summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2008-02-12Add get_logon_hours_from_pdb() (inspired by samba4).Günther Deschner1-0/+23
Guenther (This used to be commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4)
2008-02-04Remove a staticVolker Lendecke1-4/+1
I very much doubt that this is called enough to justify a global. If this turns out to be a hot code path, we might reconsider :-) (This used to be commit 5223d18ea2d891418a0f833f58cc3502cb26ce03)
2007-12-18Prevent another segfault.Michael Adam1-1/+3
Michael (This used to be commit 0a9874c1c76c0ccc71caba7ee85a0ee1a91808c5)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-3/+2
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+14
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-11-21Remove pstrings from pam_smbpass - make local_password_changeJeremy Allison1-25/+26
return malloced strings. Jeremy. (This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
2007-11-20More pstring elimination.Jeremy Allison1-13/+13
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-11-14Remove smbldap_get_single_pstring() and all pstringsJeremy Allison1-1/+1
from pdb_ldap.c. I don't have an LDAP passdb setup here, so I'm going to need some help on testing this. Jeremy. (This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
2007-11-05static pstring removalVolker Lendecke1-2/+5
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-21/+21
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r24990: Kill an incredible amount of trailing whitespaces...Michael Adam1-8/+10
Further reformat get_trust_pw to conform to coding rules. Michael (This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23192: Remove fallback to looking up group mappings by theGerald Carter1-17/+1
Unix name after discussion with Simo. (This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
2007-10-10r23005: If we're running on a system where time_t is 8 bytesJeremy Allison1-16/+16
we have to take care to preserve the "special" values for Windows of 0x80000000 and 0x7FFFFFFF when casting between time_t and uint32. Add conversion functions (and use them). Jeremy. (This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
2007-10-10r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison1-4/+4
messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy. (This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher1-2/+2
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison1-1/+1
command. Jerry, Simo, please check. Jeremy. (This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20851: To read account policies from LDAP we need root.Volker Lendecke1-2/+12
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-0/+43
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20614: Dummy-checkin to trigger the buildVolker Lendecke1-4/+5
(This used to be commit 7e444e1612fa49f7db4de3256e6c67025db28806)
2007-10-10r20243: Make lookup_name resolve both the mapped and the real unix group nameSimo Sorce1-7/+23
(This used to be commit 7167e7b26ac6a742cc82f4edacfc8579f80338d9)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18271: Big change:Gerald Carter1-1/+1
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-3/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
2007-10-10r17815: Revert Volker's change in 16014. I really do not believeGerald Carter1-1/+0
the this should be necessary. If there is still a bug, I believe that setting thr group RID from the passdb is masking it. Not fixing it. It is very likely that the change was necessary before but is no longer with the recent changes. But I'm not taking the chance of merging it to 3.0.23c. :-) (This used to be commit 1a5b90f3c1aa5dcaa29a9d62288d9e4dbc596f96)
2007-10-10r17813: Remove another instance of manually setting the group SID.Gerald Carter1-1/+7
The would have been primaryly used when adding a user to an smbpasswd file, but could have been introduce to other backends by using pdbedit -i -e. The symptom was [2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276) init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99, which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280. Failing operation. (This used to be commit 0a3aa8b43ace8c635423c2df10827e81d145b58f)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-1/+1
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-1/+1
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-1/+1
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-9/+11
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16593: Make the invarient explicit to Klocwork. Bug #2023.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 720a9172050beb158a25fbb826676ba19cdcef20)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-25/+16
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16014: Correctly set the group RID in init_sam_from_buffer.Volker Lendecke1-0/+1
BIG THANKS to Tom Bork for reporting that Bug! Volker (This used to be commit 40339fdcced67d62e449ba6f19329d89c808e139)
2007-10-10r15601: Fix segfaults with 'security=share' and 'guest only = yes'Volker Lendecke1-0/+3
Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter1-0/+12
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce1-1/+1
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-24/+25
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-251/+125
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-1/+6
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13600: Move functions local to tdbsam to pdb_tdb.cGerald Carter1-384/+9
(This used to be commit e3489f7eddb21981bb74cd8792aca869ae6790e1)
2007-10-10r13593: consolidate pdb_set_sam_sids() into samu_set_unix() whichGerald Carter1-116/+84
was the only place it was called from. (This used to be commit 6568c9cb03ca378ea7d08190ca3cfcc3e380ee4e)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-92/+28
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-209/+134
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-1/+1
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13545: A patch which I think it's time has come. VOlker, we can talk aboutGerald Carter1-7/+15
this more but it gets around the primary group issue. * don't map a SID to a name from the group mapping code if the map doesn't have a valid gid. This is only an issue in a tdb setup * Always allow S-1-$DOMAIN-513 to resolve (just like Windows) * if we cannot resolve a users primary GID to a SID, then set it to S-1-$DOMAIN-513 * Ignore the primary group SID inside pdb_enum_group_memberships(). Only look at the Unix group membersip. Jeremy, this fixes a fresh install startup for smbd as far as my tests are concerned. (This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)