summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_interface.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-5/+5
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r6367: Slim down pdb_interface.c a bit. next_entry and search_end are functionVolker Lendecke1-185/+60
pointers now. Yes, Jeremy, this is about re-inventing C++... :-) Volker (This used to be commit a831e54738c7854e68c696e9cbb132c012ff223c)
2007-10-10r6351: This is quite a large and intrusive patch, but there are not many ↵Volker Lendecke1-153/+248
pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
2007-10-10r6277: This implements a new caching API for enumerating the pdb elements. It isVolker Lendecke1-0/+358
modeled after query_displayinfo and should hide the differences between users, groups and aliases while allowing a cache analog load_sampw_entries: struct pdb_search *pdb_search_users(uint16 acct_flags); struct pdb_search *pdb_search_groups(void); struct pdb_search *pdb_search_aliases(const DOM_SID *sid); uint32 pdb_search_entries(struct pdb_search *search, uint32 start_idx, uint32 max_entries, struct samr_displayentry **result); void pdb_search_destroy(struct pdb_search *search); Why this API? Eventually we will need to apply the work gd has started on enumerating users with paged ldap searches to groups and aliases. Before doing that I want to clean up the search routines we have. The sample application (more to follow) is 'net maxrid'. Volker (This used to be commit 8b4f67a1e9d459145cde10b1064781d58d62b805)
2007-10-10r6092: This much const causes the compiler on Fedora Core 2Jeremy Allison1-2/+2
to throw up. Jeremy. (This used to be commit 051f0ed8075a3616484888ab22d68ca11aa1dd36)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-9/+16
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r5965: Apply Volker's patch for "ldapsam trusted = yes" for ↵Jim McDonough1-0/+98
samr_lookup_rids. Gives us again up to ~6x improvement on group membership lookups. (This used to be commit e2117bcb09cbd21df3b6621c2794a006418c1d9e)
2007-10-10r5951: gotta love that SGI compiler :-) (thanks Jason)Gerald Carter1-3/+3
(This used to be commit e84d070275464de43107b6b5910e25ccc3339302)
2007-10-10r5655: Added support for Novell NDS universal password. Code donated byJeremy Allison1-0/+36
Vince Brimhall <vbrimhall@novell.com> - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy. (This used to be commit 6f5ea963abe8e19d17a1803d4bedd9d87a317e58)
2007-10-10r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.Volker Lendecke1-0/+146
Could someone else please look at this patch, verifying that I did not break the ldapsam:trusted = False fallback to the old behaviour? It works fine for me, but you never know. You're certainly free to review the new code as well :-) Thanks, Volker (This used to be commit e1c3ca182b299dc65da1fa39aadb69876b5e16b8)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-68/+0
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4996: sync up copytights with trunkGerald Carter1-0/+1
(This used to be commit 8946efe102f7a8a9b5a8059a80666b782159e7b8)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-0/+68
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-6/+6
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke1-0/+35
abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
2007-10-10r3704: Implement a cache get saves the result of a pdb_getsampwnam for laterVolker Lendecke1-1/+27
retrieval by pdb_getsampwsid. This solves our problem that we do lots of calls to LDAP during a typical XP login. XP does a lookupnames, then an openuser and some queryinfo stuff. Lookupnames triggers the initial getsampwnam, and all the subsequent ones make us call getsampwsid. This patch gets this down to one call to LDAP. Yes, a more "correct" way would be to stick the information to the open user handle, but this one is simpler and saves the LDAP roundtrip for the openuser call. Volker (This used to be commit 3d9758fa3c584bb25eca0b7ed04af4ddfeba315f)
2007-10-10r3566: Completely replace the queryuseraliases call. The previous ↵Volker Lendecke1-5/+7
implementation does not exactly match what you would expect. XP workstations during login actually do this, so we should better become a bit more correct. The LDAP query issued is not really fully optimal, but it is a lot faster and more correct than what was there before. The change in passdb.h makes it possible that queryuseraliases is done with a single ldap query. Volker (This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
2007-10-10r145: pdb_create_alias now returns NTSTATUS. More of this to follow.Volker Lendecke1-4/+3
Volker (This used to be commit 6e18bed17093e0b1792f68817096e64e0e841f26)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+300
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2004-02-26And another little constVolker Lendecke1-1/+1
(This used to be commit f6bb3304fc5ef298a921b9ee5ad2f6444b0e72bc)
2004-02-12abartlet's pdb_set/changed flag fix for NULL passwordsGerald Carter1-6/+4
(This used to be commit cfe80f0df7ecfa6c689b03b9bed80ea80701a4c1)
2004-02-12stupid cut-n=paste error; my faultGerald Carter1-2/+2
(This used to be commit ee8f142b874a5bd365e59f68fb48ff3fec82fcda)
2004-02-04move disabling code to context functions instead of backwards compatible ↵Gerald Carter1-28/+28
wrappers (This used to be commit e62ef2ba2d73f492d879af4d06b223f8e739dc6c)
2004-01-30disable any account that doesn't have a password and doesn't had the ↵Gerald Carter1-6/+12
ACB_PWNOTREQ bit set (This used to be commit 52bf070b10ca99be7e4b9d1b5e32f69d2667d8f4)
2004-01-29more initialization fixesGerald Carter1-0/+22
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
2004-01-29initialization fixesGerald Carter1-0/+41
(This used to be commit 54fd3992c385fd6208c061131b2c98e448baf2c2)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-2/+2
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-06-30Add the 'guest' passdb backend automatically ifVolker Lendecke1-0/+25
guest account != "" Volker (This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)
2003-06-25large change:Gerald Carter1-1/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-20Fix bug #136: "passdb backend = " caused smbd to segfault.Jim McDonough1-0/+5
Instead, spit out an error message. (This used to be commit 22f083b227a6f03ae42b985e45e9c384982c6ed2)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-18/+16
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-05-16add metze's patch for smb_register functionsSimo Sorce1-1/+1
(This used to be commit 1480c7e8c7a84c34181118c449c50ca99fdcbc6b)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij1-2/+2
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij1-2/+2
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-04-30Make the version numbers ints (patch from metze)Jelmer Vernooij1-1/+1
(This used to be commit dbe36b4c43dceddea9f14161c6cf7b34709287c8)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-7/+17
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-24- Get rid of module_path_get_name()Jelmer Vernooij1-11/+6
- Use find backend function to find duplicates - declare static function before using it (This used to be commit ad5ebd4f2065425a9edffc753c0f0414fd6f98d4)
2003-04-21Pdb modules are in $libdir/pdb not $libdir/passdbJelmer Vernooij1-1/+1
(This used to be commit 9c9d969c93400d91a12e78635d54e1c5f90efab8)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij1-31/+79
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett1-0/+63
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-11-14Remove #ifdef's for NISPLUS_SAM - there are no function name collisions anymoreJelmer Vernooij1-4/+0
(This used to be commit 32c93921b01b5d28a2f5837026aad2445a0ece03)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-0/+223
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-10-25Only run free_private_data when specified (reported by Steve Langasek aka ↵Jelmer Vernooij1-1/+2
vorlon) (This used to be commit ecd3acbfcf912a775718e320c7cb66f60436c546)
2002-09-26sync with HEADGerald Carter1-58/+58
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+3
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
generated by cgit (git 2.34.1) at 2024-11-07 08:40:16 +0000