summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25092: Add support for storing trusted domain passwords in LDAP forMichael Adam1-5/+277
passdb backend = ldapsam. Along with reproducing the functionality of the secrets.tdb code, I have prepared the handling of the previous trust password (in case we are contacting a dc which does not yet know of a recent password change). This information has still to be propagated to the outside, but this requires a change of the api and also a change of the secrets.tdb code. Michael (This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
2007-10-10r25091: Start adding support for storing trusted domain passwords in LDAPMichael Adam1-0/+44
(for passdb backen = ldapsam). At a first step, add the hooks, calling the secrets_ functions. Michael (This used to be commit 9c03cdf3a449149c50451a44deb420341e65af34)
2007-10-10r24991: Kill all those lots of trailing whitespaces from secrets.c.Michael Adam1-72/+72
These red bars in vi really hurt my eyes... :-o Michael (This used to be commit 2e99e141c3254fe072756697b8db3cbd4e4f1db4)
2007-10-10r24990: Kill an incredible amount of trailing whitespaces...Michael Adam1-8/+10
Further reformat get_trust_pw to conform to coding rules. Michael (This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell2-4/+2
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell13-26/+13
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison15-15/+15
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23688: Fix bug #4759 reported by Raul <ismell@ismell.org>.Jeremy Allison1-1/+1
"N" is not a valid format entry for ber_printf, should be "n" Jeremy. (This used to be commit f3bb102c24018f0a91f8b51de6fe646c091da6be)
2007-10-10r23630: Found out what LSA_LOOKUP_NAMES level 5 means:Günther Deschner1-1/+1
only query transitive forest trusts. Guenther (This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach2-2/+2
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-4/+4
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10r23194: cherry pick two fixes from SAMBA_3_0_26Gerald Carter2-6/+10
* strptime() failure check * make legcacy sid/uid/gid calls static (This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
2007-10-10r23192: Remove fallback to looking up group mappings by theGerald Carter1-17/+1
Unix name after discussion with Simo. (This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
2007-10-10r23051: sid_to_[ug]id fixes for smbdSimo Sorce1-12/+26
(This used to be commit 2d636ad2a33d0ca61bf6022feceed47dd68ef855)
2007-10-10r23046: Few missing merges from cleaning out the Centeris winbindd tree.Gerald Carter1-1/+1
Nothing of major interest. Will fix a few problems with one way trusts. (This used to be commit 3d48a7e72d9268fd495e0ca4b6e73bed5bb57214)
2007-10-10r23005: If we're running on a system where time_t is 8 bytesJeremy Allison1-16/+16
we have to take care to preserve the "special" values for Windows of 0x80000000 and 0x7FFFFFFF when casting between time_t and uint32. Add conversion functions (and use them). Jeremy. (This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
2007-10-10r22977: Trim noise by removing redundant WARNING log message thatGerald Carter1-4/+0
would flood at log level 2. We know when we're using the legacy mapping code anyways since it will log an informative msg. (This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-2/+2
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and changeVolker Lendecke1-14/+6
return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-) (This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
2007-10-10r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.Volker Lendecke1-6/+13
(This used to be commit 2c5b951eba509e826a29775db992aca474476484)
2007-10-10r22766: Merge from 3_0:Volker Lendecke1-13/+6
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines Add a "deletelocalgroup" subcommand to net sam. Thanks to Karolin Seeger <ks@sernet.de>. (This used to be commit fb6ac8a5b247a961963a9b6a95cd6608c5b53d09)
2007-10-10r22631: Remove the possibility of sid_check_is_domain andJames Peach1-2/+1
sid_check_is_in_our_domain getting out of sync. (This used to be commit bbc102172abcb5f7c5c9e777536d7c17afe8b355)
2007-10-10r22613: Fix an uninitialized variable warningVolker Lendecke1-1/+1
(This used to be commit d4c5d5ffb30fe50abb828067b047d5eb61038ddf)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-9/+27
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22125: Fix a warningVolker Lendecke1-1/+1
(This used to be commit 1c0ceb5fe217bd7210072869a1313c7ac67ff118)
2007-10-10r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison2-16/+16
messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy. (This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
2007-10-10r22066: Ensure that winbind can resolve SIDs in the S-1-22-{1,2}Gerald Carter1-1/+21
domain to a uid.gid using the idmap_passdb backend. (This used to be commit fc1aeee52d8cb6c8d5d306dbbec18127bd2674bc)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher4-27/+28
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-1/+1
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21983: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher1-27/+25
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit 5a5579d8429e6f76805a093133ba29c7f8321512)
2007-10-10r21982: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher1-29/+12
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit 9ebaa4c573ea5784a8c9cd9d29561b760d62bb18)
2007-10-10r21981: as we use tdb_trans_store(), we should also use tdb_trans_delete()Stefan Metzmacher1-1/+1
metze (This used to be commit 2d2f8099684c4516ed685e5bb2a21541d53645ac)
2007-10-10r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison1-1/+1
command. Jerry, Simo, please check. Jeremy. (This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
2007-10-10r21881: Make sure we are very specific when testing whether a backand can ↵James Peach1-1/+2
handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review? (This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
2007-10-10r21853: Fix a valgrind errorVolker Lendecke1-0/+5
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-20/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+20
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r21819: Wrap all steps in secrets_store_machine_password into one singleVolker Lendecke1-12/+50
transaction. Succeed all or store nothing. Volker (This used to be commit 4efc7b45985e807532214959c1872cd6e7865ab8)
2007-10-10r21818: Remove some unused codeVolker Lendecke1-23/+0
(This used to be commit f88eab91c43570e4da7a4a6cd117e7b7ebf53331)
2007-10-10r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke2-3/+22
winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
2007-10-10r21782: Fix a memleakVolker Lendecke1-0/+1
(This used to be commit a2dc1f62fdf7683cfb2ca71499dbe7efddc4aa9b)
2007-10-10r21738: Remove unused file.James Peach1-80/+0
(This used to be commit 7246b316960e5307d988ad3296230767e57f455b)
2007-10-10r21609: Fix memory leaks in error code paths (and one in winbindd_group.c).Jeremy Allison1-0/+2
Patch from Zack Kirsch <zack.kirsch@isilon.com>. Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
2007-10-10r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison1-0/+1
Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce1-8/+60
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r21507: Fix some "cannot access LDAP when no root" bugs.Gerald Carter1-2/+14
The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() (This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
2007-10-10r20998: Fix debug messageVolker Lendecke1-1/+2
(This used to be commit a5a1c8c785939e7cf6108adb573ac277726f584b)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20851: To read account policies from LDAP we need root.Volker Lendecke1-2/+12
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke4-46/+123
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)