summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14756: Make smbpasswd -a root work for eDirectory where there is no "account"Günther Deschner1-5/+18
structural objectclass. Guenther (This used to be commit 7eefeaad352597b6f97160b1abc0dc032c0b46b2)
2007-10-10r14696: make pdb_find_backend_entry public (for use by an external "multi" ↵Jelmer Vernooij1-3/+1
pdb backend) (This used to be commit c149421ef7aca8763e21e6c7d467e94944c30e8b)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter2-22/+84
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14577: BUG Fixes:Gerald Carter2-11/+9
* Add back in the import/export support to pdbedit * Fix segv in pam_smbpass * Cleanup some error paths in pdb_tdb and pdb_interface (This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter2-2/+32
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r14452: Sorry. Need more coffee....Gerald Carter1-1/+1
* Fix sprintf() args when createing the group search filter. (This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)
2007-10-10r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter1-42/+16
groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter2-15/+8
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14103: Fix a memleak found by valgrind (!!)Volker Lendecke1-0/+1
(This used to be commit b880602c4c1b13fbb5931b8e00c22209a722e0d5)
2007-10-10r14102: Fix Coverity bug # 70Volker Lendecke1-0/+4
(This used to be commit 56dc19879c6514cbdd0b1fd186c8bdeb61bf151a)
2007-10-10r14088: Fix Coverity bug #20. Don't deref possible null.Jeremy Allison1-6/+9
Jeremy. (This used to be commit 7f3ace5481e55ef845da28b9c0613a2ea0de0de4)
2007-10-10r13979: We've dereferenced my_methods already, so there's no point in ↵Volker Lendecke1-1/+1
checking for != NULL. Coverity #149. Volker (This used to be commit d38e05329a77650d8fbb8611ca148964f62c9ba4)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-7/+3
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13843: Merge in net sam provision and some pdb_ldap fixesSimo Sorce1-82/+130
(This used to be commit 705d8118081784e9907648fd1daaaa5ec0285972)
2007-10-10r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense.Volker Lendecke2-3/+18
Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce2-109/+892
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13765: Fix bug reported by jra. Don't check for a group SID when storingGerald Carter1-0/+2
a user since we no longer pay any attention to the value. (This used to be commit 085c6859ee5b97efe9ec06e95877d500822d3c82)
2007-10-10r13756: use samu_new() rather than calling talloc() directly.Gerald Carter1-1/+1
(This used to be commit c13af58f6322104a45d0e620cc26f522a47af2ab)
2007-10-10r13747: Fix the reference count for tdbsam_open() - on anJeremy Allison1-5/+9
upgrade it calls tdbsam_convert() which calls tdbsam_open() deep inside the init_sam_from_buffer_vX call. If the ref count hasn't been set yet then we will close the tdbsam reference in tdbsam_getsampwsid(). smbpasswd -a was core-dumping again :-). Jeremy (This used to be commit 993069eb87c190ba8ee92224340c8f9ffb3ade74)
2007-10-10r13729: Fix smbpasswd -xVolker Lendecke1-13/+6
(This used to be commit 2afcbbfb6f2efcc2e10106b10a87365556013787)
2007-10-10r13728: No, we have not talked about this on irc less than 24h ago... ;-)Volker Lendecke1-2/+2
(This used to be commit 59f95ea752d932b00d4a4ff37311b830d65c8a03)
2007-10-10r13727: Fix a segfaultVolker Lendecke1-1/+5
(This used to be commit 76c100834d125b889d29d0fc38934bed4cc77e19)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner6-40/+275
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13704: Janitor for tpot.Jeremy Allison1-50/+55
Jeremy ------------- Slightly smaller version of pdb_get_methods() patch. Turns out that callers to initialize_password_db() use the reload parameter so this has turned in to a smaller cleanup than I thought. (This used to be commit 7e243104eb57d656adf7b5a322fc8dde9e3c2868)
2007-10-10r13693: More Solaris/LDAP fixes from Bjoern <bjoern@j3e.de>Volker Lendecke1-1/+1
(This used to be commit 7c098ca0ae4c7e11c7100fb09b42ce716beffb56)
2007-10-10r13683: Fix the 'valid users = +users' problem I introduced.Volker Lendecke1-0/+19
Volker (This used to be commit dbdb8bdb9993b0136322530f0b8462bb9477dbf1)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter7-330/+243
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13678: Remove unneeded bracesVolker Lendecke1-5/+3
(This used to be commit faf1d832a1b4c59e36814d560bdc5e9838309ca2)
2007-10-10r13622: Allow to rename machine accounts in a Samba Domain. This still uses theGünther Deschner3-8/+14
"rename user script" to do the rename of the posix machine account (this might be changed later). Fixes #2331. Guenther (This used to be commit b2eac2e6eb6ddd1bcb4ed5172e7cd64144c18d16)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter3-94/+11
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13600: Move functions local to tdbsam to pdb_tdb.cGerald Carter2-391/+406
(This used to be commit e3489f7eddb21981bb74cd8792aca869ae6790e1)
2007-10-10r13593: consolidate pdb_set_sam_sids() into samu_set_unix() whichGerald Carter1-116/+84
was the only place it was called from. (This used to be commit 6568c9cb03ca378ea7d08190ca3cfcc3e380ee4e)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter4-126/+54
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13589: Make sure we only try to close the tdbsam file in endsampwent() when weGerald Carter1-4/+11
have a valid pwent list from a setsampwent(). Fixes a bug with the reference count on the open tdb. (This used to be commit 77332f0738423d16a2b5e21af6aaf92b029da0ef)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter9-614/+535
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter8-47/+47
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13550: remove pdb_guestGerald Carter1-159/+0
(This used to be commit db575c764127d7bea92fc12e5aa73c96c9ee5e2f)
2007-10-10r13548: Always use the get_remote_macinhe_name() as the keyJeremy Allison1-2/+4
for the creds store. This should fix the problems Jerry reported (but I have still to run tests :-). Jeremy. (This used to be commit 43f095a38d66caa774d80fe32e1b96ec25dd1f07)
2007-10-10r13545: A patch which I think it's time has come. VOlker, we can talk aboutGerald Carter3-30/+64
this more but it gets around the primary group issue. * don't map a SID to a name from the group mapping code if the map doesn't have a valid gid. This is only an issue in a tdb setup * Always allow S-1-$DOMAIN-513 to resolve (just like Windows) * if we cannot resolve a users primary GID to a SID, then set it to S-1-$DOMAIN-513 * Ignore the primary group SID inside pdb_enum_group_memberships(). Only look at the Unix group membersip. Jeremy, this fixes a fresh install startup for smbd as far as my tests are concerned. (This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
2007-10-10r13542: Don't reuse a pointer we just freed (Doh!).Jeremy Allison1-2/+2
Jeremy. (This used to be commit e755155b0e665cb6d10c28fe7fc6c1f6699d18e6)
2007-10-10r13538: Make sure we store all 16 bytes of credentials sessionJeremy Allison1-5/+6
key and delete records that are old. We will need this for the full 16 byte session key support. Jeremy. (This used to be commit cef240d571f9ba1cdf596cd4cab4ec0790f943a0)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-4/+10
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13512: Rewrite tdbsam code to use a reference count based open/closeGerald Carter1-326/+281
on the tdb file. This allow recusive calls to succeed without complaining about failed opens since a tdb can only be opened once per process. We probably still need to backport the transaction support from Samba 4 here though. (This used to be commit 94c37e06522bfc1753cc8f3c6c7bd4329587007e)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke2-102/+536
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13493: module_name and module_location are the same string. Fix a valgrindVolker Lendecke1-1/+3
error. Volker (This used to be commit 5a92df31d69ff7b0f2de6564d644949c2906c8f1)
2007-10-10r13460: by popular demand....Gerald Carter8-1132/+274
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison1-0/+1
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r13389: get_ldap_filter is only used once, make it staticVolker Lendecke1-1/+1
(This used to be commit d3b66fb8712e41a331ccfb0f52f187382769b41e)
2007-10-10r13338: Remove the experimental pdb modulesVolker Lendecke4-2265/+0
(This used to be commit a3bc4f51144bcd711ae1869d60a15d24be6ad992)
2007-10-10r13316: Let the carnage begin....Gerald Carter13-1354/+2489
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)