summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21983: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher1-27/+25
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit 5a5579d8429e6f76805a093133ba29c7f8321512)
2007-10-10r21982: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher1-29/+12
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit 9ebaa4c573ea5784a8c9cd9d29561b760d62bb18)
2007-10-10r21981: as we use tdb_trans_store(), we should also use tdb_trans_delete()Stefan Metzmacher1-1/+1
metze (This used to be commit 2d2f8099684c4516ed685e5bb2a21541d53645ac)
2007-10-10r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison1-1/+1
command. Jerry, Simo, please check. Jeremy. (This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
2007-10-10r21881: Make sure we are very specific when testing whether a backand can ↵James Peach1-1/+2
handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review? (This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
2007-10-10r21853: Fix a valgrind errorVolker Lendecke1-0/+5
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-20/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+20
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r21819: Wrap all steps in secrets_store_machine_password into one singleVolker Lendecke1-12/+50
transaction. Succeed all or store nothing. Volker (This used to be commit 4efc7b45985e807532214959c1872cd6e7865ab8)
2007-10-10r21818: Remove some unused codeVolker Lendecke1-23/+0
(This used to be commit f88eab91c43570e4da7a4a6cd117e7b7ebf53331)
2007-10-10r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke2-3/+22
winbind who did not run the idle events to drop ldap connections. Volker (This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
2007-10-10r21782: Fix a memleakVolker Lendecke1-0/+1
(This used to be commit a2dc1f62fdf7683cfb2ca71499dbe7efddc4aa9b)
2007-10-10r21738: Remove unused file.James Peach1-80/+0
(This used to be commit 7246b316960e5307d988ad3296230767e57f455b)
2007-10-10r21609: Fix memory leaks in error code paths (and one in winbindd_group.c).Jeremy Allison1-0/+2
Patch from Zack Kirsch <zack.kirsch@isilon.com>. Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
2007-10-10r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison1-0/+1
Coverity finds them :-) Jeremy. (This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
2007-10-10r21606: Implement escaping function for ldap RDN valuesSimo Sorce1-8/+60
Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo. (This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
2007-10-10r21507: Fix some "cannot access LDAP when no root" bugs.Gerald Carter1-2/+14
The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() (This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
2007-10-10r20998: Fix debug messageVolker Lendecke1-1/+2
(This used to be commit a5a1c8c785939e7cf6108adb573ac277726f584b)
2007-10-10r20985: leave room for terminating NULL when printing password hashes via ↵Gerald Carter1-2/+2
'pdbedit -L -w' (This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
2007-10-10r20851: To read account policies from LDAP we need root.Volker Lendecke1-2/+12
Volker (This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke4-46/+123
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20707: Clean up pdb_interface.c a bit -- patch from Michael Adam <ma@sernet.de>Volker Lendecke1-23/+38
(This used to be commit d78c18a9fa494a2b3ef48db0abd987c740556e50)
2007-10-10r20644: Make some functions static, thanks to Michael Adam <ma@sernet.de> ↵Volker Lendecke1-3/+3
for the hint. (This used to be commit f1f5d035db067b85e55b1c4009407b47dedcf975)
2007-10-10r20614: Dummy-checkin to trigger the buildVolker Lendecke1-4/+5
(This used to be commit 7e444e1612fa49f7db4de3256e6c67025db28806)
2007-10-10r20402: Fix spelling: samba bug #4292 debian #402392Andrew Bartlett1-1/+1
(This used to be commit e43aa4e03d8d2d3ffa3a0383b0b0835dd1a51cda)
2007-10-10r20243: Make lookup_name resolve both the mapped and the real unix group nameSimo Sorce1-7/+23
(This used to be commit 7167e7b26ac6a742cc82f4edacfc8579f80338d9)
2007-10-10r20212: Attempt to fix the Solaris buildVolker Lendecke1-2/+4
(This used to be commit 902d81becbd5eac7251e88457be7efc5e951614f)
2007-10-10r20169: Support for fallback to legacy mapping code was not completely tested.Simo Sorce1-12/+18
Add necessary fixes. (This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce3-98/+202
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison2-25/+56
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r19945: Fix a segfault -- lookup_rids needs to init the names even on failureVolker Lendecke1-0/+2
(This used to be commit eba404e668c270f2d31e3a8ab0721064eda39b40)
2007-10-10r19943: Fix bug 4267 -- Thanks to David!Volker Lendecke1-0/+2
(This used to be commit 714971b34aad01cd855484d550c41bc0265ef051)
2007-10-10r19579: BUG 4075: patch from Dmitry Butskoy <dmitry@butskoy.name>.Gerald Carter1-2/+4
Allow smbd to use winbindd to lookup uids/gids outside the idmap range if 'winbind trusted domains only = yes' (This used to be commit 5b3ac400a7d51dfc818563189bdf6649b2dc3a52)
2007-10-10r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn offGerald Carter1-10/+6
winbindd and fail to disable the _NO_WINBIND environment. (This used to be commit a6366b40b3967853c20ca5399021108f09ffd505)
2007-10-10r19083: Fix objectclassVolker Lendecke1-1/+1
(This used to be commit 6c4d68d84987a88f91bca976a0396dff720043e5)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough4-77/+36
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18722: Fix up password change times. The can change and must change times areJim McDonough1-2/+22
calculated based on the last change time, policies, and acb flags. Next step will be to not bother storing them. Right now I'm just trying to get them reported correctly. (This used to be commit fd5761c9e52cbf8f1f7e45e71693598b27ecbf57)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner4-0/+18
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r18684: pdb_get_group_sid() has to use the Get_Pwnam_alloc() callGerald Carter1-1/+1
to ensure it finds the Unix user. (This used to be commit 4cea9bfca1b84db31fae6f7a05ff3247a23fd409)
2007-10-10r18654: Rename "struct uuid" => "struct GUID" for consistency.Jelmer Vernooij1-8/+8
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
2007-10-10r18527: Janitor for Jeremy ;-)Volker Lendecke1-12/+12
(This used to be commit d72ba9ed1288e7f498a64c96dd6aa04bda59c8b2)
2007-10-10r18483: Ensure all pdb_XXX calls are wrapped in become_root()/unbecome_root()Jeremy Allison1-5/+32
pairs. Should fix bug #4097. Jeremy. (This used to be commit f787b9d156992e0069860cb1ab829970cb69eb81)
2007-10-10r18313: Nobody said "no" (yet.... gd?), so commit it:Volker Lendecke1-10/+0
Remove the account_policy_migrated() thingy, and make cache_account_policy_set use gencache. Account policies are now handled like groups and users are with respect to "passdb backend". Volker (This used to be commit fa8b2e2a585ab0c00a5fbde7aa790043261caf2e)
2007-10-10r18271: Big change:Gerald Carter5-39/+39
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the ↵Gerald Carter1-0/+10
SID<->uid/gid cache. FIxes a bug in token creation (This used to be commit fa05708789654a8a34cb4a4068514a0b3d950653)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-3/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
2007-10-10r17831: Attempt to fix the build farm: 0x7fffffffffffffff needs special ↵Volker Lendecke1-1/+1
casing too I think. This broke 'make test' because the newly created user was set to be kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time 159663333) with the setuserinfo21 call. I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely remember it to mean "don't touch". Does anybody know that for sure? Jeremy, please check this. Thanks, Volker (This used to be commit 872d1299ebffb7b7d696013fc676820f1fa1777c)
2007-10-10r17815: Revert Volker's change in 16014. I really do not believeGerald Carter1-1/+0
the this should be necessary. If there is still a bug, I believe that setting thr group RID from the passdb is masking it. Not fixing it. It is very likely that the change was necessary before but is no longer with the recent changes. But I'm not taking the chance of merging it to 3.0.23c. :-) (This used to be commit 1a5b90f3c1aa5dcaa29a9d62288d9e4dbc596f96)
2007-10-10r17813: Remove another instance of manually setting the group SID.Gerald Carter1-1/+7
The would have been primaryly used when adding a user to an smbpasswd file, but could have been introduce to other backends by using pdbedit -i -e. The symptom was [2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276) init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99, which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280. Failing operation. (This used to be commit 0a3aa8b43ace8c635423c2df10827e81d145b58f)
2007-10-10r17709: Fix cut-n-paste error with the name of gid_to_unix_group_sid().Gerald Carter2-2/+2
(This used to be commit dda0b8bce6b7e0146badd8aeb52b5cce6289de21)