summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2012-09-05Free protect_ids in secret_store_domain_sid() as the caller of ↵Michele Baldessari1-0/+2
fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 5 22:20:45 CEST 2012 on sn-devel-104
2012-09-04s3: Fix some nonempty blank linesVolker Lendecke1-3/+3
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DCAndrew Bartlett2-276/+281
The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
2012-09-01s3: Remove a shadowing variable declarationVolker Lendecke1-2/+0
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett2-2/+21
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-28s3-secrets: Use talloc_stackframe() in secrets_init_path()Andrew Bartlett1-3/+6
2012-08-28s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()Andrew Bartlett1-1/+2
2012-08-28s3-secrets: Add helper function to set machine account password from ↵Andrew Bartlett1-0/+86
secrets_tdb_sync secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-23s3: fix compile warning on openindianaBjörn Jacke1-5/+5
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Thu Aug 23 18:22:13 CEST 2012 on sn-devel-104
2012-08-21s3-passdb: Allow pdb_sid_to_id to work on any SIDAndrew Bartlett3-13/+19
This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett
2012-08-14s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databasesAndrew Bartlett1-5/+10
When pdb_samba4 first opens this databse, this message is printed. Andrew Bartlett
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison4-12/+37
2012-08-09Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2-3/+10
2012-08-07s3-passdb: Simplify idmap wrapper in pdb_samba4Andrew Bartlett1-50/+9
The source3 consumers of this API are now quite happy to be given an answer of ID_TYPE_BOTH, so we do not need this extra code to try and force the answer to UID or GID. Andrew Bartlett
2012-08-02s3-pypassdb: Fix wrapper for pdb_domain_info to return correct ↵Andrew Bartlett1-2/+2
dns_{domain,forest}
2012-07-31s3: Fix Coverity ID 710803 Resource leakVolker Lendecke1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-07-24s3-pdb: remove unused variables.Günther Deschner1-2/+0
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Jul 24 14:49:42 CEST 2012 on sn-devel-104
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett1-0/+1
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-18source3/passdb/py_passdb.c: wrap all calls in talloc_stackframe()Rusty Russell1-519/+489
dbwrap needs it. Some calls were already wrapped, but they checked the talloc_stackframe() return unnecessarily: it can never be NULL. This is the coccinelle patch I used: // Add in a stackframe to every function: be sure to free it on (every) return @rule0@ identifier func; @@ func(...) { +TALLOC_CTX *frame = talloc_stackframe(); <... +talloc_free(frame); return ...; ...> } // Get rid of tframe allocation/frees, replace usage with frame. @rule1@ identifier func; identifier oldframe; @@ func(...) { ... -TALLOC_CTX *oldframe; ... -if ((oldframe = talloc_stackframe()) == NULL) { - ... -} <... -talloc_free(oldframe); ...> } // Get rid of tframe (variant 2) @rule2@ identifier func; identifier oldframe; @@ func(...) { ... -TALLOC_CTX *oldframe; ... -oldframe = talloc_stackframe(); -if (oldframe == NULL) { - ... -} <... -talloc_free(oldframe); ...> } // Change tframe to frame @rule3@ identifier func; @@ func(...) { <... -tframe +frame ...> } Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18source3/passdb/py_passdb.c: don't steal from talloc_stackframe().Rusty Russell1-15/+2
If you want a stack-style allocation, use talloc_stackframe(). If you don't, don't use it. In particular, talloc_stackframe() here is actually inside a pool, and stealing from pools is a bad idea. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell7-44/+41
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-15s3-secrets: Use C99 typesAndrew Bartlett1-6/+6
2012-07-13s3-auth Remove unused global_machine_account_needs_changingAndrew Bartlett1-11/+0
This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam6-10/+10
This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam5-10/+10
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2012-07-12s3:passdb: remove commented out pdb_lookup_names codeMichael Adam1-82/+0
This code is lying there unused since more than five years now.
2012-07-03s3-passdb: Remove obsolte ldapsam_compat support.Andreas Schneider5-179/+6
2012-06-27s3-param: Rename loadparm_s3_context -> loadparm_s3_helpersAndrew Bartlett1-1/+1
This helps clarify the role of this structure and wrapper function. The purpose here is to provide helper functions to the lib/param loadparm_context that point back at the s3 lp_ functions. This allows a struct loadparm_context to be passed to any point in the code, and always refer to the correct loadparm system. If this has not been set, the variables loaded in the lib/param code will be returned. As requested by Michael Adam. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
2012-06-27s3-pdb_samba4: Remove dupliate profilePath handlingAndrew Bartlett1-6/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 13:16:26 CEST 2012 on sn-devel-104
2012-06-27s3-pdb_samba4: Add support for lastLogon and lastLogoffAndrew Bartlett1-2/+10
2012-06-27s3-pdb_samba4: Fix time handling, use nt_time_to_unix()Andrew Bartlett1-1/+1
This matches 478d74fe1447c4588b14ef7040c8c13339d54026 which I failed to merge from pdb_ads. Andrew Bartlett
2012-06-26s3-pdb_samba4: Allocate and free a talloc_stackframe() in ↵Andrew Bartlett1-3/+10
pdb_samba4_replace_by_sam()
2012-06-19Fix unused variable warnings.Jeremy Allison1-6/+2
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 19 21:17:51 CEST 2012 on sn-devel-104
2012-06-16s3-passdb: Remove pdb_adsAndrew Bartlett2-2702/+0
pdb_ads was an important module in the development of the combined Samba 4.0, and was the first module to show that standard samba3 tools such as smbpasswd can be made to operate on the sam.ldb. We now have pdb_samba4, which operates directly on the sam.ldb, rather than via ldapi://, which uses transactions and which is supported and tested as part of the official Samba 4.0 release configuration. This module is not as complete (for example, it does not honour the idmap configuration) and requires that the samba binary be running to operate. Andrew Bartlett
2012-06-15dbwrap: dbwrap_trans_store_uint32->dbwrap_trans_store_uint32_bystringVolker Lendecke1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 15 14:20:04 CEST 2012 on sn-devel-104
2012-06-15dbwrap: ↵Volker Lendecke1-2/+2
dbwrap_trans_change_int32_atomic->dbwrap_trans_change_int32_atomic_bystring Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: ↵Volker Lendecke1-2/+2
dbwrap_trans_change_uint32_atomic->dbwrap_trans_change_uint32_atomic_bystring Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_uint32->dbwrap_store_uint32_bystringVolker Lendecke2-2/+3
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_uint32->dbwrap_fetch_uint32_bystringVolker Lendecke2-4/+4
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_int32->dbwrap_store_int32_bystringVolker Lendecke1-4/+4
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_int32->dbwrap_fetch_int32_bystringVolker Lendecke1-7/+8
Signed-off-by: Michael Adam <obnox@samba.org>
2012-05-24s3-passdb: Fix negative SID->uid/gid/both cache handlingIra Cooper1-0/+14
-1 uid/gid/both signals a non existent uid/gid/both. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy1-2/+2
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23s3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both APIAlexander Bokovoy1-0/+47
struct unixid is defined in idmap.idl and therefore to use it one would need generated headers from librpc/gen_ndr. Not all of these files are installed and available as public headers. Also, they pull in some support headers which requires them to be available via specific locations like <librpc/gen_ndr/*> or <libcli/util>. Instead of pulling the headers to get structure and enum definitions, introduce three simple helpers to fill in 'struct unixid' based on the type of id. This is sufficient for PASSDB users and does not require exposing generated headers or code.
2012-05-10Fix bug 8920, null dereferenceSteve Langasek1-1/+3
Description: Avoid null dereference in initialize_password_db() When initialize_password_db() is called with reload=True, it's assumed that the free_private_data member of pdb_methods is non-null. This is not necessarily the case, as the tdb backend has no private data and therefore no free function. Check to see if we have private data that needs freed before calling. Author: Steve Langasek <steve.langasek@ubuntu.com> Bug-Ubuntu: https://bugs.launchpad.net/bugs/829221 Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu May 10 11:07:27 CEST 2012 on sn-devel-104
2012-05-04s3: Use hex_encode_bufVolker Lendecke1-4/+1
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Fri May 4 20:32:37 CEST 2012 on sn-devel-104
2012-05-04s3: Use hex_encode_bufVolker Lendecke1-3/+1
2012-05-03s3:passdb fix a compiler warningChristian Ambach1-1/+1
this one could have caused crashes Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu May 3 23:22:05 CEST 2012 on sn-devel-104
2012-05-03s3-pypassdb: add wrapper for enum_group_membershipsAndrew Bartlett1-1/+57
This will be used in samba3upgrade to try and get the group memberships by instead asking for the groups each user is in. This reverse lookup may be more reliable, as this is used at login time. Andrew Bartlett
2012-05-03s3-pypassdb: remove unused variableAndrew Bartlett1-2/+0