summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2013-01-10passdb: Add discard_const_p() to pdb_samba_dsdbAndrew Bartlett1-2/+2
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: fix building pdb_ldap as shared moduleMichael Adam2-2/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
2012-12-03s3:passdb: don't look into group mappings in legacy_sid_to_unixid()Michael Adam1-28/+1
The backends (tdbsam and ldapsam) do this. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()Michael Adam1-0/+5
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()Michael Adam1-3/+3
instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: add sid_check_object_is_for_passdb()Michael Adam1-0/+1
Variant of sid_check_is_for_passdb() that only checks for objects in the various domains, not for the domain sids themselves. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam1-16/+32
pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our samMichael Adam1-5/+0
This code treats the own sam, builtin, wellknown, and sids from the "Unix User" and "Unix Group" pseudo-domains. This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03build the new sid_check_is_for_passdb() function into passdbMichael Adam1-0/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-09-27s3:passdb formatting changesChristian Ambach1-7/+7
fix some trailing whitespace and a typo
2012-09-26lib/util/charset: We do not use fucntions from wchar.h any moreAndrew Bartlett1-1/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 26 02:13:10 CEST 2012 on sn-devel-104
2012-09-22build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SETAndrew Bartlett1-1/+1
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 09:09:17 CEST 2012 on sn-devel-104
2012-09-22s3:pdb_ldap remove unused functionChristian Ambach1-23/+0
Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Sat Sep 22 04:28:37 CEST 2012 on sn-devel-104
2012-09-14s3: make smbldaphelper subsystem an internal libraryAlexander Bokovoy1-7/+0
Break pdb_ldap -> smbldaphelper -> pdb -> pdb_ldap loop by making smbldaphelp intentionally underlinked internal library. It means that libsmbldaphelp is not usable unless its user is also linked to libpdb (that is the case for both its users, idmap_ldap and pdb_ldap, already) but gives us a break of the circular dependency in case pdb_ldap statically linked into pdb (default). This should solve case when idmap_ldap and pdb_ldap are dynamically loaded modules Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Sep 14 01:02:21 CEST 2012 on sn-devel-104
2012-09-13s3: make ldapsam-related functions a smbldaphelper subsystemAlexander Bokovoy1-2/+2
Since these functions are used in pdb_ldap and idmap_ldap, and pdb_ldap might be statically linked to libpdb (default), it is better to keep them as separate subsystem to avoid polluting libpdb namespace. This is first step in refactoring libpdb. Right now I cannot move these functions into proper libsmbldaphelper as it uses more of libpdb-included functions and linking pdb_ldap against libsmbldaphelper library would have created a loop if pdb_ldap is included into libpdb. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Sep 13 17:36:07 CEST 2012 on sn-devel-104
2012-09-12s3-pdb: filter out more symbols only used in ldapsam internalsAlexander Bokovoy1-1/+0
2012-09-10s3-passdb: update abi_match and ignore more statically linked functionsAlexander Bokovoy1-10/+0
Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Mon Sep 10 16:14:50 CEST 2012 on sn-devel-104
2012-09-07s3-smbldap: use smbldap_ prefixed functionsAlexander Bokovoy3-44/+44
2012-09-07s3-waf: avoid exporting init symbols from statically linked modulesAlexander Bokovoy1-0/+317
WAF builds with and without AD DC affect list of statically linked modules that are added into libpdb. This makes impossible to have ABI for libpdb that does not depend on configured features. By making init functions from statically linked modules to have local scope in shared libraries, we avoid unwarranted ABI changes. Additionally, pdb_samba_dsdb imports IDMAP subsystem of source4/ as it is not a shared library. Making its symbols private as well. Finally, in order to have the filtering of symbols work, libpdb has to be public library.
2012-09-07s3-passdb: convert pdb_ipa to use secrets wrappersAlexander Bokovoy1-4/+4
2012-09-07s3-passdb: convert pdb_ldap to use secrets wrappersAlexander Bokovoy1-2/+2
2012-09-07s3-passdb: wrap secrets.tdb accessors used by PDB modulesAlexander Bokovoy1-0/+34
PDB modules store domain sid and guid in secrets.tdb to cooperate with other parts of smbd. If PDB module is built outside Samba source code it has to be linked against internal libsecrets. Wrap required secrets_* calls to avoid direct linking. libpdb is linked against libsecrets by itself and this is enough.
2012-09-07Free protect_ids in secret_store_domain_guid() as the caller of ↵Michele Baldessari1-0/+2
fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 7 04:11:43 CEST 2012 on sn-devel-104
2012-09-05Free protect_ids in secret_store_domain_sid() as the caller of ↵Michele Baldessari1-0/+2
fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 5 22:20:45 CEST 2012 on sn-devel-104
2012-09-04s3: Fix some nonempty blank linesVolker Lendecke1-3/+3
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DCAndrew Bartlett2-276/+281
The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
2012-09-01s3: Remove a shadowing variable declarationVolker Lendecke1-2/+0
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett2-2/+21
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-28s3-secrets: Use talloc_stackframe() in secrets_init_path()Andrew Bartlett1-3/+6
2012-08-28s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()Andrew Bartlett1-1/+2
2012-08-28s3-secrets: Add helper function to set machine account password from ↵Andrew Bartlett1-0/+86
secrets_tdb_sync secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-23s3: fix compile warning on openindianaBjörn Jacke1-5/+5
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Thu Aug 23 18:22:13 CEST 2012 on sn-devel-104
2012-08-21s3-passdb: Allow pdb_sid_to_id to work on any SIDAndrew Bartlett3-13/+19
This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett
2012-08-14s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databasesAndrew Bartlett1-5/+10
When pdb_samba4 first opens this databse, this message is printed. Andrew Bartlett
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison4-12/+37
2012-08-09Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2-3/+10
2012-08-07s3-passdb: Simplify idmap wrapper in pdb_samba4Andrew Bartlett1-50/+9
The source3 consumers of this API are now quite happy to be given an answer of ID_TYPE_BOTH, so we do not need this extra code to try and force the answer to UID or GID. Andrew Bartlett
2012-08-02s3-pypassdb: Fix wrapper for pdb_domain_info to return correct ↵Andrew Bartlett1-2/+2
dns_{domain,forest}
2012-07-31s3: Fix Coverity ID 710803 Resource leakVolker Lendecke1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-07-24s3-pdb: remove unused variables.Günther Deschner1-2/+0
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Jul 24 14:49:42 CEST 2012 on sn-devel-104
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett1-0/+1
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-18source3/passdb/py_passdb.c: wrap all calls in talloc_stackframe()Rusty Russell1-519/+489
dbwrap needs it. Some calls were already wrapped, but they checked the talloc_stackframe() return unnecessarily: it can never be NULL. This is the coccinelle patch I used: // Add in a stackframe to every function: be sure to free it on (every) return @rule0@ identifier func; @@ func(...) { +TALLOC_CTX *frame = talloc_stackframe(); <... +talloc_free(frame); return ...; ...> } // Get rid of tframe allocation/frees, replace usage with frame. @rule1@ identifier func; identifier oldframe; @@ func(...) { ... -TALLOC_CTX *oldframe; ... -if ((oldframe = talloc_stackframe()) == NULL) { - ... -} <... -talloc_free(oldframe); ...> } // Get rid of tframe (variant 2) @rule2@ identifier func; identifier oldframe; @@ func(...) { ... -TALLOC_CTX *oldframe; ... -oldframe = talloc_stackframe(); -if (oldframe == NULL) { - ... -} <... -talloc_free(oldframe); ...> } // Change tframe to frame @rule3@ identifier func; @@ func(...) { <... -tframe +frame ...> } Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18source3/passdb/py_passdb.c: don't steal from talloc_stackframe().Rusty Russell1-15/+2
If you want a stack-style allocation, use talloc_stackframe(). If you don't, don't use it. In particular, talloc_stackframe() here is actually inside a pool, and stealing from pools is a bad idea. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell7-44/+41
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-15s3-secrets: Use C99 typesAndrew Bartlett1-6/+6
2012-07-13s3-auth Remove unused global_machine_account_needs_changingAndrew Bartlett1-11/+0
This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam6-10/+10
This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam5-10/+10
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2012-07-12s3:passdb: remove commented out pdb_lookup_names codeMichael Adam1-82/+0
This code is lying there unused since more than five years now.
2012-07-03s3-passdb: Remove obsolte ldapsam_compat support.Andreas Schneider5-179/+6