summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2009-02-12s3: Added new parameter "map untrusted to domain"Steven Danneman1-0/+18
When enabled this reverts smbd to the legacy domain remapping behavior when a user provides an untrusted domain This partially reverts d8c54fdd
2009-02-11s3: Change behavior when seeing an unknown domain.Dan Sledz1-19/+0
After a lot of testing against various Windows servers (W2K, W2K3, W2K8), within an AD domain it seems that unknown domains will only be translated to the local account domain, not the netbios name of the member server's domain. This makes samba act more like Windows.
2009-02-01Fix nonempty blank linesVolker Lendecke1-61/+60
2008-12-29s3:passdb: add SAMU_BUFFER_V4 with no changesStefan Metzmacher1-1/+16
The upgrade is required because of the followin TDBSAM_VERSION upgrade. metze
2008-12-29s3:passdb: make marshalling struct samu from and to a buffer more genericStefan Metzmacher1-13/+654
This marshalling isn't specific to tdbsam and it's ugly to have the related functions in two different files. metze
2008-12-23Fix more "warning: ignoring return value of ‘asprintf’, declared withJeremy Allison1-23/+62
attribute warn_unused_result" Jeremy.
2008-11-06Make us clean under valgrind --leak-check=full by using ↵Jeremy Allison1-1/+1
talloc_autofree_context() instead of NULL. Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should be deleted when their parent context is deleted, so freeing them at some arbitrary point later will be a double-free. Jeremy.
2008-10-22Use standard types.Jelmer Vernooij1-8/+8
2008-05-26Remove unused function is_trusted_domain_situation().Michael Adam1-6/+0
This combined check has been replaced by is_dc_trusted_domain_situation() which does not check for lp_allow_trusted_domains(). Michael (This used to be commit 0a24c038b7bc6edef0021eb121a072cc7e8f9165)
2008-05-26passdb: check for is_dc_trusted_domain_situation() in get_trust_pw_hash().Michael Adam1-1/+1
Before fetching legacy password hash, check for trusted domain situation, but also fail if trusted domain support is not enabled. Michael (This used to be commit aa1b8287f44f47f23bd4158112d0a132df04426c)
2008-05-26passdb: add comment explaining logic in get_trust_pw_clear().Michael Adam1-2/+16
Michael (This used to be commit 5f197c659e9c8a573ba5032c7f90c816df45770c)
2008-05-26passdb: in get_trust_pw_clear() correctly fail if trusted domains not supportedMichael Adam1-1/+5
(but trusted domain situation was found) This completes the fix for bugs #5425 and #5451 by Steven Dannemann, in that now no special cases are left uncovered. Michael (This used to be commit 0b26bcd3becb869319bca48bbf244c18b6e8e3dd)
2008-05-26Add function is_dc_trusted_domain_situation().Michael Adam1-3/+7
This is like is_trusted_domain_situation() except that it does not check for lp_allow_trusted_domains(). Michael (This used to be commit a284c8843528972904d142b573f1170a08c97751)
2008-05-23Manually port Steven Dannenman fix for using the correct machine domain whenGerald W. Carter1-3/+3
looking up trust credentials in our tdb. commit fd0ae47046d37ec8297396a2733209c4d999ea91 Author: Steven Danneman <sdanneman@isilon.com> Date: Thu May 8 13:34:49 2008 -0700 Use machine account and machine password from our domain when contacting trusted domains. (This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)
2008-02-17Use netr_SamInfo3 in remaining places.Günther Deschner1-1/+1
Guenther (This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
2008-02-12Add get_logon_hours_from_pdb() (inspired by samba4).Günther Deschner1-0/+23
Guenther (This used to be commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4)
2008-02-04Remove a staticVolker Lendecke1-4/+1
I very much doubt that this is called enough to justify a global. If this turns out to be a hot code path, we might reconsider :-) (This used to be commit 5223d18ea2d891418a0f833f58cc3502cb26ce03)
2007-12-18Prevent another segfault.Michael Adam1-1/+3
Michael (This used to be commit 0a9874c1c76c0ccc71caba7ee85a0ee1a91808c5)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-3/+2
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+14
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-11-21Remove pstrings from pam_smbpass - make local_password_changeJeremy Allison1-25/+26
return malloced strings. Jeremy. (This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
2007-11-20More pstring elimination.Jeremy Allison1-13/+13
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-11-14Remove smbldap_get_single_pstring() and all pstringsJeremy Allison1-1/+1
from pdb_ldap.c. I don't have an LDAP passdb setup here, so I'm going to need some help on testing this. Jeremy. (This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
2007-11-05static pstring removalVolker Lendecke1-2/+5
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-21/+21
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r24990: Kill an incredible amount of trailing whitespaces...Michael Adam1-8/+10
Further reformat get_trust_pw to conform to coding rules. Michael (This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23192: Remove fallback to looking up group mappings by theGerald Carter1-17/+1
Unix name after discussion with Simo. (This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
2007-10-10r23005: If we're running on a system where time_t is 8 bytesJeremy Allison1-16/+16
we have to take care to preserve the "special" values for Windows of 0x80000000 and 0x7FFFFFFF when casting between time_t and uint32. Add conversion functions (and use them). Jeremy. (This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
2007-10-10r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison1-4/+4
messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy. (This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher1-2/+2
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison1-1/+1
command. Jerry, Simo, please check. Jeremy. (This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20851: To read account policies from LDAP we need root.Volker Lendecke1-2/+12
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-0/+43
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20614: Dummy-checkin to trigger the buildVolker Lendecke1-4/+5
(This used to be commit 7e444e1612fa49f7db4de3256e6c67025db28806)
2007-10-10r20243: Make lookup_name resolve both the mapped and the real unix group nameSimo Sorce1-7/+23
(This used to be commit 7167e7b26ac6a742cc82f4edacfc8579f80338d9)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18271: Big change:Gerald Carter1-1/+1
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-3/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
2007-10-10r17815: Revert Volker's change in 16014. I really do not believeGerald Carter1-1/+0
the this should be necessary. If there is still a bug, I believe that setting thr group RID from the passdb is masking it. Not fixing it. It is very likely that the change was necessary before but is no longer with the recent changes. But I'm not taking the chance of merging it to 3.0.23c. :-) (This used to be commit 1a5b90f3c1aa5dcaa29a9d62288d9e4dbc596f96)
2007-10-10r17813: Remove another instance of manually setting the group SID.Gerald Carter1-1/+7
The would have been primaryly used when adding a user to an smbpasswd file, but could have been introduce to other backends by using pdbedit -i -e. The symptom was [2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276) init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99, which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280. Failing operation. (This used to be commit 0a3aa8b43ace8c635423c2df10827e81d145b58f)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-1/+1
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-1/+1
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-1/+1
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-9/+11
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)