summaryrefslogtreecommitdiff
path: root/source4/ntvfs/common/sidmap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13281: Use TALLOC_CTX * not a void *, and use tmp_ctx as the name for ↵Andrew Bartlett1-58/+59
consistancy. (I was chasing ghosts in this code, and decided to do a cleanup while I was there). Andrew Bartlett (This used to be commit c05f6be09a0cffdd0b87483f5b3751cc3f96e7f5)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+3
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-1/+1
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10148: Use samdb_base_dn() to find the local domain.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 4969f86ac29aa1c4371a5cd01551f45c7fdb4cb2)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-71/+26
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-7/+7
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5309: removed ads.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-1/+1
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-6/+6
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r3992: provide hooks for lsa to lookup sids allocated using the linear ↵Andrew Tridgell1-0/+61
id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2007-10-10r3989: added a linear algorithmic mapping for uid->sid and gid->sid withinAndrew Tridgell1-21/+351
our local domain. Note that this linear mapping does not suffer from the "foreign sid" problems of the linear mappings we have previously rejected for the sid->uid problem. the mapping allows for 1 billion automatically allocated users or groups for the local domain. (This used to be commit 8f573439753e2a425305936107442c85cffb9369)
2007-10-10r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmapAndrew Tridgell1-0/+212
subsystem. This is in preparation for adding better default ACL generation in pvfs, which will require uid/gid -> sid mapping. (This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)