summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_interface.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-21s3:passdb make pdb_sid_to_id honor backend responsibilitiesChristian Ambach1-0/+7
only ask passdb backend for mapping if it is responsible Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb add pdb_*_is_responsible_for* functionsChristian Ambach1-0/+74
allows PDB modules to specify for which special domains they are responsible when it comes to SID->xid conversion By default, passdb modules will be responsible for local BUILTIN, local SAM and Unix Users/Groups Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-04-09PASSDB: add support to set and enumerate UPN suffixes associated with our forestAlexander Bokovoy1-0/+36
Samba PDC may manage a forest containing DNS domains in addition to the primary one. Information about them is advertised via netr_DsRGetForestTrustInformation when trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and via netr_GetForestTrustInformation. This changeset only expands PASSDB API; how suffixes are maintained is left to specific PDB modules. Set function is added so that suffixes could be managed through 'net' and other Samba utilities, if possible. One possible implementation is available for ipasam module in FreeIPA: http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4 Reviewed-by: Andreas Schneider <asn@samba.org>
2012-12-03s3:passdb: fix building pdb_ldap as shared moduleMichael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
2012-12-03s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam1-16/+32
pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our samMichael Adam1-5/+0
This code treats the own sam, builtin, wellknown, and sids from the "Unix User" and "Unix Group" pseudo-domains. This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett1-2/+3
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-21s3-passdb: Allow pdb_sid_to_id to work on any SIDAndrew Bartlett1-0/+5
This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison1-2/+6
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell1-5/+3
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-12s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam1-1/+1
This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam1-1/+1
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2012-07-12s3:passdb: remove commented out pdb_lookup_names codeMichael Adam1-82/+0
This code is lying there unused since more than five years now.
2012-05-10Fix bug 8920, null dereferenceSteve Langasek1-1/+3
Description: Avoid null dereference in initialize_password_db() When initialize_password_db() is called with reload=True, it's assumed that the free_private_data member of pdb_methods is non-null. This is not necessarily the case, as the tdb backend has no private data and therefore no free function. Check to see if we have private data that needs freed before calling. Author: Steve Langasek <steve.langasek@ubuntu.com> Bug-Ubuntu: https://bugs.launchpad.net/bugs/829221 Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu May 10 11:07:27 CEST 2012 on sn-devel-104
2012-05-02s3-passdb: Add extra debug on ID mapping failuresAndrew Bartlett1-0/+7
Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed May 2 15:34:13 CEST 2012 on sn-devel-104
2012-05-02s3-passdb: Change pdb_sid_to_id() to return struct unixidAndrew Bartlett1-16/+29
This will make it easier to consistantly pass a struct unixid all the way up and down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly. Andrew Bartlett Signed-off-by: Michael Adam <obnox@samba.org>
2012-04-30passdb: Do not panic in initialize_password_dbChristof Schmitt1-17/+17
A call to initialize_password_db leads to smb_panic in case the backend returns an error. All callers to initialize_password_db check the return value, so this code path should return the status instead of calling smb_panic. Move the call to smb_panic from pdb_get_methods_reload pdb_get_methods to get it out of the initialize code path. This allows printing the proper error message for 'net getlocalsid' which is much nicer than printing the panic stack trace.
2012-03-24lib/util: Remove dummy wrapper for getpwuid().Jelmer Vernooij1-1/+1
2012-01-18s3-passdb: trying to decouple passdb and secrets a little.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2011-10-28s3-passdb: use tevent_context in passdb.Günther Deschner1-5/+5
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 28 13:09:47 CEST 2011 on sn-devel-104
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce1-16/+20
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-12s3-group-mapping: Remove fstrings from GROUP_MAP.Simo Sorce1-45/+99
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-08-21s3-passdb: Only delete 1 entry from memcache.Andreas Schneider1-1/+4
If we delete or update one user we shouldn't flush the complete memcache. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Sun Aug 21 16:39:10 CEST 2011 on sn-devel-104
2011-08-21s3-passdb: Remove always the user from getpwsid cache.Andreas Schneider1-3/+8
We should do it always, not only in the pdb_default_delete_user() function. Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21s3-passdb: Keep caches coherentAndreas Schneider1-1/+23
When deleting a user send a message to all interested parties so they can purge their caches. Otherwise some processes may positively respond with a cached getpwnam, when the user have actully been removed. Without this some tests that remove and then immediately create users are flakey. Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-15s3-passdb Use supplied pdb_methods in default passdb search handlersAndrew Bartlett1-5/+7
2011-08-13passdb: Call with correct backend methods instead of default methodsAmitay Isaacs1-3/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13passdb: Add a function to expose loaded backend list.Amitay Isaacs1-0/+6
This function is used in python wrapper to list available python backends.
2011-07-31s3-secrets: add lsa_secret passdb api.Günther Deschner1-3/+11
Guenther
2011-07-31s3-passdb: add dummy calls to control global (replicated) secrets.Günther Deschner1-0/+68
Guenther
2011-06-12s3-passdb: Implement new pdb trust calls for the default backendSumit Bose1-2/+102
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-03-30s3-passdb: add passdb.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/passwd.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-30lib/util/util_pw: share sys_get{pw,gr} group of calls.Günther Deschner1-0/+1
Guenther
2011-02-22s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher1-5/+5
This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
2011-02-16s3-ipasam: add ipasam_get_trusted_domain_by_sid()Sumit Bose1-0/+16
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16s3-passdb: add {get,set,del,enum}_trusted_domain callsSumit Bose1-0/+65
Signed-off-by: Günther Deschner <gd@samba.org>
2011-01-17s3-auth: Fixed account lockout check.Andreas Schneider1-1/+1
2010-12-07Make sure that user exists after running add user script before adding sam ↵Bjoern Baumbach1-0/+5
account. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Dec 7 17:37:52 CET 2010 on sn-devel-104
2010-10-20Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison1-2/+2
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-03s3: Remove talloc_autofree_context from pdb_interfaceVolker Lendecke1-1/+1
None of the pdb backends have special destructors that need to be run at program exit.
2010-09-26s3: Remove talloc_autofree_context() from guest_user_info()Volker Lendecke1-1/+2
pwd is freed a few lines down
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-1/+2
Guenther
2010-08-30s3-passdb: Try to unlock the account if it is locked out.Andreas Schneider1-10/+53
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30s3-passdb: Added a pdb_try_account_unlock function.Andreas Schneider1-0/+74
The function checks if the account has been autolocked. If we have a lockout_duration and a bad password time it checks if we can unlock the account. Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-26s3-build: only include nsswitch header where needed.Günther Deschner1-0/+1
Guenther
2010-08-26s3-build: only include memcache.h where needed.Günther Deschner1-0/+1
Guenther