Age | Commit message (Collapse) | Author | Files | Lines |
|
only ask passdb backend for mapping if it is responsible
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
allows PDB modules to specify for which special domains they
are responsible when it comes to SID->xid conversion
By default, passdb modules will be responsible for local BUILTIN,
local SAM and Unix Users/Groups
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Samba PDC may manage a forest containing DNS domains in addition to the primary one.
Information about them is advertised via netr_DsRGetForestTrustInformation when
trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and
via netr_GetForestTrustInformation.
This changeset only expands PASSDB API; how suffixes are maintained is left
to specific PDB modules. Set function is added so that suffixes could be
managed through 'net' and other Samba utilities, if possible.
One possible implementation is available for ipasam module in FreeIPA:
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
|
|
pdb_default_sid_to_id()
The special treatment of the "Unix User" and "Unix Group" pseudo domains
can be reused.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This code treats the own sam, builtin, wellknown, and sids from the
"Unix User" and "Unix Group" pseudo-domains.
This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This is then used in provision when the passdb backend is forced.
Andrew Bartlett
|
|
This is needed so that pdb_samba4 can map any SID during a provision.
At runtime, winbindd will be asked first, but this shortcut direct to the
ldb file makes it possible to set the permissions on the sysvol share at
provision time.
Andrew Bartlett
|
|
|
|
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
|
|
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
|
|
This code is lying there unused since more than five years now.
|
|
Description: Avoid null dereference in initialize_password_db()
When initialize_password_db() is called with reload=True, it's assumed that
the free_private_data member of pdb_methods is non-null. This is not
necessarily the case, as the tdb backend has no private data and therefore
no free function. Check to see if we have private data that needs freed
before calling.
Author: Steve Langasek <steve.langasek@ubuntu.com>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/829221
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu May 10 11:07:27 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed May 2 15:34:13 CEST 2012 on sn-devel-104
|
|
This will make it easier to consistantly pass a struct unixid all the way up and
down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
A call to initialize_password_db leads to smb_panic in case the backend
returns an error. All callers to initialize_password_db check the return
value, so this code path should return the status instead of calling
smb_panic.
Move the call to smb_panic from pdb_get_methods_reload pdb_get_methods
to get it out of the initialize code path. This allows printing the
proper error message for 'net getlocalsid' which is much nicer than
printing the panic stack trace.
|
|
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct 28 13:09:47 CEST 2011 on sn-devel-104
|
|
This interface needs to be publicly available, unid_t here is not really useful
and makes it harder to use it as unid_t is not a public union.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
|
|
If we delete or update one user we shouldn't flush the complete
memcache.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Aug 21 16:39:10 CEST 2011 on sn-devel-104
|
|
We should do it always, not only in the pdb_default_delete_user()
function.
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actully been removed.
Without this some tests that remove and then immediately create users are
flakey.
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This function is used in python wrapper to list available python backends.
|
|
Guenther
|
|
Guenther
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This will help with the change from UNIX_USER_TOKEN to security_unix_token
metze
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
account.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Dec 7 17:37:52 CET 2010 on sn-devel-104
|
|
lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
None of the pdb backends have special destructors that need to be run at
program exit.
|
|
pwd is freed a few lines down
|
|
Guenther
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
The function checks if the account has been autolocked. If we have a
lockout_duration and a bad password time it checks if we can unlock the
account.
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Guenther
|
|
Guenther
|