summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_tdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-1/+1
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-1/+14
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-0/+3
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
2007-10-10r1392: Added password history code to tdbsam backend. Not yet tested (ie. mayJeremy Allison1-1/+4
core dump) but compiles and links correctly. I will run the full set of tests on the ldap sam and the tdb sam for password history tomorrow. Jeremy. (This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-1/+0
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2004-02-13Move tdbsam versioning/upgrade code into 3.0Jim McDonough1-13/+175
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
2004-02-12updates for tdbsam code to help make merge into head easier; needs a bit ↵Gerald Carter1-46/+53
more testing tomorrow but initial results seem ok (This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
2004-02-11Don't set an iterator to a piece of free'd memory, store it first.Jeremy Allison1-2/+3
Jeremy. (This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-44/+101
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-3/+3
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-07-22removing unused functionGerald Carter1-43/+0
(This used to be commit b8394a107d3448434f1a34076eaab8e6dd9a8a9d)
2003-07-20This creates passdb backend files automatically when adding first account.Rafal Szczesniak1-1/+19
An extra message notifying that needed file didn't exist is displayed. There's still a little catch with tdb backend, but it's better than it was, from end-user's point of view. This fixes #198 rafal (This used to be commit b0be700605c289ce8e9dd3abe49d78ac77256911)
2003-07-11fix unitialised variableGerald Carter1-0/+6
(This used to be commit 5efa0d7cc28d903c1986b8e40072ae49e9532a88)
2003-07-11moving more code around.Gerald Carter1-64/+13
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-401/+3
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07Cleaning up linking issues. sam/idmap*.c only links inGerald Carter1-1/+1
winbindd now. Also removing an unused file. (This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-18And some more memory leaks in mapping.c and pdb_tdb.c. tdb_nextkeyVolker Lendecke1-2/+13
mallocs its key, so we should free it after use. Volker (This used to be commit 9750799ba2e1aaa59fa255f23880c9c618195c3d)
2003-06-17Fix a memory leak in pdb_tdb.c.Volker Lendecke1-0/+2
Simo, I remember you complaining about a memleak there, could it be this one, or did you resolve it at that time? Volker (This used to be commit c660595deda2ce836c0a191da0236f850004ba0d)
2003-06-17Make static (patch from metze)Jelmer Vernooij1-1/+1
(This used to be commit 908b16cc2a8b6c5c67aae0e1af9d51f57fe31212)
2003-06-17The return value of init_module functions is NTSTATUS, not intJelmer Vernooij1-3/+2
(This used to be commit f09df852ac0b25470fb9435c79a4a417e06e9b75)
2003-06-16Quieten another debug message.Tim Potter1-1/+1
(This used to be commit 2c47893c7542889d9e2ee097897a1df248b1a5e2)
2003-05-27I'm pretty sure these uint32's should be uid_t's. Can the passdb guysTim Potter1-1/+1
please check this? (This used to be commit af4b1f869a7dca0d24391fb2cefef7e05cca2c04)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-104/+84
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-4/+4
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28A new pdb_ldap!Andrew Bartlett1-2/+2
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-23Merge idra's fix for pdb_tdb segfaults from HEAD to 3.0 - sombody changedAndrew Bartlett1-3/+7
unix_strlower semantics. Andrew Bartlett (This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij1-16/+4
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett1-59/+0
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-48/+107
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-26syncing up with HEAD again....Gerald Carter1-30/+40
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+4
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-84/+142
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-19second step to gain free uid<->rid mappingSimo Sorce1-74/+19
we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
2002-03-18more verbose checking in talloc and util_pwSimo Sorce1-16/+19
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce1-22/+87
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-5/+5
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-02-01update from 2.2Simo Sorce1-2/+3
(This used to be commit 8bb2a7446ed69020086aaedf2889795dd38ef9d4)
2002-01-30Removed version number from file header.Tim Potter1-1/+2
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Add some information tidbits to an error DEBUG().Andrew Bartlett1-1/+1
(This used to be commit 3db417c2ebfda0d5872dee39e36edc4fb6299b9a)
2002-01-25Passdb changes:Andrew Bartlett1-5/+7
Modules now name themselves, which should allow for sane behaviour when we get an 'extern' passdb module (which in turn loads a .so). Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but its a start... Andrew Bartlett (This used to be commit 7d576d89d7b4a7b95e87a844568d7d7cd89f0542)
2002-01-23getpwnam -> getpwnam_alloc.Andrew Bartlett1-2/+4
idra has promised not to revert these this time :-) (This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
2002-01-21hmm, get it right this time.Simo Sorce1-1/+1
(This used to be commit 57a145bff6b382e6dc9a9af96451175d81462c8d)
2002-01-21fix also the comment.Simo Sorce1-2/+5
(This used to be commit 7f7a15e09a53a03dd423d40201f037f8da049cd7)
2002-01-21replace getpwnam_alloc with plain getpwnam.Simo Sorce1-2/+1
We are not going to reuse any getpw* call, so the extra alloc,copy and free only uses extra memory and extra cpu time for nothing. (This used to be commit 5c0bb0487bec00df494b72b64ddf274f42bfefea)
2002-01-21getpwnam -> getpwnam_allocAndrew Bartlett1-2/+3
(This used to be commit 59905d44e51d83f2d4a7b6844e0ae764e0b35c0c)
2002-01-20Inititialise the gid to what standard_sub_advanced wants for 'no value'.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a96503475d9c1d91c2dfcdebb4f60183432d9aff)