summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2009-10-20s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().Günther Deschner1-2/+2
Thanks Volker for the hint. Guenther
2009-10-20s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well.Günther Deschner1-0/+1
This is to finally pass RPC-LSA-LOOKUPNAMES test. Guenther
2009-10-20s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames.Günther Deschner1-0/+8
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-10-15Fix valgrind memory leak in bug #6814 - Fixes for problems reported by valgrindJeremy Allison1-0/+1
Jeremy.
2009-10-13s3: Fix some nonempty blank linesVolker Lendecke1-5/+5
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner2-7/+10
Guenther
2009-09-21s3:secrets_schannel: revert to using version 1Stefan Metzmacher1-3/+9
It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze
2009-09-02s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner1-0/+46
Note that this only is tried with editposix=yes. Guenther
2009-08-27s3-schannel: remove remaining code that was using "struct dcinfo".Günther Deschner1-167/+0
Guenther
2009-08-27s3-schannel: upgrade old format schannel_store.tdb.Günther Deschner1-4/+9
Guenther
2009-08-27s3-schannel: add simple wrappers to fetch and store schannel auth info.Günther Deschner2-0/+69
Guenther
2009-08-27s3-schannel: make open_schannel_session_store() public.Günther Deschner1-1/+1
Guenther
2009-08-03s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent.Günther Deschner1-0/+7
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther
2009-07-31Rename LOOKUP_NAME_EXPLICIT to LOOKUP_NAME_NO_NSSVolker Lendecke1-4/+8
It took me a bit to understand what this flag does. I hope this is a bit clearer, at least it is to me.
2009-07-29s3:passdb: use transaction_wrapped write in tdbsam_new_rid()Michael Adam1-1/+2
Now all tdb writes in passdb use transactions. Michael
2009-07-29s3:secrets: use transaction wrapped store in get rand seed.Michael Adam1-2/+2
Now secrets.tdb is only writen with transactions. Michael
2009-07-29s3:dbwrap: change dbwrap_change_uint32_atomic() to return NTSTATUS not uint32_t.Michael Adam1-3/+5
Michael
2009-07-17Fix Coverity CIDs 887, 888. Don't pass NULL's to functionsJeremy Allison1-4/+3
that deref them. Jeremy.
2009-07-14s3-passdb: fix wbc build warning.Günther Deschner1-2/+2
Guenther
2009-07-14Fix bug 5886Volker Lendecke1-8/+26
Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner5-42/+46
Guenther
2009-07-13s3-pdb_ads: set correct pdb field with the value from 'accountExpires' ↵Günther Deschner1-1/+1
attribute. Guenther
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner1-3/+3
Guenther
2009-07-10Return 0 domains from enum_trusteddomsVolker Lendecke1-1/+3
2009-07-10Quieten events and tldap debug messagesVolker Lendecke1-1/+1
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-23/+22
2009-07-04pdb_ads: For cached samu entries, priv is NULLVolker Lendecke1-75/+81
We have to recreate the priv entry on demand. This needs fixing in passdb... :-)
2009-07-04Add pdb_ads_get_domain_infoVolker Lendecke1-0/+53
2009-07-04pdb_ads: Use tldap_fetch_rootdse in pdb_ads_connectVolker Lendecke1-13/+12
2009-07-04pdb_ads: Fetch the domain GUIDVolker Lendecke1-1/+7
2009-07-04Add pdb_get_domain_infoVolker Lendecke2-0/+20
2009-07-04Make pdb_ads return an additional flagVolker Lendecke1-1/+1
2009-06-30Fix bug #6431 - local groups from 3.0 setups no longer found.Volker Lendecke1-8/+8
Search for groups without group suffix, group suffix is only used for new entries.
2009-06-29s3-pdb_tdb: give 'unknown_str' the proper name 'comment' and set comment in ↵Günther Deschner1-10/+15
passdb. pdb_{get,set}_comment were already existing in the API but were never used. Guenther
2009-06-29s3:pdb_ads: we need to make the fd for tldap/tsocket non-blockingStefan Metzmacher1-0/+2
metze
2009-06-28Turn the pdb_rid_algorithm into a capabilities call that returns flagsVolker Lendecke6-19/+19
2009-06-28Make pdb_ads survive a restart of Samba4Volker Lendecke1-106/+225
The search function retries once, the modifying call that hits a dead smbd returns an error. The next try will reconnect. This was simple to implement and provides a good compromise against Samba4 idling our connection. Most of the modifying calls are quickly after a search (like OpenUser) anyway.
2009-06-26s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam1-1/+1
With the previous code, the cache can never have been hit at all. Michael
2009-06-24Only set the password if there is oneVolker Lendecke1-4/+8
2009-06-20Prepare control supportVolker Lendecke1-10/+11
We will have arrays of controls passed to tldap.c. Follow a mantra from the classic book "Thinking Forth" by Leo Brodie: Favor counts over terminators :-) This makes the parameter lists to tldap pretty long, but everyone will have wrapper routines anyway, see for example tldap_search_fmt. And the OpenLDAP manpages call the non-_ext routines deprecated, probably for a reason.
2009-06-20Fix setting passwords in pdb_adsVolker Lendecke1-6/+7
The samba4 password_hash module does not allow changing the password fields via the "delete oldval" -> "add newval" set of modify operations, it requires a single "replace with newval" operation. Andrew, Samba3 by default uses that delete/add pair to detect if between fetching the old value and storing the new one the old value has changed. This is lost by using the "replace" operation. Would it make sense to add this to the password_hash module? Volker
2009-06-20talloc_tos() aborts if it can not get a stackframeVolker Lendecke1-3/+0
2009-06-12Activate tldap tracing in pdb_adsVolker Lendecke1-0/+34
2009-06-11s3 passdb ads: add missing characterTim Prouty1-1/+1
2009-06-11Implement pdb_enum_alias_membershipsVolker Lendecke1-3/+88
2009-06-10Implement pdb_ads_set_aliasinfoVolker Lendecke1-1/+68
2009-06-10pdb_default_aliasinfo is just fine for pdb_ads right nowVolker Lendecke1-8/+1
2009-06-10Implement pdb_ads_lookup_ridsVolker Lendecke1-3/+69
2009-06-10Fix a segfault in pdb_ads_delete_user()Volker Lendecke1-3/+11
If a user comes from the passdb cache, priv is NULL
2009-06-09If there are no mods, don't bother the ldap serverVolker Lendecke1-0/+5