+3
Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter1-0/+12
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce1-1/+1
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-24/+25
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-251/+125
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-1/+6
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13600: Move functions local to tdbsam to pdb_tdb.cGerald Carter1-384/+9
(This used to be commit e3489f7eddb21981bb74cd8792aca869ae6790e1)
2007-10-10r13593: consolidate pdb_set_sam_sids() into samu_set_unix() whichGerald Carter1-116/+84
was the only place it was called from. (This used to be commit 6568c9cb03ca378ea7d08190ca3cfcc3e380ee4e)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-92/+28
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-209/+134
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-1/+1
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13545: A patch which I think it's time has come. VOlker, we can talk aboutGerald Carter1-7/+15
this more but it gets around the primary group issue. * don't map a SID to a name from the group mapping code if the map doesn't have a valid gid. This is only an issue in a tdb setup * Always allow S-1-$DOMAIN-513 to resolve (just like Windows) * if we cannot resolve a users primary GID to a SID, then set it to S-1-$DOMAIN-513 * Ignore the primary group SID inside pdb_enum_group_memberships(). Only look at the Unix group membersip. Jeremy, this fixes a fresh install startup for smbd as far as my tests are concerned. (This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-83/+43
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13460: by popular demand....Gerald Carter1-1/+5
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-443/+178
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12913: missed merge to fix BUG 3391; ensure we can lookup account policiesGerald Carter1-2/+5
(This used to be commit 77575c64e4e961f37ccf5b2dd17e41c74678ea45)
2007-10-10r12522: Try and fix bug #2926 by removing setlocale(LC_ALL, "C")Jeremy Allison1-4/+4
and replace calls to isupper/islower/toupper/tolower with ASCII equivalents (mapping into _w variants). Jeremy. (This used to be commit c2752347eb2deeb2798c580ec7fc751a847717e9)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-1/+1
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-59/+76
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11999: Re-add "passdb expand explicit".Volker Lendecke1-3/+13
We came to the conclusion that changing the default is something that has to wait one or two more releases, but it will happen one way or the other. Volker (This used to be commit 30fcdf84d8943e630af78a96320607c42e4d15aa)
2007-10-10r11947: Back out passdb:expand_explicit until we find consensus. I'll file ↵Volker Lendecke1-14/+3
this as a bugzilla entry. Volker (This used to be commit d228cb62a7be6ae128d3418aeb0ea466c7329802)
2007-10-10r11920: Rename local_lookup_rid to lookup_global_sam_rid, add ↵Volker Lendecke1-15/+21
lookup_builtin_rid. Volker (This used to be commit bc8836d5d7361041ce935f65bf2d172e1eb43299)
2007-10-10r11919: The generic mappings in srv_samr_nt.c are only used there -- make themVolker Lendecke1-25/+14
static. One long overdue simplification: Change local_lookup_sid to local_lookup_rid its responsible for "our" domain only, in fact it checked for it. Volker (This used to be commit 35ba5e083cddfa5ddba5ad84233262fadfbe87b2)
2007-10-10r11914: After talking to Jeremy, implement passdb:expand_explicit with a ↵Volker Lendecke1-3/+14
default of no. This changes our default behaviour. Sorry, Ingo, this *is* a bug that needs fixing. Jerry, you might want to put a marker into the WHATSNEW.txt when this is due. Volker (This used to be commit 6622db97bb575b028b3c0bc016b91f62a8c561a2)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-8/+8
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-38/+38
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7730: Some mergesVolker Lendecke1-22/+4
(This used to be commit 5b4720598b4c7f4af1027a181fbe9c1568e71361)
2007-10-10r6774: Fix 2 memleaksVolker Lendecke1-1/+2
(This used to be commit 6af57d4bae3ee0a28ab12294e813bb37b62e00f5)
2007-10-10r5951: gotta love that SGI compiler :-) (thanks Jason)Gerald Carter1-1/+1
(This used to be commit e84d070275464de43107b6b5910e25ccc3339302)
2007-10-10r5421: Fix a memleakVolker Lendecke1-1/+3
(This used to be commit a7df3b5f06085d55cbf1e491aa606312b87e0448)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-8/+8
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5337: BUG 1439: make sure to initialize pointer to prevent invalide ↵Gerald Carter1-42/+42
free()'s on exit (This used to be commit a882a349df1488a4d64c892dbd1ec1ee3624ea42)
2007-10-10r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,Günther Deschner1-0/+6
don't leave administator-sid unmapped. Simply return "Administrator" Guenther (This used to be commit 168ddf31d1af49d52d17dd09c9653d3deafb9442)
2007-10-10r4988: After speaking with Jerry, remove old lp_admin_users toGünther Deschner1-14/+0
administrator-sid mapping completely. Guenther (This used to be commit 4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)
2007-10-10r4964: Fix our lsa lookupsid $OURDOMAINSID-500.Günther Deschner1-14/+15
Give the admin-user (rid 500) a chance to be found in passdb, not returning the (possibly obscure) first entry of "admin users" before that. Guenther (This used to be commit d319c0e189bc67a4552dafaff80113603b551eb3)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-8/+8
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter1-10/+16
profile path, logon home and logon script values (This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-0/+8
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r3563: During a typical logon a modern workstation makes a lot of anonymous ↵Volker Lendecke1-0/+22
session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker (This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
2007-10-10r1906: Revert lukeh's change for primary uid/gid change. This creates a ↵Volker Lendecke1-19/+7
recursion loop between uid_to_sid -> getsampwnam -> uid_to_sid. It needs further inspection. Volker (This used to be commit 67d8bc48531dd1a7d9b5db93f7d71f920a27e8fb)
2007-10-10r1871: Patch from Luke Howard <lukeh@PADL.COM> to correctly useJeremy Allison1-7/+19
uid_to_sid() and gid_to_sid() in pdb_set_sam_sids(). Jeremy. (This used to be commit dae084d7134ae3f532861210907cd252d0001c9b)
2007-10-10r1869: Rename "fallback_XXXX" mapping to "algorithmic_XXX" asJeremy Allison1-33/+26
that's what it actually does, and "fallback_" is just confusing. Jeremy. (This used to be commit f44b4ba38147e353716c02c899bd45beaf71e6ad)
2007-10-10r1810: Patch from Richard Renard <rrenard@idealx.com> to storeJeremy Allison1-0/+51
logon hours attributes in an LDAP database. Jeremy. (This used to be commit dac72638fb3a05e805136698e0ad0612620ac8af)
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-6/+8
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1539: If a account was locked out by an admin (and has a bad password count ↵Jeremy Allison1-6/+19
of zero) leave it locked out until an admin unlocks it (but log a message). Jeremy. (This used to be commit 14bd2a9ffc30d55d9737b4819797db8c38b46c66)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-4/+19
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)