summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-06s3-passdb: include samr.h where needed.Günther Deschner3-0/+3
Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner8-0/+8
Guenther
2010-07-11s3: [ug]id_to_unix_... can not failVolker Lendecke1-4/+12
Remove some silly failure checks
2010-07-06s3:pdb_ldap: change LDAP password before samba password hashesBjörn Jacke1-33/+34
this way we can catch up with password change refuses from ldap password policy overlays and abort the password change early. Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
2010-07-06s3: Fix another aspect of bug 7262 and make paged results work againVolker Lendecke1-4/+4
2010-07-05s3: Make talloc_attrs() staticVolker Lendecke1-1/+1
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-0/+1
Guenther
2010-06-28s3-passdb: Make sure dn is initialized and don't free it.Andreas Schneider1-3/+1
dn is just a pointer to a memory which hasn't been duplicated. Found by clang-analyzer.
2010-06-28s3-passdb: Make sure we don't call free on a garbage pointer.Andreas Schneider1-1/+1
Found by clang-analyzer.
2010-06-28s3-passdb: Make sure that we don't assign garbage.Andreas Schneider1-1/+1
2010-06-10s3: Fix EnumDomainAliases when no aliases are in LDAPVolker Lendecke1-6/+4
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just like W2k8 does. usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
2010-06-10s3:pdb_ldap: fix bug 7505 - init_sam_from_ldap stores group in sid2uid cacheMichael Adam1-1/+1
2010-06-10s3-passdb: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-06-09s3: Fix bug 7253Volker Lendecke1-1/+8
acct_ctrl is 32 bit in LOGIN_CACHE, but "w" as a format specifier for tdb_unpack only writes 16 bits. Okay on x86, not okay on Solaris. Thanks to Vladimir.Marek@Sun.COM! Volker
2010-06-07s3:passdb Export function to calculate the proper primary group sidSimo Sorce2-86/+132
Don't keep it buried in passdb, this function need to be available for use in places where we do not want to construct an artificial samu struct just to play tricks. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-02s3: Allow previous password to be stored and use it to check ticketsMatthieu Patou1-4/+77
This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3-build: only use ndr_security.h where needed.Günther Deschner1-0/+1
Guenther
2010-05-29s3:passdb Fix memory leakSimo Sorce1-0/+1
We were allocating this passwd structure on sampass, but never freeing it nor assigning it to unix_pw where it could be reused.
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett15-221/+221
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 typesAndrew Bartlett5-229/+229
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-passdb: move get_logon_hours_from_pdb() into samr server.Günther Deschner1-23/+0
Guenther
2010-05-18s3:split secrets.c to put machine account secrets in a new fileAndrew Bartlett2-366/+398
This helps the s3compat effort by allowing these functions to be replaced by functions that query the cli_credentials and secrets.ldb APIs. Also, this changes a couple of DOM_SID to struct dom_sid along the way. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij2-11/+11
2010-05-18s3-tldap: only include tldap when actually needed.Günther Deschner1-0/+2
Guenther
2010-05-18security: merge builtin rid tables.Günther Deschner1-18/+18
Guenther
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner5-13/+13
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-05-08s3-passdb: moving account_pol.c into passdb.Günther Deschner1-0/+453
Guenther
2010-04-29s3-pdb_ldap: fix memleak.Günther Deschner1-2/+2
Guenther
2010-04-28s3: Make a debug msg more readableVolker Lendecke1-1/+1
2010-03-25s3:passdb: avoid sid_to_gid() if the sid is "domain users"Stefan Metzmacher1-3/+7
If the call fails we would use the "domain users" sid anyway. metze
2010-03-25Fix some nonempty blank linesVolker Lendecke1-3/+3
2010-03-23s3-builtin: Add missing builtin groups.Karolin Seeger1-0/+8
Karolin
2010-03-23s3-builtin: Add some builtin groups.Karolin Seeger1-1/+8
Karolin
2010-03-16s3: Make login_cache_write take a pointerVolker Lendecke2-7/+8
2010-03-16s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke2-24/+16
2010-03-16s3: Remove a typedefVolker Lendecke2-6/+7
2010-03-16s3: Fix some nonempty blank linesVolker Lendecke1-7/+7
2010-03-10s3-passdb: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-02-23s3:schannel streamline interfaceSimo Sorce1-131/+0
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-23s3-passdb: Remove obsolete signal type cast.Andreas Schneider1-3/+3
2010-02-13s3: Fix bug 5198 -- parse chfn(1)-change gecos fieldVolker Lendecke1-1/+34
2010-02-10s3: change ldap filter to what really was intendedBjörn Jacke1-1/+1
2010-02-09s3:passdb: only use gid_to_sid() result if the result is a group of our ↵Stefan Metzmacher1-4/+16
local sam Otherwise retry with pdb_gid_to_sid(). metze
2010-02-08s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher1-31/+35
metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-7/+29
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-08s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher1-5/+85
support And also store the gid_to_sid mappings in the idmap_cache. metze
2010-02-08s3:passdb: speed up pdb_get_group_sid()Stefan Metzmacher1-5/+28
Use the cached version gid_to_sid() instead of pdb_gid_to_sid(). And also avoid the expensive lookup_sid() call for wellkown domain groups. metze
2010-02-08s3: Make pdb_copy_sam_account also copy the group sidVolker Lendecke1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-08s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher1-0/+71
The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze
2010-02-05s3: Make use of ZERO_STRUCTPVolker Lendecke1-1/+2