summaryrefslogtreecommitdiffstats
path: root/source3/passdb
Commit message (Collapse)AuthorAgeFilesLines
* s3:passdb: avoid sid_to_gid() if the sid is "domain users"Stefan Metzmacher2010-03-251-3/+7
| | | | | | If the call fails we would use the "domain users" sid anyway. metze
* Fix some nonempty blank linesVolker Lendecke2010-03-251-3/+3
|
* s3-builtin: Add missing builtin groups.Karolin Seeger2010-03-231-0/+8
| | | | Karolin
* s3-builtin: Add some builtin groups.Karolin Seeger2010-03-231-1/+8
| | | | Karolin
* s3: Make login_cache_write take a pointerVolker Lendecke2010-03-162-7/+8
|
* s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke2010-03-162-24/+16
|
* s3: Remove a typedefVolker Lendecke2010-03-162-6/+7
|
* s3: Fix some nonempty blank linesVolker Lendecke2010-03-161-7/+7
|
* s3-passdb: Fix typo in debug message.Karolin Seeger2010-03-101-1/+1
| | | | Karolin
* s3:schannel streamline interfaceSimo Sorce2010-02-231-131/+0
| | | | | Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
* s3-passdb: Remove obsolete signal type cast.Andreas Schneider2010-02-231-3/+3
|
* s3: Fix bug 5198 -- parse chfn(1)-change gecos fieldVolker Lendecke2010-02-131-1/+34
|
* s3: change ldap filter to what really was intendedBjörn Jacke2010-02-101-1/+1
|
* s3:passdb: only use gid_to_sid() result if the result is a group of our ↵Stefan Metzmacher2010-02-091-4/+16
| | | | | | | | local sam Otherwise retry with pdb_gid_to_sid(). metze
* s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher2010-02-081-31/+35
| | | | metze
* s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher2010-02-081-7/+29
| | | | | | | | | ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
* s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher2010-02-081-5/+85
| | | | | | | | support And also store the gid_to_sid mappings in the idmap_cache. metze
* s3:passdb: speed up pdb_get_group_sid()Stefan Metzmacher2010-02-081-5/+28
| | | | | | | | | | Use the cached version gid_to_sid() instead of pdb_gid_to_sid(). And also avoid the expensive lookup_sid() call for wellkown domain groups. metze
* s3: Make pdb_copy_sam_account also copy the group sidVolker Lendecke2010-02-081-0/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher2010-02-081-0/+71
| | | | | | | | | | | | | | The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze
* s3: Make use of ZERO_STRUCTPVolker Lendecke2010-02-051-1/+2
|
* s3: Remove a pointless if-statementVolker Lendecke2010-02-051-1/+1
|
* s3: Make guest_user_info() staticVolker Lendecke2010-02-051-1/+1
|
* s3: Hide some uses of pdb_get_init_flags (which I would love to remove...)Volker Lendecke2010-02-052-2/+2
|
* s3: Fix some nonempty blank linesVolker Lendecke2010-02-052-35/+34
|
* s3:passdb: fix a type Domain Users has RID -513Stefan Metzmacher2010-02-041-1/+1
| | | | metze
* Second part of fix for bug #7072 - Accounts can't be unlocked from ldap.Jeremy Allison2010-01-271-1/+2
| | | | | | Missed read of entry_timestamp (was entry->entry_timestamp). Jeremy.
* Fix bug #7072 - Accounts can't be unlocked from ldap.Jeremy Allison2010-01-271-7/+15
| | | | | | | | | | | | Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE struct contains two time_t entries, but was being written to and read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers. This would break on machines with a 64-bit time_t. Use correct int sizes for tdb_pack/tdb_unpack. We have to fix this properly before 2037 :-). Jeremy.
* s3: Remove some pointless uses of string_sid_tallocVolker Lendecke2010-01-231-8/+6
|
* s3:pdb_ldap: Fix large paged search.Volker Lendecke2010-01-211-0/+1
| | | | | Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359)
* s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher2010-01-141-1/+1
| | | | | | | | | See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1)
* s3: Remove a pointless if-statementVolker Lendecke2010-01-121-3/+2
|
* s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_ridVolker Lendecke2010-01-101-4/+2
|
* s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke2010-01-107-38/+30
|
* s3:passdb: store the plain nt passwords hashes in history, not salted md5Michael Adam2010-01-071-5/+10
| | | | | | | | | | | | | | This is in order to be able to do challenge response with the history, so that this can be checked when an invalid password was entered: If the given password is wrong but in the history, then the bad password count should not be updated... The "lucky" bit here is that the md5 has and the nt hash (md4) both are 16 bytes long. This is part of the fix for bug #4347 . Michael
* s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymoreVolker Lendecke2010-01-071-24/+19
|
* s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked aboveVolker Lendecke2010-01-071-2/+4
|
* s3: Add a paranoia check to pdb_set_plaintext_passwd()Volker Lendecke2010-01-071-0/+5
|
* s3: Simplify pdb_set_plaintext_passwd() by removing a redundant conditionVolker Lendecke2010-01-071-22/+11
| | | | | | | | | if (current_history_len != pwHistLen) { if (current_history_len < pwHistLen) { } } The second "if" is a bit pointless here
* s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytesVolker Lendecke2010-01-071-5/+2
|
* s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_arrayVolker Lendecke2010-01-071-5/+2
|
* s3: Make use of talloc_array in pdb_set_plaintext_passwd()Volker Lendecke2010-01-071-2/+3
|
* s3: Simplify pdb_set_plaintext_passwd() a bitVolker Lendecke2010-01-071-66/+63
| | | | | | | | | | Remove an indentation by the early return in + if (pwHistLen == 0) { + /* Set the history length to zero. */ + pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED); + return true; + }
* s3: Simplify pdb_set_plaintext_passwd() slightlyVolker Lendecke2010-01-071-56/+83
| | | | | | | | | | | | | | No functional change, this just removes an indentation level by the early "return True;" in + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) { + /* + * No password history for non-user accounts + */ + return true; + } Volker
* s3:pdb_set_pw_history: free the old history before setting the new.Michael Adam2010-01-071-0/+1
| | | | | | | | This is not strictly necessary, since this only leaks into the struct samu, and this is not so long-lived in the code path that changes the password, but it definitely correct and does not harm. Michael
* s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the checkMichael Adam2010-01-071-3/+3
| | | | | | to enhance readability and denbuggability. Michael
* s3: "startsmbfilepwent" only looks at the inode -- is that enough?Volker Lendecke2009-11-291-4/+2
|
* s3: Pass the "fake dir create times" parameter to sys_*statVolker Lendecke2009-11-291-2/+4
| | | | Step 0 to restore it as a per-share paramter
* s3:pdb_ldap: fix a comment typoMichael Adam2009-11-191-1/+1
| | | | Michael
* s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam2009-11-191-0/+75
| | | | | | | | | | | | | | The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael
generated by cgit (git 2.34.1) at 2025-09-03 23:06:17 +0000