summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison3-472/+155
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16197: Fix Klocwork id 1338Volker Lendecke1-2/+3
(This used to be commit 963ae5bd144b90e71331a88029698a1a6dc52190)
2007-10-10r16155: Janitor for jelmer.Jeremy Allison1-1/+1
Fix typo in DEBUG() Jeremy. (This used to be commit da768bf9c2761884cc97f690133d6897ed353e15)
2007-10-10r16121: Fix a eDir related memory leak.Günther Deschner1-2/+9
Guenther (This used to be commit 322f1664df553d95fcdfc24f19bd7f34ce9b834b)
2007-10-10r16076: Fix for machine password timeout overflow from Shlomi YaakobovichJeremy Allison1-1/+1
<Shlomi@exanet.com>. Jeremy. (This used to be commit 5cd234a1fff1e9d025eea6600649e56c997eafc2)
2007-10-10r16064: Bug fix for another one Tom Bork has reported:Volker Lendecke1-3/+23
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a (non-algorithmic) group mapping. Thanks a lot! People out there listening, please test current code, this release is **BIG** :-) Volker (This used to be commit 8f9ba5f96c9b506623ef97b7ed3d84f39d914a3c)
2007-10-10r16016: Add debug to be symetrical with reading fromJeremy Allison1-0/+4
cache. Jeremy. (This used to be commit da26565a2e85dc36b283f6b81378a706f3ae5f26)
2007-10-10r16014: Correctly set the group RID in init_sam_from_buffer.Volker Lendecke2-0/+3
BIG THANKS to Tom Bork for reporting that Bug! Volker (This used to be commit 40339fdcced67d62e449ba6f19329d89c808e139)
2007-10-10r15895: Ensure all new rid allocation goes throughJeremy Allison1-6/+12
the same function (deals with races). Jeremy. (This used to be commit 4962548dfe8ec2854e209217066556f339d3186e)
2007-10-10r15888: Fix bug #3804 from jason@ncac.gwu.eduJeremy Allison1-2/+2
Invalid comparisons. Jeremy. (This used to be commit 9890a31c5f4a8911b0f56eee67cfbcc46f15ee43)
2007-10-10r15649: Allow to store 24 password history entries in ldapsam (same limit as onGünther Deschner1-6/+7
Windows). Fixes bug #1914. Guenther (This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
2007-10-10r15633: Minor smbldap/pdb_ldap cleanupGünther Deschner1-7/+4
Guenther (This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0)
2007-10-10r15601: Fix segfaults with 'security=share' and 'guest only = yes'Volker Lendecke1-0/+3
Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
2007-10-10r15571: Fix Coverity bug #285Volker Lendecke1-3/+7
(This used to be commit 2cf503d7da08319f318217f6fe8f85c18bf0dffb)
2007-10-10r15547: say goodbye to --with-ldapsam (although the ldapsam_compat passdb ↵Gerald Carter1-17/+0
backend still exists (This used to be commit 7d99e05ee8f60b2b4d18405dc8be6f9ff822c3ad)
2007-10-10r15542: Close the LDAP connection and free the struct, regardless whether theGünther Deschner1-1/+1
simple bind operation was successful or not. Guenther (This used to be commit e4734cb99cae189edf49c4d8f4e4324f5c51f443)
2007-10-10r15444: Fix from Jim to ensure we do a wildcard search for SID'sJeremy Allison1-1/+1
starting with the global SAM sid, not an exact search. Jeremy. (This used to be commit 755c272ebf5d0f4de15178814f998d1ec5ecb718)
2007-10-10r15360: Fix bug # 3741. One more place where the algorithmic mapping needs ↵Volker Lendecke1-5/+24
to stay. Volker (This used to be commit 898948d65409e5b63937fbd8050be04ac81df05d)
2007-10-10r15310: only store lanman passwords on a change if 'lanman auth = yes'Gerald Carter1-7/+8
(This used to be commit b6904e0950a5e70ebb2ea8aa9e9afc220adbe211)
2007-10-10r15283: Oh yeah. The build farm doesn't do much with head. OK, here is the ↵Paul Green1-0/+2
patch to SAMBA_3_0 to declare prototypes for the initialization functions. These are the same changes I just made to head. --paulg (This used to be commit 17774387ad879b6a72dd1cf406326318add31b04)
2007-10-10r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring ↵Volker Lendecke2-5/+5
does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
2007-10-10r15009: Add a check for NULLVolker Lendecke1-0/+3
(This used to be commit 0a7d4f1ab109f57f5b5f4c1e83ad346b13b50778)
2007-10-10r14868: I will not write code when changing to Daylight Savings Time.Gerald Carter1-5/+10
I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. ... Fix my brain dead inverted logic for turning winbindd on and off when run on a DC or when calling pdb functions from within winbindd. (This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
2007-10-10r14855: Various fixes:Gerald Carter1-10/+8
* depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
2007-10-10r14780: Fix coverity bug #272, null deref.Jeremy Allison1-0/+8
Jeremy. (This used to be commit 1588ce8efe7fafd89561b55a98c498f947f4ada9)
2007-10-10r14758: Fix broken LDAP search filter.Günther Deschner1-1/+1
Guenther (This used to be commit 25970a54298f2888b5c3cd64496dbd0c9d627a05)
2007-10-10r14756: Make smbpasswd -a root work for eDirectory where there is no "account"Günther Deschner1-5/+18
structural objectclass. Guenther (This used to be commit 7eefeaad352597b6f97160b1abc0dc032c0b46b2)
2007-10-10r14696: make pdb_find_backend_entry public (for use by an external "multi" ↵Jelmer Vernooij1-3/+1
pdb backend) (This used to be commit c149421ef7aca8763e21e6c7d467e94944c30e8b)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter2-22/+84
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14577: BUG Fixes:Gerald Carter2-11/+9
* Add back in the import/export support to pdbedit * Fix segv in pam_smbpass * Cleanup some error paths in pdb_tdb and pdb_interface (This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter2-2/+32
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r14452: Sorry. Need more coffee....Gerald Carter1-1/+1
* Fix sprintf() args when createing the group search filter. (This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)
2007-10-10r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter1-42/+16
groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter2-15/+8
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14103: Fix a memleak found by valgrind (!!)Volker Lendecke1-0/+1
(This used to be commit b880602c4c1b13fbb5931b8e00c22209a722e0d5)
2007-10-10r14102: Fix Coverity bug # 70Volker Lendecke1-0/+4
(This used to be commit 56dc19879c6514cbdd0b1fd186c8bdeb61bf151a)
2007-10-10r14088: Fix Coverity bug #20. Don't deref possible null.Jeremy Allison1-6/+9
Jeremy. (This used to be commit 7f3ace5481e55ef845da28b9c0613a2ea0de0de4)
2007-10-10r13979: We've dereferenced my_methods already, so there's no point in ↵Volker Lendecke1-1/+1
checking for != NULL. Coverity #149. Volker (This used to be commit d38e05329a77650d8fbb8611ca148964f62c9ba4)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-7/+3
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13843: Merge in net sam provision and some pdb_ldap fixesSimo Sorce1-82/+130
(This used to be commit 705d8118081784e9907648fd1daaaa5ec0285972)
2007-10-10r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense.Volker Lendecke2-3/+18
Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce2-109/+892
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13765: Fix bug reported by jra. Don't check for a group SID when storingGerald Carter1-0/+2
a user since we no longer pay any attention to the value. (This used to be commit 085c6859ee5b97efe9ec06e95877d500822d3c82)
2007-10-10r13756: use samu_new() rather than calling talloc() directly.Gerald Carter1-1/+1
(This used to be commit c13af58f6322104a45d0e620cc26f522a47af2ab)
2007-10-10r13747: Fix the reference count for tdbsam_open() - on anJeremy Allison1-5/+9
upgrade it calls tdbsam_convert() which calls tdbsam_open() deep inside the init_sam_from_buffer_vX call. If the ref count hasn't been set yet then we will close the tdbsam reference in tdbsam_getsampwsid(). smbpasswd -a was core-dumping again :-). Jeremy (This used to be commit 993069eb87c190ba8ee92224340c8f9ffb3ade74)
2007-10-10r13729: Fix smbpasswd -xVolker Lendecke1-13/+6
(This used to be commit 2afcbbfb6f2efcc2e10106b10a87365556013787)
2007-10-10r13728: No, we have not talked about this on irc less than 24h ago... ;-)Volker Lendecke1-2/+2
(This used to be commit 59f95ea752d932b00d4a4ff37311b830d65c8a03)
2007-10-10r13727: Fix a segfaultVolker Lendecke1-1/+5
(This used to be commit 76c100834d125b889d29d0fc38934bed4cc77e19)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner6-40/+275
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13704: Janitor for tpot.Jeremy Allison1-50/+55
Jeremy ------------- Slightly smaller version of pdb_get_methods() patch. Turns out that callers to initialize_password_db() use the reload parameter so this has turned in to a smaller cleanup than I thought. (This used to be commit 7e243104eb57d656adf7b5a322fc8dde9e3c2868)