summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_tdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring ↵Volker Lendecke1-3/+3
does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter1-13/+7
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14577: BUG Fixes:Gerald Carter1-8/+6
* Add back in the import/export support to pdbedit * Fix segv in pam_smbpass * Cleanup some error paths in pdb_tdb and pdb_interface (This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
2007-10-10r13765: Fix bug reported by jra. Don't check for a group SID when storingGerald Carter1-0/+2
a user since we no longer pay any attention to the value. (This used to be commit 085c6859ee5b97efe9ec06e95877d500822d3c82)
2007-10-10r13747: Fix the reference count for tdbsam_open() - on anJeremy Allison1-5/+9
upgrade it calls tdbsam_convert() which calls tdbsam_open() deep inside the init_sam_from_buffer_vX call. If the ref count hasn't been set yet then we will close the tdbsam reference in tdbsam_getsampwsid(). smbpasswd -a was core-dumping again :-). Jeremy (This used to be commit 993069eb87c190ba8ee92224340c8f9ffb3ade74)
2007-10-10r13729: Fix smbpasswd -xVolker Lendecke1-13/+6
(This used to be commit 2afcbbfb6f2efcc2e10106b10a87365556013787)
2007-10-10r13728: No, we have not talked about this on irc less than 24h ago... ;-)Volker Lendecke1-2/+2
(This used to be commit 59f95ea752d932b00d4a4ff37311b830d65c8a03)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-4/+238
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-4/+6
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13622: Allow to rename machine accounts in a Samba Domain. This still uses theGünther Deschner1-3/+4
"rename user script" to do the rename of the posix machine account (this might be changed later). Fixes #2331. Guenther (This used to be commit b2eac2e6eb6ddd1bcb4ed5172e7cd64144c18d16)
2007-10-10r13600: Move functions local to tdbsam to pdb_tdb.cGerald Carter1-7/+397
(This used to be commit e3489f7eddb21981bb74cd8792aca869ae6790e1)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-1/+5
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13589: Make sure we only try to close the tdbsam file in endsampwent() when weGerald Carter1-4/+11
have a valid pwent list from a setsampwent(). Fixes a bug with the reference count on the open tdb. (This used to be commit 77332f0738423d16a2b5e21af6aaf92b029da0ef)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-51/+51
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13512: Rewrite tdbsam code to use a reference count based open/closeGerald Carter1-326/+281
on the tdb file. This allow recusive calls to succeed without complaining about failed opens since a tdb can only be opened once per process. We probably still need to backport the transaction support from Samba 4 here though. (This used to be commit 94c37e06522bfc1753cc8f3c6c7bd4329587007e)
2007-10-10r13460: by popular demand....Gerald Carter1-11/+5
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-1/+95
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13209: Make smbpasswd -a work again if passdb did not exist.Volker Lendecke1-0/+1
Volker (This used to be commit e747ea7250b3ff19aee49072a2cf95840ff50b85)
2007-10-10r13175: Actually make adding a new user into an empty pdbtdbJeremy Allison1-1/+1
file create the file. Jeremy. (This used to be commit 31b3201f537220ec82d6fecbb4c457bfe3dbb9c9)
2007-10-10r13172: Fix incorrect error message when new tdb not created correctly.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e5f19ad5ac1b728de4ca5a6c37c0d79b0752f536)
2007-10-10r11236: Implement user rename for smbpasswd and ldap backends. Some cleanup onJim McDonough1-4/+6
tdb as well to make naming consistent. (This used to be commit ee91eb9a39cc5e3edd9e97eb040e7557930e4e62)
2007-10-10r10911: part of #2861: add rename support for usrmgr.exe when using tdbsamJim McDonough1-40/+208
This gets it working before replacing tdb with the samba4 version. (This used to be commit 8210b0503a050e12ee1b4335fa6e50d10ad06577)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-1/+1
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-1/+14
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-0/+3
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
2007-10-10r1392: Added password history code to tdbsam backend. Not yet tested (ie. mayJeremy Allison1-1/+4
core dump) but compiles and links correctly. I will run the full set of tests on the ldap sam and the tdb sam for password history tomorrow. Jeremy. (This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-1/+0
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2004-02-13Move tdbsam versioning/upgrade code into 3.0Jim McDonough1-13/+175
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
2004-02-12updates for tdbsam code to help make merge into head easier; needs a bit ↵Gerald Carter1-46/+53
more testing tomorrow but initial results seem ok (This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
2004-02-11Don't set an iterator to a piece of free'd memory, store it first.Jeremy Allison1-2/+3
Jeremy. (This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-44/+101
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-3/+3
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-07-22removing unused functionGerald Carter1-43/+0
(This used to be commit b8394a107d3448434f1a34076eaab8e6dd9a8a9d)
2003-07-20This creates passdb backend files automatically when adding first account.Rafal Szczesniak1-1/+19
An extra message notifying that needed file didn't exist is displayed. There's still a little catch with tdb backend, but it's better than it was, from end-user's point of view. This fixes #198 rafal (This used to be commit b0be700605c289ce8e9dd3abe49d78ac77256911)
2003-07-11fix unitialised variableGerald Carter1-0/+6
(This used to be commit 5efa0d7cc28d903c1986b8e40072ae49e9532a88)
2003-07-11moving more code around.Gerald Carter1-64/+13
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-401/+3
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07Cleaning up linking issues. sam/idmap*.c only links inGerald Carter1-1/+1
winbindd now. Also removing an unused file. (This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-18And some more memory leaks in mapping.c and pdb_tdb.c. tdb_nextkeyVolker Lendecke1-2/+13
mallocs its key, so we should free it after use. Volker (This used to be commit 9750799ba2e1aaa59fa255f23880c9c618195c3d)
2003-06-17Fix a memory leak in pdb_tdb.c.Volker Lendecke1-0/+2
Simo, I remember you complaining about a memleak there, could it be this one, or did you resolve it at that time? Volker (This used to be commit c660595deda2ce836c0a191da0236f850004ba0d)
2003-06-17Make static (patch from metze)Jelmer Vernooij1-1/+1
(This used to be commit 908b16cc2a8b6c5c67aae0e1af9d51f57fe31212)
2003-06-17The return value of init_module functions is NTSTATUS, not intJelmer Vernooij1-3/+2
(This used to be commit f09df852ac0b25470fb9435c79a4a417e06e9b75)
2003-06-16Quieten another debug message.Tim Potter1-1/+1
(This used to be commit 2c47893c7542889d9e2ee097897a1df248b1a5e2)
2003-05-27I'm pretty sure these uint32's should be uid_t's. Can the passdb guysTim Potter1-1/+1
please check this? (This used to be commit af4b1f869a7dca0d24391fb2cefef7e05cca2c04)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-104/+84
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-4/+4
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28A new pdb_ldap!Andrew Bartlett1-2/+2
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)