summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2008-03-10Make use of talloc_asprintf_strupper_m in secrets.cVolker Lendecke1-37/+21
(This used to be commit 3ac4f935c074af768d0b83514f86d010c387817a)
2008-03-10Avoid some pointless checksVolker Lendecke1-12/+0
secrets_init() makes sure that the tdb is initialized (This used to be commit 8725dbc8888cf7a1d3d9d1205678fcd3ca3c6350)
2008-03-10Use talloc_tos() in secrets_initVolker Lendecke1-12/+5
(This used to be commit 27065382d9b692b5885265c9d60ffb7ec7748c38)
2008-03-05Fix a memleak -- Coverity ID 222Volker Lendecke1-1/+2
(cherry picked from commit a40781bafa3a8f0c7737164bca6cf74b0a452e72) (This used to be commit 86cabcad74ac06d888f2a352a2bef3abea1ed85c)
2008-03-04Fix crash bug in pdb_init_ldapsam().Günther Deschner1-2/+2
Karolin, this needs to be in 3-2-stable. Guenther (This used to be commit 0d73bde6de4391e7aec862424762473441fa0905)
2008-02-25Fix some warningsVolker Lendecke1-1/+4
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result (This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d)
2008-02-19Change ldap search filter. This function is also used to search machine ↵Karolin Seeger1-2/+2
accounts which may be located in a different ou. This is an extension to e71a48bb80cee85afcccacbce2884c0d600f4d72. Karolin (This used to be commit e5cc8b683cba3f2f3a84b1636b3d5bee1bfc0dda)
2008-02-17Use netr_SamInfo3 in remaining places.Günther Deschner2-2/+2
Guenther (This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
2008-02-13nsswitch: convert winbind_env_set(), winbind_on() and winbind_off() into macrosStefan Metzmacher1-2/+2
metze (This used to be commit 5f623f54a919cc687d0ff16c16038c05a501008d)
2008-02-12Add get_logon_hours_from_pdb() (inspired by samba4).Günther Deschner1-0/+23
Guenther (This used to be commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4)
2008-02-11Change ldap search filter. This function is also used to search machine ↵Karolin Seeger1-1/+1
accounts which may be organized in a different ou. Karolin (This used to be commit e71a48bb80cee85afcccacbce2884c0d600f4d72)
2008-02-09More paranoid checks for secrets_init() success.Günther Deschner1-13/+35
Guenther (This used to be commit 5e60852bae61be72dee9d5b93c59ac900aba73ae)
2008-02-08Fix typo.Karolin Seeger1-1/+1
Karolin (This used to be commit 53b83bb53ff02878748fada589fd2faf3520d260)
2008-02-05Don't return true on talloc fail.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 21594cb34c683262ed4f743b68c35e586676ff75)
2008-02-04Fix valgrind errorsVolker Lendecke1-1/+17
We need to keep the names around on the search. Probably a tdb_move would do it here as well, but RPC is not the fastest thing on earth anyway... Thanks to Günther for pointing that out to me! (This used to be commit c9472ae61039adf178e047d89dbcc698dfa57059)
2008-02-04Remove a staticVolker Lendecke1-4/+1
I very much doubt that this is called enough to justify a global. If this turns out to be a hot code path, we might reconsider :-) (This used to be commit 5223d18ea2d891418a0f833f58cc3502cb26ce03)
2008-01-25Fix lookup_sids to detect unix_groups and unix_users domain sids.Michael Adam1-0/+10
This fixes panics in wbcLookupRids when 1-2-22 was passed as a domain sid. Michael (This used to be commit c0d9732cf4482b0db02c75f316ff2b41f3336425)
2008-01-25Add a debug message: show the sid lookup_sid() was called for.Michael Adam1-0/+2
Michael (This used to be commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061)
2008-01-25Add a debug message to lookup_rids() printing the domain SID.Michael Adam1-0/+3
This is to ease debugging. I sporadically get panics that are apparently due to NULL domain sid passed to lookup_rids somewhere. Michael (This used to be commit 723e877c241dd5a0c8addb89507c9eda75b88ea4)
2008-01-12Fix CID 469. new_acct can't be NULL here.Jeremy Allison1-2/+1
Jeremy. (This used to be commit c79e9414c4baed6e61fc6a3f766395b873bcc4ea)
2008-01-09Fix memleak in ldapsam_rename_sam_account() found by IBM checker.Michael Adam1-1/+1
The check for out of memory was the wrong way round. Michael (This used to be commit d7a7b793203b986823859ac5171d2d4c30e52415)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam1-7/+11
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-07Add secrets_shutdown().Günther Deschner1-0/+13
Guenther (This used to be commit dd3fbd93b6e5fe8b5e3a3727a64a38d5ae46fcbf)
2008-01-02Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>Jeremy Allison1-0/+4
Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally. Jeremy. (This used to be commit 9369d6e907a49da1fbf2a5690118412b8d1a0383)
2007-12-29Make pdb_tdb honour a private dir overridden in smb.conf.Michael Adam1-1/+1
One lp_private_dir() has to be used instead of get_dyn_PRIVATE_DIR() to determine the location of the passdb.tdb. I noticed this when running make test as a "normal user" from a build, where I had done "make install" as root before, and so the passdb.tdb could not be accessed during the startup phase "CREATE TEST ENVIRONMENT IN ./st ..." in selftest.sh. Michael (This used to be commit 1f96389afa7250af7393489fb538b8aed93d815c)
2007-12-29passdb.tdb is located in the private directoryVolker Lendecke1-1/+2
Jerry, as part of d6cdbfd87 the default location of passdb.tdb has changed from the private directory to the state directory. I think because passdb.tdb holds the password hashes, it is reasonable to keep this next to the smbpasswd file. Please review and potentially push. Thanks, Volker (This used to be commit c9c7607c402c0a9df9796c767b689d207d67d8e4)
2007-12-28Convert csamuser to memcacheVolker Lendecke1-27/+26
(This used to be commit 476d3abf9c6142d99822212141fc3d843aca4798)
2007-12-26Remove the sampwent interfaceVolker Lendecke4-446/+1
(This used to be commit 9e80b969fb40766de2c9b1a05d16bf4d4c6e46f7)
2007-12-26smbpasswd_search_usersVolker Lendecke1-0/+114
(This used to be commit 84af4fb65677cf137f14f57c8820c77c9d006d89)
2007-12-26Add tdbsam_search_usersVolker Lendecke1-0/+134
(This used to be commit 02f0b0bd393bd942fc934f251bd6afed8e5424b0)
2007-12-23Convert the [gu]id_sid cache to memcacheVolker Lendecke1-134/+62
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-1/+2
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-19Add and use some keystr functions using talloc_tos() in secrets api.Günther Deschner1-44/+123
Guenther (This used to be commit 6ccbf67a0c6f117978df55d4e2565d34fddf9317)
2007-12-18Prevent another segfault.Michael Adam1-1/+3
Michael (This used to be commit 0a9874c1c76c0ccc71caba7ee85a0ee1a91808c5)
2007-12-17Remove direct caller of secrets_fetch_trusted_domain_password().Michael Adam1-1/+1
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95. This calls pdb_get_trusteddom_pw() instead, again. Michael (This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
2007-12-17Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This patch is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke2-9/+9
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Replace sid_string_static with sid_to_stringVolker Lendecke2-6/+11
This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-3/+4
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke9-84/+80
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-14/+16
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-14Revert "Fix for bug #4801: Correctly implement lsa lookup levels for ↵Stefan Metzmacher1-32/+13
lookupnames." As it breaks all tests which try to join a new machine account. So more testing is needed... metze This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380. (This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
2007-12-13Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.Michael Adam1-2/+1
Michael (This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam1-16/+58
get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael (This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13Refactor the lagacy part of secrets_fetch_trust_account_password() outMichael Adam1-13/+31
into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael (This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+14
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Remove two unneeded functions.Michael Adam1-23/+0
secrets_store_trust_account_password() and trust_password_delete() are the write access functions to the SECRETS/$MACHINE.ACC/domain keys in secrets.tdb, the md4 hashed machine passwords. These are not used any more: Current code always writes the clear text password. Michael (This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca)
2007-12-13Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
2007-12-12Fix logic and prevent segfaults in secrets trustdom tdb pack code.Michael Adam1-14/+14
New size calculation logic in tdb_trusted_dom_pass_pack() and tdb_sid_pack() used accumulated sizes as successive offsets to buffer pointer. Michael (This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)